Have you ever noticed how lots of these surveys / research things are carried out by companies interested in selling 'solutions' to the problems identified?
World's cyber attacks hit us much harder in past year – major infosec chief survey
Cybersecurity breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe. Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, …
COMMENTS
-
-
Wednesday 21st February 2018 17:38 GMT amanfromMars 1
Seconded
Quite so, AC. Although providing problematic solutions is much more rewarding and engaging than just selling them. That's a whole other ball game there .... although also in dire straits need of problematic solutions provision.
the UK government warned that critical infrastructure firms could face fines of up to £17m if they do not have adequate cybersecurity measures in place.
What specific measures would the UK government advise critical infrastructure firms to make/take?
Perhaps they might like to provide them from/with UK Stocks well versed in the Generation and Protection of Crown Jewels. Do they have a list of Immaculate Providers?
Who they gonna call ..... if Sterling Stirling Services are Absent In House/AWOL.?
-
Wednesday 21st February 2018 17:44 GMT GnuTzu
Naturally...
Isn't NIST taking a budget cut, just as their preparing standards? How many other unbiased non-profits are going to take these things on. There will always be more research by those seeking a profit. And, could we expect to see a standards board from the private sector--one that lacks the conflict-of-interest problem that the PCI Security Standards Council created?
-
Thursday 22nd February 2018 09:41 GMT Sir Runcible Spoon
Re: Naturally...
It might be interesting to note that whilst the US power generation overseer, NERC, has many standards (and the teeth to enforce them) in the UK we have OFGEM, which does diddly squat in terms of enforcing standards for our CNI.
This is old (2011) but I doubt it's been updated..
https://www.parliament.uk/documents/post/postpn389_cyber-security-in-the-UK.pdf
"There is no overarching regulation of cyber
security in the UK, although a growing
number of organisations are complying with
voluntary standards"
-
-
-
Wednesday 21st February 2018 19:17 GMT amanfromMars 1
ExtraTerrestrial when Heavenly ‽ .
And, could we expect to see a standards board from the private sector-- .... GnuTzu
Presentation of an AIMaster Piloting Program would Show and Instruct both Private and Public and Pirate and Renegade Rogue Sectors the Benefits and Rewards for Providing Excellent Standard Projects Above and Beyond the ExtraOrdinary.
Lead with Anything demonstrably ExtraOrdinary and Virtually Everyone who is Anyone will Follow to Learn and Experience what is Practically Secret and Held Sacred.
-
Thursday 22nd February 2018 03:08 GMT Anonymous Coward
Not even a drop-in-a-bucket
The legally disclosed hacks aren't even a drop-in-the-bucket of actual criminal hacking that is ongoing 24/7. The recent crypto currency hack disclosures for millions in bank losses should be a red flag that all should note. Stock market hacks should be another. Loss of system controls in utility company power systems should be another. U.S. election campaign hacking by Russian hackers is legend. If the general public knew how bad the security situation really is there would be mass panic world wide. That is why authorities don't disclose most of the major hacks happening daily. The black hats outnumber the white hats 10,000 to 1.
-
Thursday 22nd February 2018 08:54 GMT Nick Kew
Back of a fag packet
A quick google finds a not-too-outdated estimate that there are 5.2 million businesses in the UK. If we take the article at face value, that would suggest losses of 5.2m * 500k, or 2.6 billion. That being, good British billions, not those US imposters: in US numbers it's 2600 billion. Which is something round about our entire GDP.
Hmmm. Something pretty fundamental is missing - like telling us what they're actually talking about.