UK critical infrastructure ‘skipping basic cyber security checks’
Over a third of national critical infrastructure organisations in the UK (39 per cent) have not completed basic cyber security standards issued by the UK government. That is according to data compiled by a Freedom of Information (FoI) request by security firm Corero Network Security.
Corero said there is a lack of “cyber resilience” in infrastructure organisations that have not completed the ’10 Steps to Cyber Security’ programme, despite them being critical to the functioning of UK society.
Corero added that it suggests that some of these organisations could be liable for fines of up to £17 million, or four per cent of global turnover. This is under the government’s proposals to implement the EU’s Network and Information Systems (NIS) directive, from May 2018.
The FoI requests were sent to 338 critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, and energy suppliers, among others.
A total of 163 responses were received, with 63 organisations (39 per cent) admitting to not having completed the ’10 Steps’ programme. Among responses from NHS Trusts, 42 per cent admitted not having completed the programme.
Sean Newman, director of product management at Corero, said: “Cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society.
“These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.”
The Corero findings also revealed that 51 per cent of critical infrastructure organisations are potentially vulnerable to Distributed Denial of Service (DDoS) attacks. This is because most attacks are less than 30 minutes in duration, and less than 10Gbps in volume, meaning that they often go unnoticed.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.