The UK faced as many as 590 significant cyber-attacks in the last year, 30 of which were Category 2 attacks, the NCSC’s Director of Operations has revealed.
The NCSC’s Director of Operations believes it is only a matter of time before the UK faces a Category 1 cyber-attack.
Speaking to BBC Radio 4’s Today programme this morning, Paul Chichester, the Director of Operations at the National Cyber Security Centre, said the UK suffered as many as 590 significant cyber-attacks in the last year, and that he fears there will be more in the coming days.
Of all cyber-attacks that the country faced in the last year, as many as 30 were Category 2 attacks. These attacks are the ones that create major disruptions and require a cross-departmental response. Major ransomware attacks like WannaCry and NotPetya were listed as Category 2 attacks by the NCSC.
“We saw a small scale event ramp up very quickly into a national event. The threat is increasing; you can see criminals and nation states really starting to see the power and the opportunities that attacks in cyberspace can offer them,” he said during the programme.
Security firm Gemalto’s Breach Level Index for the first half of 2017 has revealed that business organisations, healthcare firms and tech companies lost more than 28 million data records to cyber criminals. Of these, 26 million were lost in a single incident suffered by the NHS.
According to data obtained by security research firm Corero through a Freedom of Information request, as many as 39% of critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers, and transport organisations have not completed the government-mandated ’10 Steps to Cyber Security’ programme.
This is despite the fact that the 10-step cyber security programme was published back in 2012. Corero said that this indicates ‘a lack of cyber resilience within organisations which are critical to the functioning of UK society’.
The lack of preparation on part of critical infrastructure firms, NHS organisations, as well as large and medium businesses to guard against cyber-attacks in the future has increased the possibility of such firms falling victims to future attacks. Use of legacy systems has also endangered the security of other critical assets like the Trident nuclear submarines, aircraft carriers, nuclear power plants and other energy firms.
The threat level is so high that Ciaran Martin, the chief executive of the National Cyber Security Centre, believes that a Category 1 cyber-attack could be around the corner.
“Those are the two areas where we’ve seen the greatest threat, not just what we’ve been worried about as we’ve monitored intrusions against the UK, but also we’ve seen those attacks realised in other countries,” he said.