Corero Network Security, a company that provides DDoS & Network Security Solutions, recently sent Freedom of Information requests to a number of United Kingdom infrastructure organizations to know whether they meet the basic cybersecurity standards issued by the UK government. The responses to the requests were not very encouraging. Corero revealed that more than one-third of the national critical infrastructure organizations failed to meet the basic standards.
The requests were sent in March 2017 to 338 organizations that included fire and rescue services, police forces, ambulance trusts, NHS Trusts, energy suppliers and transport organizations, out of which only 163 organizations responded. Among those who responded, as many as 63 organizations (39 percent) admitted of not completing the “10 Steps” program published by the National Cyber Security Center of UK. Only 58 percent of NHS Trusts completed the scheme. Many organizations that did not respond cited national security as the reason for withholding information.
The findings suggest the lack of resilience among many of the key organizations against the growing and advanced cyber threats. According to Corero, the organizations are “leaving their doors wide-open for malware or ransomware attacks, data theft or more serious cyber attacks” by avoiding the detection and investigation of brief denial-of-service (DDoS) attacks against them. Moreover, only eight organizations (five percent) responded in affirmation when asked, “Have you suffered Distributed Denial of Service (DDoS) cyber attacks on your network in the last year?”
Earlier the government had proposed the implementation of the EU’s Network and Information Systems (NIS) directive and released a guideline to protect organizations from any possible cyber attack. It also proposed imposing fines of up to £17m, or four percent of global turnover to be imposed on the liable critical infrastructure organizations in case of any breach.