Let’s Not Leave the New UK NCA and NCSC Cyberthreat Report on the Shelf

Greg Day


Category: CSO Perspective
 Tags: , ,

Today, two of the most important agencies working on cybersecurity in the UK issued their latest assessment of the cyberthreat to business. The report by the National Crime Agency (NCA) and the newly formed National Cyber Security Centre (NCSC) judges the threat to business as serious and growing, with particular concern about the prevalence of ransomware.

Don’t Just Listen – Act

A joint report from these two bodies is extremely influential in educating organisations and changing the debate around threats to one that encourages organisations to embrace cybersecurity and adopt a preventative posture. If embraced properly, it can contribute to how businesses, governmental bodies and everyday users keep closer pace with the threats they face today.

But for the NCA and NCSC report to have impact, people and organisations must take this broad insight and personalise it, not just file it for future reference. This entails looking at which elements are relevant to them and what personal or business impact it would have, so organisations and individuals can take appropriate steps to manage the risks.

There is context for this to happen, of course. While the EU General Data Protection Regulation comes into force in 2018 and codifies the need for ongoing assessment of the risks and application of relevant state-of-the-art cybersecurity controls, businesses and users should be applying these principles today.

Ransomware Is Growing and Evolving – Businesses Must Keep Pace

Notwithstanding the report’s warnings, ransomware is still in its relative infancy, yet its evident scope to impact all organisations, rather than just such traditional targets of cybercrime as financial services, means we should expect it to grow. In the last year, we have seen ransomware start to leverage targeted techniques with SamSa, which has been developed in previous years by nation-state attacks. Most recently new variants, like RanRan, have broadened beyond just financial motives to include political motives that blackmail victims into completing the requests to drive propaganda. In today’s increasingly digitally dependent world, businesses should be cognizant of these trends. Strategies built on preventing attacks, rather than just cleaning up afterwards, are essential to significantly reduce these threats.

No report’s findings in the field of assessing cybercrime is ever going to be fixed. Quite simply, we need to operate on the principle that threats keep on evolving. It’s important to apply this maxim, not just to how cyberattackers are changing approaches, but also to how our own use of technology to make our organisations function and flourish is evolving too. As such we must regularly review where and how cyberthreat information is shared.

According to the report, the rapid adoption of business and consumer cloud services and devices, such as wearables that share information, can provide attackers with insight into our lifestyles that could be used against us. But it is equally important to focus on how these could be sources to tap into business data that may not be recognized as a threat. For example, while many businesses have significant controls around their core data centers, cloud storage can be a weak point, with businesses often not clear on where and why they are being used.

Stealing genuine credentials is still one of the most common motives for attackers, as with these, an adversary can bypass the entire attack lifecycle by impersonating a valid user, move uninterrupted throughout the organization’s network, and shift to the abuse of credentials from within. Where data is stored outside the business, awareness of credential misuse can often go undetected. Cyber risk prevention must start with visibility of your continually evolving IT space and examining where you can reduce your risks by reducing the potential attack surface you expose.

Industry Collaboration Is Key

As government bodies collaborate more closely, so should our industry. In recent years, CISP has been a great initiative for cyberthreat intelligence sharing between UK organizations. It is also great to see how the Cyber Threat Alliance is driving collaboration between security vendors to better work together and automate sharing. Importantly this is not just the sharing of threats that are seen, but also the blocking of controls and context about the attackers.

Returning to the goals of the NCSC, the forces of collaboration, crowdsourcing intelligence and cybersecurity computer power are going to be critical to success in fighting the threats we face. Like any movement for change, it’s essential to begin at the grass roots, getting every business and indeed individual to recognize their role and responsibility, and what value they add into the process of prevention. The more we can work together, the more we can move unknown high-risk attacks into known attacks that are prevented or contained effectively. The role of vendors like Palo Alto Networks is to simplify this process, so cybersecurity and prevention are instinctive, even automatic, behaviours to how we run our economy and live our lives digitally.

ignite17-social-cover-img-facebook-820x340

Ignite ’17 Security Conference: Vancouver, BC June 12–15, 2017

Ignite ’17 Security Conference is a live, four-day conference designed for today’s security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the Ignite website for more information on tracks, workshops and marquee sessions.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS