News
Major cyber-attack on UK a matter of "when, not if" - Fujitsu comment
January 2018 by Rob Norris, VP Head of Enterprise & Cyber Security EMEIA at Fujitsu
The head of the UK’s National Cyber Security Centre, Ciaran Martin, has just warned that a major cyber-attack on the UK is now a matter of “when, not if”.
Rob Norris, VP Head of Enterprise & Cyber Security EMEIA at Fujitsu, believes that this has implications that go beyond Government:
"Cyber-security is the soft underbelly of our societies - our rapid embrace of the digital revolution has not always been anchored by the equivalent security measures thus far. Considering our reliance on digital technology for every facet of modern life, from GPS to email, it is no wonder that hostile state and non-state actors see this as an attractive angle of attack.
"The imminent threat of a C1 attack on our infrastructure or electoral system should not only focus Government energies, it should also be top of mind for every C-Suite officer in every business. Cyber attackers are becoming increasingly inventive in their approach and, as demonstrated by the WannaCry attack, often see businesses as a soft target and a relatively easy ’way in’ to cause wider disruption. WannaCry also indicated how cyber-attacks aren’t necessarily planned out or premeditated, but can have an unpredictable ’chaos factor’ that exposes a wider range of organisations to infiltration and/or damage. In this context, any organisation can become a target or indeed simply collateral damage.
"These kind of attacks are at least partially aimed at undermining people’s faith in the organisations and institutions that underpin our society. It is therefore alarming to note that research by Fujitsu revealed that less than 10% of consumers believe that businesses are doing enough to ensure that their data is protected. The constant drumbeat of successful attacks, from Petya to the Macron campaign hack, has hammered home the notion that organisations simply can’t keep up in the cyber security arms race. It’s vital that organisations examine their entire cyber-security approach, and that goes beyond simply looking at their technological solutions.
"Deploying the right technology is not enough by itself to guarantee security - it is ultimately a people issue, with many attacks succeeding by exploiting bad practise or individual ignorance. With this in mind, it was worrying to see our recent digital PACT survey find eight-in-10 businesses point to digital skills as the biggest hindrance to their cyber security function. Companies still need to invest in appropriate technical and security controls or work with cyber partners to secure themselves against this imminent threat. However, without up-skilling users and making them more cyber aware, they will still be leaving themselves exposed."
