The chief of GCHQ emphasized the importance for businesses to implement additional measures to mitigate the potential consequences of a cyber-attack, such as maintaining a physical paper version of their crisis plan for use in the event that an attack disables their entire computer infrastructure.
“What is your contingency plan? Because attacks will inevitably succeed,” stated Anne Keast Butler, head of GCHQ, the UK government’s cyber and signals intelligence agency, since 2023.
“Have you genuinely tested the outcome if that were to occur in your organization?” Keast Butler remarked Wednesday at a London conference organized by cybersecurity firm Record Future. “Is your plan… documented on paper somewhere in case all of your systems go offline? How do you communicate with each other if you are entirely reliant on those systems and they fail?”
Recently, the National Cyber Security Center, part of GCHQ, reported a 50% rise in “very serious” cyber-attacks over the last year. Security and intelligence agencies are now confronting new attacks several times a week, according to the data.
Keast Butler mentioned that governments and businesses must collaborate to address future threats and enhance defense mechanisms, as contemporary technology and artificial intelligence make risks more widespread and lower the “entry-level capabilities” that malicious actors need to inflict harm. He highlighted their efforts in “blocking millions of potential attacks” by partnering with internet service providers to eliminate harmful websites at their origin, but noted that larger companies need to ramp up their self-protection measures.
On Tuesday, a Cyber Monitoring Center (CMC) report revealed that the Jaguar Land Rover hack could cost the UK economy around £1.9 billion, marking it as the most costly cyberattack in British history.
After the attacks in August, JLR was forced to suspend all factory and office operations and may not achieve normal production levels until January.
Keast Butler pointed out that “[there are] far more attacks that have been prevented than those we highlight,” adding that the increased focus on the JLR and several other significant cyber incidents serves as a crucial reminder of the need for robust cybersecurity protocols.
She regularly converses with CEOs of major companies and has conveyed that they should include individuals on their boards who possess expertise in cybersecurity. “Often, due to the board’s composition, nobody knows the pertinent questions to ask, which results in interest, but the right inquiries go unposed,” she noted.
Earlier this year, the Co-op Group experienced a cyberattack that cost it up to £120 million in profits and compromised the personal data of several of its members. Shireen Khoury Haq, CEO of the group, mentioned in a public letter the critical role of cybersecurity training in formulating strategies to respond to attacks.
“The intensity, urgency, and unpredictability of a real-time attack are unparalleled to anything that can be rehearsed. Nonetheless, such training is invaluable; it cultivates muscle memory, sharpens instincts, and reveals system vulnerabilities.”
Keast Butler mentioned a “safe space” that has been created to encourage companies to exchange information about attacks with government entities, allowing them to do so without risking the disclosure of sensitive commercial data to competitors.
“I believe sometimes individuals struggle to come forward due to personal issues or challenges within the company, which hinders our ability to assist in making long-term strategic improvements to their systems,” she remarked.
Source: www.theguardian.com
