“George Osborne recently announced that he plans to invest £1.9 billion in Cyber Security (which will increase the government's spending to a total of 3.2 billion), on a backdrop of ISIS threatening to attack Critical National Infrastructure (CNI), of European countries including Britain.
ISIS are building not only their Caliphate in Syria and surrounding territories but are also building a Cyber Caliphate, calling Hackers, Cyber Criminals sympathetic to their cause from all over the world, essentially creating an electronic army. This is not a Cyber Campaign driven by money, such as Cyber Crime, but ideological objectives to attack anyone who does not conform to "al-wala wal-bara," loyalty to everything considered Islamic.
George Osborne today outlined a set of key objectives to protect our country from Cyber Crime, Cyber Terrorism and State Sponsored Espionage, including:
- National Cyber Centre- a single point of contact for intelligence and advice
- Boosting investment in National Cyber Crime Unit
- Stronger Defences in Government Security
- Working closer with ISP's to further protect customers from Drive-By sites and scamming websites.
This investment in Cyber Security announced by George Osborne is a step in the right direction, throwing down the gauntlet to ISIS and Cyber Criminals alike, but what does it mean for organisations not considered Critical National Infrastructure?
Well firstly, I like to think that the recent events over the last few months have jolted companies and individuals alike in to action- to the reality that we are now entering a world where Cyber Attacks are a daily occurrence and re-active security is no longer fit for purpose.
Secondly for companies not considered CNI (and those that are), there won't be any immediate fringe benefits to the work packages proposed by George Osborne today. So on one hand it's good news and great PR for the Government, on the other hand we have just painted a huge target for everyone to have a go at before these plans have actually been implemented!
So parting words on what we all should be doing collectively to make Cyber Crime and Cyber Terrorism difficult for the Threat Actors out there:
- Review detection and prevention strategies- especially around email based threats such as Spear Phishing with weaponised attachments or links
- Review public facing websites for weaknesses, through either code review or by employing the services of Penetration Testers (Ethical Hackers) to prevent easy to exploit attacks used to great effect on organisations like TalkTalk.
- Test and review attack scenarios, and develop runbooks for each one, to ensure your organisation can respond and deal with sophisticated attacks.
Finally what we all should be doing, is sharing intelligence, whether this is within industry, from Government, or industry leaders. To coin a phrase regularly used by the incumbent Government "We're all in this together" and when it comes to Cyber Security we actually are!”
About the Author:
Stuart Peck has over 10 years in Information Security, and is currently the Cyber Security Strategist for ZeroDayLab ltd, and responsible for Threat Intelligence, Advanced Malware research, Security Awareness Training, and Pre-Sales of services and solutions. Stuart assists Executive IT leadership and Information Security Management in creating and developing a holistic Cyber Security Strategy underpinned by Governance and Proactive Threat Intelligence. Stuart is also an Advanced Malware enthusiast.