UK Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

UK

Ireland and UK tout ‘key’ partnership for countering cyber threats

 150 150 Stuart O'Brien
By:
0
2

The head of the UK’s National Cyber Security Centre has highlighted the importance of continued collaboration between Ireland and the UK to protect shared interests and counter threats in cyberspace.

Speaking virtually to an audience at the influential Institute of International & European Affairs (IIEA) in Dublin, Lindy Cameron (pictured) described the Ireland-UK relationship as a “source of great strength.”

The CEO of the NCSC – which is a part of GCHQ – depicted the partnership as crucial in “combatting our shared threats”, and highlighted the risks posed by established states that seek to do both nations harm through cyber attacks.

She discussed how critical national infrastructure that is shared between Ireland and Northern Ireland, such as the rail link between Belfast and Dublin, present attractive targets for cyber criminals and hostile states.

Cameron said: “The governments of both UK and Ireland have been clear that they will not tolerate malicious cyber activity, and we have and will publicly call out state-level attacks.

“State sponsored cyber activity represents one of the most malicious strategic threats to the national interests of both the UK and Ireland. It is hugely important.

“Tracking and defending the UK from our most sophisticated adversaries represents much of our core business, usually working to support victims behind the scenes. 

“State threats are a reality in cyberspace. Four nation states – China, Russia, North Korea and Iran, have been a constant presence in recent years. As I’ve said before, we face a determined, aggressive Russia, seeking traditional political advantage by new, high-tech means.”

On the recent ransomware attack impacting Ireland’s Health Executive (HSE), Cameron praised the Irish government’s response and its refusal to pay the ransom. She noted that cyber criminals are out to make money – and the more times a method is successful, the more times it will be used.

Elsewhere, Cameron also emphasised the importance of relationships across the global cyber community, which includes collaboration between all four nations of the UK sharing information and threat assessments with international partners.

She outlined the strength of the UK’s relationship with its allies and close partners across the world, and reaffirmed the commitment to take collective action against the threat.

Brits ‘more likely’ to change spending habits after a data breach

 960 640 Stuart O'Brien
By:
0
0

The consequences of a data breach have a greater impact in the UK versus the United States, according to new data.

41% of British consumers said they will stop spending with a business or brand forever following a data breach, compared to just 21% of US consumers.  

The research into consumer trust and spending habits was conducted by payment security specialists PCI Pal, and pointed to some clear cultural differences between the two countries.

The survey found that 62% of American consumers would instead stop spending for several months following a security breach or hack, with 44% of British consumers agreeing the same. 

Over half (56%) of all UK respondents were more reticent to give credit card details verbally over the phone than their American counterparts where it was found that four out of every ten (42%) of US respondents were uncomfortable reading out their details.

US consumers were generally less accepting to provide payment details over the phone with only 15% saying they would “hand over their information, no questions asked”, compared to a quarter of UK consumers. Instead 38% of American’s would ask for an online alternative to complete a transaction, while 32% of Brits said they would “hang up and find an alternative supplier.”

“Awareness of data security is something that is on everyone’s radar, yet our UK and US surveys have highlighted some real differences of opinions and traits, when comparing attitudes to data and payment security between the two countries,” said James Barham, CEO at PCI Pal.

“UK consumers certainly seem more guarded with providing personal information, such as payment card details, over the phone, yet the US is catching up fast. Similarly, if a security breach has occurred at an organisation, Brits appear more likely to avoid that organisation in future, and instead go elsewhere. In my opinion, 2019 is the year that organisations need to take steps to provide far clearer assurances to consumers as to how their data is being captured, processed and stored otherwise customers are not going to wait, and they may find them going elsewhere for their purchase.”

Looking at trust in businesses and brands, 55% of UK respondents felt they could trust a local store with their data more than a national company. They felt a local store was more likely to care about their reputation (30%) and hackers were less likely to target a local store as it is smaller (25%) while only 22% felt a national company would be more secure as they follow more security protocols.

In stark contrast, the reverse was true in the US with only 47% of respondents feeling they could trust a local company more than a national chain. In fact, 28% felt a national company would be more secure as they follow more security protocols, while 25% felt they have more money to invest in security protocols. 

Almost a third (31%) of UK consumers stated that they would spend less with brands they perceive to have insecure data practices, compared to just 18% of US survey respondents.

UK Government cyber security efforts ‘lack clear political leadership’

 960 640 Stuart O'Brien
By:
0
0

The cyber threat to the UK’s critical national infrastructure (CNI) is as credible, potentially devastating and immediate as any other threat faced by the UK, according to the Joint Committee on the National Security Strategy.

The Committee’s latest report says the Government is not acting with the urgency and forcefulness that the situation demands, with the UK’s CNI a natural target for a major cyber attack because of its importance to daily life and the economy.

The Report on Cyber Security of the UK’s Critical National Infrastructure says that as some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing.

In fact, the head of the National Cyber Security Centre has said that a major cyber attack on the United Kingdom is a matter of ‘when, not if’.

The state-sponsored 2017 WannaCry attack greatly affected the NHS even though it was not itself a target and demonstrated the potential significant consequences of attacks on UK infrastructure.

Ministers have acknowledged that more must be done to improve the cyber resilience of CNI and the Government has taken some important steps in the two years since the National Cyber Security Strategy was published.

It set up the National Cyber Security Centre as a national technical authority, but the Joint Committee says its current capacity is being outstripped by demand for its services.

The Joint Committee added that while a tightened regulatory regime, required by an EU Directive that applies to all member states, has been brought into force for some, but not all, CNI sectors, it will not be enough to achieve the required leap forward across the thirteen CNI sectors (including energy, health services, transport and water).

Chair of the Committee, Margaret Beckett MP, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat.

“It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.

“There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.

“My Committee recently reported on the importance of also building the cyber security skills base.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

UK Hacking Fines

UK firms to face fines of up to £17m if they fail to protect against hackers

 960 640 Stuart O'Brien
By:
0
0

The UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill.

The aim is to give consumers the confidence that their data will be managed securely and safely. Research shows that more than 80 per cent of people feel that they do not have complete control over their data online.

Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood. The reliance on default opt-out or pre-selected ‘tick boxes’, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.

Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or four per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will:

  • Make it simpler to withdraw consent for the use of personal data
  • Allow people to ask for their personal data held by companies to be erased
  • Enable parents and guardians to give consent for their child’s data to be used
  • Require ‘explicit’ consent to be necessary for processing sensitive personal data
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
  • Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
  • Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
  • Make it easier for customers to move data between service providers

New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.

Elizabeth Denham, Information Commissioner, said: “We are pleased the Government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.

The Bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit.

Julian David, CEO of techUK, offered: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.

“This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”