The Network and Information Systems (NIS) Rules updated third-party firms providing IT services to businesses will be compelled to effective cybersecurity measures in place to protect themselves and their client’s data, with fines for non-compliance.
Those laws already use by UK companies providing critical services in a range of sectors including energy, water, and transportation, but will now bring outsourced firms into scope as well.
The finding comes after a talk and in the wake of rising levels of cyber attacks targeting vital infrastructure in nations around the world inflicting substantial damage on entire nations.
Before this month, the National Cyber Security Centre (NCSC), part of GCHQ, published its annual review, which said the cyber security danger to the UK has grown immensely over the past year – with 18 cybersecurity incidents requiring a nationally coordinated response.
These include attacks on an NHS supplier and a water utility company, said.
The benefits depend on healthcare, water, energy, and computing must not be brought to a standstill by criminals and hostile states, cyber minister Julia Lopez said.
We are supporting the UK’s cyber laws against digital dangers.
HACKERS wanting to harm the UK thwart thanks to a step-change in how intelligence experts align with law enforcement, it announced today
The new, world-leading approach will see the National Cyber Security Centre (NCSC), a part of GCHQ, working hand-in-hand with law enforcement agencies to defend against the growing threat.
The NCSC has reacted to better than 800 significant happenings since October 2016, and their happening responders will now classify episodes into six specific categories rather than the previous three.
The changes, which are effective immediately, will improve consistency around the incident response and better use of resources – ultimately leading to more victims receiving support.
The framework contains cyber happenings in all sectors of the economy, including central and local government, industry, charities, universities, schools, small businesses, and individuals.
Any cyber episode which may have a nationwide impact should be reported to the NCSC immediately. This includes cyber attacks likely to harm UK national security, the economy, public confidence, or public health and safety.
Depending on the incident, the NCSC may be able to provide direct technical support. The NCSC also provides comprehensive guidance and advice on its website for companies or individuals in need.
People or businesses suffering from a cyber attack below the national impact threshold should contact Action Fraud, UK’s national fraud, and cybercrime reporting center, which will respond with the new incident categorization.
The announcement was made on the final day of CYBERUK18, the NCSC’s flagship conference that has brought more than 1,800 people from the cybersecurity industry, law enforcement, government, and academia.
CYBERUK18 saw Manchester Central Convention Complex changed by state-of-the-art industry and state shows presenting cutting-edge technology to help the UK thrive in the digital age.
Simultaneously, a series of studies keynotes, panel debates, and workshops were delivered around the NCSC’s four goals – promote cyber skills and understand, reduce and respond to attacks.
We have seen significant growth in cyber criminality in the form of high-profile ransomware campaigns over the last year. Breaches leaked personal data on a massive scale leaving victims vulnerable to fraud, while lives were put at risk and services damaged by the WannaCry ransomware campaign that affected the NHS and many other organizations worldwide. Tactics are currently shifting as businesses targeted individuals and although phishing attacks on individuals are increasing, fewer are falling victim as people have become more alert.
Because the distinction between nation-states and criminal groups is increasingly blurred, cybercrime attribution is sometimes difficult. Many Russian-speaking cyber groups are threatening UK interests, but home-grown cybercriminals are becoming more sophisticated and therefore a rising threat. Although young criminals are often driven by peer kudos rather than financial rewards, organized UK cybercrime groups are motivated by profit.
