A major cyber attack is a matter of when, not if

The head of the National Cyber Security Centre has warned that a major cyber attack on the UK is a matter of “when, not if”, raising the prospect of devastating disruption to elections and critical infrastructure.

Ciaran Martin said he anticipates such an attack in the next two years: “I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack.”

He also said that although he had not seen any successful attempts to interfere with the UK’s democratic process, intelligence-gathering may have taken place for potential future attacks.

One of the most serious cyber attacks to hit the UK was WannaCry in May 2017, which infected machines at 81 health trusts. The US authorities have accused North Korea of being responsible.

Although WannaCry caused a lot of disruption, the attack was classed as C2 rather than C1 because there was no risk to life.

A C1 attack is one that might cripple infrastructure such as energy supplies and the financial services sector.

Steve Malone, director of security product management at Mimecast, said: “Despite the educational efforts of security companies and government so far, it’s clear that organisations need more support and training fast.”

With such high threat levels in the cyber security sector, it’s important to be aware of the risks your organisation could face and how to reduce them.

A cyber risk assessment provides business-driven advice and guidance on assessing information risk.

With our cyber risk assessment service you’ll receive support, guidance and advice on:

  • Identifying the assets that require protection;
  • Identifying relevant threats and weaknesses;
  • Identifying exploitable vulnerabilities;
  • Assessing the level of threat posed by threat agents;
  • Determining the business impacts of risks being realised;
  • Producing a security risk assessment;
  • Advising on a risk acceptance threshold or level of acceptance; and
  • Advising on suitable control implementation.

Make sure your organisation is prepared for a cyber attack with a cyber risk assessment >>