This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/technology/2017/sep/22/major-cyber-attack-happen-soon-warns-uks-online-security-boss

The article has changed 5 times. There is an RSS feed of changes available.

Version 0 Version 1
Major cyber-attack will happen soon, warns UK's security boss Major cyber-attack will happen soon, warns UK's security boss
(4 months later)
A head of the National Cybersecurity Centre predicts the most serious level of hacking will happen within years
Alex Hern
Fri 22 Sep 2017 18.49 BST
Last modified on Mon 25 Sep 2017 08.20 BST
Share on Facebook
Share on Twitter
Share via Email
View more sharing options
Share on LinkedIn
Share on Pinterest
Share on Google+
Share on WhatsApp
Share on Messenger
Close
A “category one” cyber-attack, the most serious tier possible, will happen “sometime in the next few years”, a director of the National Cybersecurity Centre has warned.A “category one” cyber-attack, the most serious tier possible, will happen “sometime in the next few years”, a director of the National Cybersecurity Centre has warned.
According to the agency, which reports to GCHQ and has responsibly for ensuring the UK’s information security, a category one cybersecurity incident requires a national government response.According to the agency, which reports to GCHQ and has responsibly for ensuring the UK’s information security, a category one cybersecurity incident requires a national government response.
In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.In the year since the agency was founded, it has covered 500 incidents, according to Ian Levy, the technical director, as well as 470 category three incidents and 30 category two, including the WannaCry ransomworm that took down IT in multiple NHS trusts and bodies.
But speaking at an event about the next decade of information security, Levy warned that “sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity.But speaking at an event about the next decade of information security, Levy warned that “sometime in the next few years we’re going to have our first category one cyber-incident”. The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity.
Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.
His words at the Symantec event come against the background of a major breach at the US data broker Equifax, which lost more than 130 million Americans’ personal information in a hacking attack in May. The data stolen is extremely sensitive, including names, addresses, social security numbers and dates of birth – all the information needed to steal someone’s identity online.His words at the Symantec event come against the background of a major breach at the US data broker Equifax, which lost more than 130 million Americans’ personal information in a hacking attack in May. The data stolen is extremely sensitive, including names, addresses, social security numbers and dates of birth – all the information needed to steal someone’s identity online.
A further 400,000 British residents were affected by the hack, as well as a number of Canadian residents. The information stolen about them was much less personal in nature, however, consisting only of names, dates of birth, email addresses and telephone numbers.A further 400,000 British residents were affected by the hack, as well as a number of Canadian residents. The information stolen about them was much less personal in nature, however, consisting only of names, dates of birth, email addresses and telephone numbers.
Striking a dour note, Levy warned that it may take the inevitable category one attack to prompt such changes, since only an attack of that scale would result in an independent investigation or government inquiry.Striking a dour note, Levy warned that it may take the inevitable category one attack to prompt such changes, since only an attack of that scale would result in an independent investigation or government inquiry.
“Then what will really come out is that it was entirely preventable… It will turn out that the organisation that has been breached didn’t really understand what data they had, what value it had or the impact it could have outside that organisation.”“Then what will really come out is that it was entirely preventable… It will turn out that the organisation that has been breached didn’t really understand what data they had, what value it had or the impact it could have outside that organisation.”
Levy’s advice to organisations who want to prevent such a catastrophic breach from affecting them is to stop putting their faith in off-the-shelf security solutions, and instead work with employees to uncover what is actually possible.Levy’s advice to organisations who want to prevent such a catastrophic breach from affecting them is to stop putting their faith in off-the-shelf security solutions, and instead work with employees to uncover what is actually possible.
“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations.“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations.
“What that tells me is that the systems we’ve built, as technical systems, are not built for people. Techies build systems for techies, they don’t build technical systems for normal people.”“What that tells me is that the systems we’ve built, as technical systems, are not built for people. Techies build systems for techies, they don’t build technical systems for normal people.”
Hacking
Cybercrime
Internet
news
Share on Facebook
Share on Twitter
Share via Email
Share on LinkedIn
Share on Pinterest
Share on Google+
Share on WhatsApp
Share on Messenger
Reuse this content