Britain is being hit by dozens of high-level cyber attacks a month, according to Ciaran Martin, the head of GCHQ’s new National Cyber Security Centre (NCSC). Many of these attacks, which include attempts by Russian and Chinese state-sponsored hackers to steal defence and foreign policy secrets, are said to have threatened national security.
Martin was speaking ahead of the official opening of the NCSC in London earlier this month.
He told the Sunday Times that there had been a “step change in Russia’s aggression in cyber space” over the past two years. He also warned that there have been more attacks on “soft targets” such as local councils and charities to steal personal data, as well as attacks on universities to steal research secrets.
“Part of that step change,” he added, “has been a series of attacks on political institutions, political parties, [and] parliamentary organisations,” which has been “very well evidenced by our international partners and widely accepted”.
There have been 188 category 2 or 3 attacks made against the UK Government over the past three months. These are considered ‘high-level’ but have generally involved “hundreds of thousands” of smaller attacks, such as phishing emails to government departments and businesses.
“In the case of government departments,” Martin said, the attacks are aimed at “getting into the system to extract information on UK Government policy on anything from energy to diplomacy to information on a public sector.
“With companies, it could be to steal intellectual property,” he added, before alluding to Russian- and Chinese-state sponsored attackers: “sometimes you would get states in that business”.
To help protect against cyber attacks, businesses in any sector should have an effective information security management system (ISMS) in place. ISO 27001 is the international standard that describes best practice for an ISMS. It covers people, processes and technology, recognising that information security is not about technology alone.
To help your business implement an ISO 27001-compliant ISMS, IT Governance has a range of fixed-price packaged solutions. Each provides a combination of products and services that can be accessed online and deployed anywhere in the world.