Posted on August 31, 2017 at 4:20 PM
More than a third of critical national infrastructure within the United Kingdom hasn’t finalized basic cyber security checks and standards. This was revealed from a research by Corero Network Security, a top provider of real-time DDoS protection.
There are about ’10 Steps to Cyber Security’ that each organization must complete but only a few of them had done so. The implication of this report is that organizations are not only susceptible to attacks but also liable to up to £17m fines. The charges will come into effect once a proposal for Network and Information Systems (NIS) directive is implemented starting May next year.
Among the UK organizations that were served with the Freedom of Information requests include police forces, transport organizations NHS trusts, fire & rescue services and ambulance trusts. A total of 163 responses were received out of which 63 organizations representing 39% were found to have incomplete ‘10 steps’ programme. NHS Trusts took the largest chunk of 42%.
Corero was particularly concerned by the fact that numerous infrastructure organizations didn’t have a proper response to DDoS attacks. This is a threat that has been given much weight by security experts explaining that it should be prioritized in the defense against service disruption.
Most DDoS cases are not similar to the massive Dyn attack that impacted platforms like Reddit, Netflix, and Twitter. Corero has been handled many of these attacks which lasted for not more than 30 minutes. Additionally, 98% of these were below 10 Gbps.
“Cyber security experts in most cases fail to notice these attacks as a result of their small sizes. Unfortunately, they have the ability to pass through and map networks. They may also be a mask for the installation of a hazardous program like a malware,” said Corero.
By refusing to detect short-term incidents, UK organizations become more vulnerable to DDoS attacks. Despite about 5% admitting to having experienced the denial of service attacks in the previous year, this number may be higher.
To make matters worse is the reality that the DDoS attacks normally have malware infections hidden somewhere. In fact, the figures are now 10 points higher than the 2016 survey. Neustar study report that 27% of the attacks featured ransomware or extortion attempts. The figure stands at 23% globally.
Sean Newman, the Corero director, said that “refusing to mitigate short-lived DDoS attacks sets the stage for malware installation in the organization infrastructure. There could also be data theft any other complicated cyber threats.
Newman acknowledges that “cyber attacks on national infrastructure have significant implications besides from real-life disruption.”
“Blocking access to services that are the backbone of our economy may put the country into financial crisis,” he adds.
Among measures that can be taken to protect the expanding national infrastructure include maintaining effective visibility across the network, automatic detection of intrusion attempts and putting in place effective DDoS protection mechanisms.