In the past few days the UK’s National Cyber Security Centre has cautioned that a major cyber attack on the UK is a matter of “when, not if” the consequences of which are potentially catastrophic impacting critical infrastructure, interrupting business and possibly a disruption to British elections.
Ciaran Martin, Head of the UK’s National Cyber Security Centre, described how the UK had been fortunate to avoid a significant category one (C1) attack, broadly defined as an attack that might cripple infrastructure such as energy supplies and the financial services sector.
He corroborated this comments with newly released figures showing the number of cyber attacks on the UK in the last 15 months.
As the ongoing investigation into Russian meddling in the 2016 US election interference continues it is agreed amongst the UK security community that such tactics would also constitute a C1 attack.
Taken from an interview the UK’s Guardian Newspaper Martin said he anticipated such an attack in the next two years. “I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack,” he said.
He, like so many in the security community, admitted total protection was impossible. “Some attacks will get through. What you need to do [at that point] is cauterise the damage,” he said.
Just last week the Chief of the General Staff, Sir Nick Carter, highlighted the growing threat posed from cyber-attacks, in particular from Russia, both on the battlefield and on civilian services.
The most widely reported and substantive cyber attack on the UK has been the WannaCry ransomware attack in May 2017, with the brunt of the disruption impacting hospitals.
The NCSC graded this attack as only C2 rather than C1, partly because there was no risk to life.
The real picture in numbers:
Taken from the Guardian article: “Figures for cyber attacks since the NCSC opened through to December last year underline the pressure building on the UK from hackers.
The NCSC recorded 34 C2 attacks, with WannaCry the most disruptive of these, and 762 slightly less serious C3 ones.”
Martin said one of the biggest lessons from 2017 was to fear reckless as much as controlled attacks. He considered WannaCry, which was blamed on North Korea, as an example of an attack in which the perpetrator loses control.”
If total protection is impossible isn’t it time you considered looking at taking this risk off your balance with cyber insurance.