Story image

Attacks on UK's critical infrastructure to skyrocket 100% over next 2 years

08 Dec 17

Thought 2017 was bad? Well according to cybersecurity expert Huntsman Security, it’s going to get a whole worse.

The UK’s critical infrastructure faces an increase in cyberattacks of up to 100 percent over the next two years – at the same time as it faces a critical shortage of security analysts.

“With the ISACA predicting a global shortage of two million cybersecurity jobs by 2019, there simply aren’t enough security analysts in the UK, or even the world, to cope with the growing threat that critical infrastructure faces,” says Peter Woollacott, CEO of Huntsman Security.

“National agencies are already reporting a significant increase in reported attacks, let alone those that pass undetected.”

Critical infrastructure systems are increasingly being connected to the Internet and customers’ homes to gain efficiencies, which consequently has multiplied the opportunities to compromise them.

Woollacott asserts the consequences range from critical services being held for ransom, to service outages, economic chaos and even disruption, injury or death to citizens.

“As more elements of services move online, so there are many more opportunities for attackers of any size or capability to try their luck. As a result, our critical infrastructure faces a blizzard of attacks of varying sophistication – any one of which could be as damaging as WanaCry or Stuxnet,” says Woollacott.

“Even a simple DDoS attack has brought services such as Sweden’s trains to their knees recently. There’s no way to block all of these potential attacks at the walls of an organisation, and security analysts will soon be overwhelmed by the sheer volume they face. If organisations can’t address these challenges, the danger to the public, and the harm to the organisation itself, will be unacceptable.” 

2017 saw a number of high profile attacks on power plants in the Ukraine and USA, and significant threats to UK and European transport infrastructure.

Woollacott says attacks on national infrastructure have been increasing steadily. In the US for example, reported cyber incidents against critical infrastructure increased by 49 percent between 2012 and 2015 – with a potentially larger number of unreported or unnoticed incidents yet to be discovered.

In the UK, the introduction of the NIS Directive in May 2018 will place additional pressure on critical infrastructure organisations. Under NIS, companies could face fines of up to 4% of turnover or £17m, whichever is greater, if they can’t prove they have taken sufficient steps to “prevent and minimise” the impact of security incidents.

According to Woollacott, the greatest challenges for all businesses regardless of industry will be the sheer volume of potential and actual attacks they face.

“The fact that NIS is making organisations think about these dangers is important, but these thoughts have to be matched with the right action. When connections were entirely physical, it was relatively simple to prevent and stop attacks – in the online world, this is nowhere near enough,” says Woollacott.

“Without the ability to automatically triage potential threats and take the appropriate action – whether that’s simply logging the incident, alerting security teams, or quarantining the danger – organisations will find themselves overwhelmed and the odds of being victim to a major attack with serious consequences will increase accordingly. The internet as a means of communication is here to stay, meaning organisations will ultimately be judged by how they react to it. By accepting that they can’t stop every attack at the walls, critical infrastructure organisations are safeguarding not only themselves, but the UK as a whole.”

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.