14 DAY TRIAL // UK Government’s secure network was breached not too long ago, when hackers managed to gain access to a system administrator account.
The information comes from the Minister for the Cabinet Office, Francis Maude, who shared it during the IA14 security conference.
He said that the attacker was a state-sponsored hostile group, whose activity was detected and fended off at an early stage, without any damage having been caused.
Admitting to a security attack attempt from another state is not something a government shares very frequently, although such activities are known to happen more often than one would think.
The Minister said that efficiency of dealing with the incident was thanks to “brilliant people working to keep us safe,” who were “drawn from GCHQ and the security services, the armed forces, the police and National Crime Agency, the civil service, and of course the private sector too,” with “bucket loads of expertise.”
He also noted that the responsibility of security should not fall on their shoulders alone and everybody should be able to take the necessary precautions to protect their business and even personal privacy when browsing the Internet.
Protecting passwords and sensitive information is a responsibility equally important for both a junior and the chief executive officer.
To this purpose, the government launched the new Cyber Essentials Scheme on June 5, a document that covers the basics of cyber security in the corporate IT environment.
The paper focuses on five key components that include prevention of unauthorized access to or from private networks through firewalls and Internet gateways, secure configuration of the systems, access control to different resources, malware protection, and applying the latest updates for the applications used.
Also, starting October this year, the UK Government will request a Cyber Essentials certification to all suppliers bidding contracts aiming at handling certain personal and sensitive information.
In order to protect critical businesses not just from attacks sponsored by other governments but also from criminal organizations that have equally complex hacking skills and technology, GCHQ security agency will start to gradually share classified intelligence with communications service providers.
The program will include “suppliers to Government networks” and then move to “the other sectors of critical national infrastructure. This ground-breaking initiative will use GCHQ's unique capabilities and insights gleaned from its intelligence and security work to illuminate the critical threats in cyberspace.”
Maude concluded that technology led to new opportunities, but threats also kept the pace and “We can’t pause; we can’t slow down, even for a minute. There’s always something more we can be doing to protect ourselves.”