U.K. Cabinet Office minister Francis Maude disclosed that an attack by an named “state-sponsored hostile group” resulted in the compromise of a system administrator’s account on the Government Secure Intranet in a speech at the IA14 Conference this week.
“I can tell you of a recent case where a state-sponsored hostile group gained access to a system administrator account on the Government Secure Intranet. Fortunately this attack was discovered early and dealt with to mitigate any damage,” Maude told the attendees.
“For that – and in many other cases – we can be thankful that we have some brilliant people working to keep us safe. They’re drawn from GCHQ and the security services, the armed forces, the police and National Crime Agency, the civil service, and of course the private sector too, but they share much in common,” Maude continued. “They’re bright, motivated and have bucket loads of expertise.”
Maude went on to stress that good security is a collective effort, and it is the duty of every employee from the bottom of an organization up to the leadership to practice good security habits to avoid the risk of compromise.
“There’s an onus on the most junior employee to protect his or her passwords – just as there’s an onus on the chief executive and the non-executive directors to ensure cyber security is taken seriously in board meetings.” Maude said.
Beginning this October, the U.K. government will require all vendors bidding on contracts that involve certain types of sensitive information to participate in the new Cyber Essentials program, which certifies that companies are committed to some basic security best practices that are designed to counter the most common of threats.
“It already has support from a whole range of organisations including the CBI, Federation of Small Businesses and the Institute of Chartered Accountants,” Maude said. “The insurance industry is also supporting the scheme with 2 firms, Marsh and AIG, offering incentives for businesses to become certified.”
Maude also lauded a major achievement in the U.K. last March – the establishment of the nation’s first Computer Emergency Response Team – CERT-UK, as well as enhanced threat intelligence sharing initiatives.
“In the past, when I’ve met my counterparts overseas, one of the things they always asked me was why there wasn’t a single point of contact for cyber security incidents in the UK. CERT-UK fulfills that role. Our international partners now know who to call, as does government, business and academia.”
Read More Here…