Category 1 Cyber Attack will be Life-Threatening

The Chief Executive of the National Cyber Security Centre (NCSC), Ciaran Martin, has previously warned that it is not a matter of if the UK will be attacked, but when.

Now he has warned that there is little doubt that this cyber attack will happen.

A ‘Category 1’ attack is expected to hit the UK and bring with it incidents resulting in severe economic or social consequences or loss of life. This type of attack is defined as a national cyber emergency which will cause “sustained disruption” of essential services or affect national security.

More than 10 cyber attack attempts are made against the UK every week

Since the NCSC became operational two years ago, the frontline teams have dealt with 1167 cyber incidents.

The NCSC will publish a report in the coming weeks, which will highlight the dangers it is confronting.

Mr Martin, the NCSC’s Chief Executive, said: “The majority of these incidents were, we believe, perpetrated from within nation states in some way hostile to the UK.

“They were undertaken by groups of computer hackers directed, sponsored or tolerated by the governments of those countries.

“These groups constitute the most acute and direct cyber threat to our national security.

“I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a category 1 attack.”

The attacks against the UK are carried out by hackers in nation states “hostile” toward the country. The “most chronic” attack will be one which may be low in sophistication but high in volume. This kind of attack involve interference in an election or an attempt to cripple infrastructure such as energy supplies or the financial services sector.

Businesses can protect themselves by gaining the Cyber Essentials certification

Cyber Essentials certification can be attained through self-assessment and it is a step in the right direction towards protecting your company, although it should be seen as the start of a framework of cyber security measures.

Cyber Essentials Plus requires an independent assessment of your security controls to verify you have them in place at the required levels. The Cyber Essentials Plus assessment involves a vulnerability scan, which will identify unpatched, or unsupported software, open ports, incorrect firewall configuration etc.

Cyber Essentials Plus has become a much more highly regarded certification, suitable for both small and large businesses which are looking for a real improvement in their existing cyber security controls.