Do alien space-hackers threaten the UK public sector?

英国公共部门每天每时每刻都面临着越来越多的网络攻击. Though many of these attacks, much like attacks seen across every sector, are entirely automated, 有针对性的攻击越来越多是由技术高超、资金充足的对手发起的.

在过去的15年里，网络犯罪和国家支持的入侵的增长一直在急剧上升. As technology has improved, 变得更实惠，并进入了几乎每个人的手中, 利用这项技术获取经济利益和从事间谍活动的邪恶动机已成比例地增长.

除此之外，公共漏洞上市的时间也大大缩短了.

在漏洞公开披露后不久(通常在数小时或数天内)，利用概念验证代码变得越来越普遍。. While helpful in ensuring appropriate mitigations are developed, 它还极大地加速了自动化开发机制的创建. 这使得网络犯罪分子可以轻松廉价地利用可以大规模传播恶意软件的工具, often without the need for human interaction.

网络安全行业本身已经成为一个工业化经济体, 通过研究和销售高价值的零日漏洞，以及暗网上越来越便宜的网络犯罪工具包. 当网络犯罪分子通过联属计划提供勒索软件，而充分防范攻击的成本远远高于购买它们的成本时，公共部门就有了一个主要问题.

英国政府对这一日益严重的威胁的回应在其 National Cyber Security Strategy 2022-2030 (published February 2022).

“到2025年，政府的关键职能将大大加强，以抵御网络攻击, 不迟于2030年，所有公共部门的政府机构都能抵御已知的漏洞和攻击方法.”
– National Cyber Strategy 2022-2030

尽管通过其愿景为公共部门组织提供了一些非常明确的计划, Aims, 支柱和目标——在短短两年半的时间里，所有关键职能部门都要对网络攻击进行显著强化，所有公共部门组织必须在七年半的时间里对已知的攻击具有弹性, is a difficult thing to wrap your head around, but we’re here to help!

So what about these Alien space-hackers?

网络安全通常名声不好，我很难理解其中的原因, despite working in the field for years, until I read this quote from The Phoenix Project by Gene Kim, Kevin Behr and George Spafford.

“他们总是想出一百万个理由，为什么我们做的任何事情都会造成安全漏洞，外星太空黑客会利用这个漏洞掠夺我们整个组织，窃取我们所有的代码, intellectual property, credit card numbers and pictures of our loved ones.”
– Bill Palmer, The Phoenix Project

通常感觉风险有两种形式:显而易见的和坦率地说奇怪的. I for one often have my mind focused on the alien space-hackers, which is somewhat understandable, 我花了很多年的时间帮助公共部门抵御一些最疯狂的行为, 最难以想象的网络安全威胁，你甚至无法想象.

This however, is not the norm, we don’t all face the same risks. Because of this, 网络安全部门不能为做好安全工作创造一个单一的模板, rolling it out across the public sector and calling it a day.

同样，在防范风险方面，也没有什么灵丹妙药. There is no such thing as a zero risk, fully secure solution. 网络安全风险只能被理解、管理和补救. 组织必须为最坏的情况做打算，为已知的情况辩护，然后对其他情况进行监控和应对. And as the threats evolve, so must the response. Cyber security is never done – it’s a culture to embed.

Why Made Tech?

自2008年成立以来，安全建筑一直是Made Tech交付理念的关键部分, 但近年来很明显，我们在公共部门的合作伙伴一直在努力跟上步伐.

There are many things that impact this, from a lack of skilled resources, 预算限制和重点放在增加功能之上，而不是确保基本功能.

提供专业的网络安全咨询服务，与我们不断增长的服务相辅相成，使我们能够继续实现我们的核心目标，即通过利用技术改善社会，对国家的未来产生积极影响, for everyone.

The threats may never end, 但这并不意味着我们要把你锁定为我们的网络安全顾问. As with our track record with technology delivery, our approach is to help instil the culture, 能力和工作方式，使你的组织装备齐全.

因为保护公共部门免受网络攻击是非常重要的, 但要确保公共部门掌握这项技术, 知识和支持不断捍卫自己是Made Tech的使命.

如果您想了解更多十大网博靠谱平台网络安全和公共部门的信息，请注册 Made Tech Insights 让新的博客文章和其他内容直接发送到您的收件箱.

Share

So what about these Alien space-hackers?

Why Made Tech?

Related Posts

Posted by UKFast

UKFast Adds to C-Suite with CMO Appointment

Posted by Woodhurst Consulting

Getting the whole picture

Posted by iomart Group plc

iomart帮助十大网博靠谱平台雇佣法咨询公司半岛迁移到云端

Posted by Cyber Security Partners

CSP Announce Associate Sponsorship

Posted by Datacentreplus

Most Common Cyber Security Threats & Prevention in 2020

Posted by Cyber Security Partners

Why You Shouldn't Use 2FA on Older Smartphones

Posted by Cyber Security Partners

Remote Working - Keep Your Data Secure!

Posted by The North West Cyber Resilience Centre

Online Advice for Businesses in Response to the Covid-19 Outbreak

Posted by The North West Cyber Resilience Centre

网络复原中心:为应对COVID-19提供免费会员资格

Posted by Informed Solutions

被任命为Ofgem数字服务动态采购系统的Informed Solutions

Subscribe to our newsletter