The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

National Warning as Major Cyber Attack Detected

05 April 2017 | Updated 01 January 1970
 

Third parties who manage large organisations’ IT services have been attacked by suspected cyber terrorists the government's  National Cyber Security Centre has said as it issues a severe warning and advice on managing enterprise security.

The organisation is leading an investigation in partnership with its Cyber Incident Response partners but it was feared at one time that the terrorists could affect the stability of major organisations in a variety of ways. One feared target, was the UK's network of nuclear power stations.

The attacks were (and still are as they commenced in 2016) against global Managed Service Providers (MSPs), which are third parties who help to manage large organisations’ IT infrastructure and services. MSPs are particularly attractive to attackers because they have privileged access to other organisations’ systems and data.

Ciaran Martin, CEO of the National Cyber Security Centre (NCSC) aid: “This scale of hostile activity is significant and our intervention is aimed at giving the UK the ability to tackle this threat head-on by giving organisations the tools and information they need.

“We always encourage enterprises to discuss this threat with their MSP, even if they have no reason to believe they have been affected. This incident should remind organisations that entire supply chains need to be managed and they cannot outsource their risk.

“The response to this attack is an example of the new NCSC at work with our partners. It would not have been possible to uncover the scale and significance of this incident as quickly without our close partners in Cyber Incident Response (CIR) initiative, including PWC and BAE Systems.”

 

Advice

'Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.

The NCSC recommends that MSPs who are unwilling to work closely with customers or are unwilling to share information should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk'.

The NCSC, which is part of GCHQ, is the UK’s technical authority on cyber security and provides a single, central body for cyber security at a national level.

Picture: Major users of MSPs such as nuclear power stations and airports may be at risk from terrorists and hacktivists

 

 

Article written by Brian Shillibeer | Published 05 April 2017

Share



Related Articles

123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Attack On Critical National Infrastructure Imminent

Over half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...

 Read Full Article
£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
Spotlight Interview – Francis West | Security Everywhere

Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...

 Read Full Article
Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article
How to Identify and Address IoT Security Weaknesses

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
SecuriGroup Supports Knight Frank in Preparing for the Protect Duty

SecuriGroup is working with Knight Frank to ensure security teams are fully aware of the challenges in preparing for the Protect Duty law. Led by SecuriGroup’s...

 Read Full Article