New System in UK for Evaluating Severity of Cyber Attacks
A fresh assessment system in the U.K. will categorize the intensity of cyber incursions on a scale from one to five, with the objective of offering more precise insights to businesses and policymakers regarding the repercussions of cyber perils. The Cyber Monitoring Centre, an autonomous non-governmental entity consisting of industry specialists, will evaluate events in real-time and make outcomes publicly accessible without charge.
This system is crafted to be easily comprehensible, akin to the Saffir-Simpson cyclone scale, which classifies cyclones based on continual wind velocity. A one on the CMC scale represents the least severe cases, while a five indicates the most critical cyber assaults. Only occurrences impacting numerous institutions and leading to financial damages surpassing £100 million will be categorized.
The U.K. has encountered a surge in notable digital trespassing episodes in the preceding year, including ransomware cases targeting the British Library, supermarkets Sainsbury’s and Morrisons, and diagnostics company Synnovis, which disrupted NHS operations. In December, the chief of the U.K.’s National Cyber Security Centre cautioned that the nation’s cyber dangers are “widely underestimated.”
REFER: 99% of UK Businesses Faced Cyber Attacks in the Last Year
The CMC will compile information from sources like Chamber of Commerce surveys, technical cues, and incident dossiers to evaluate an attack’s severity. The organisation’s Technical committee — comprising the former Chief Executive Officer of the National Cyber Security Centre, a former Director General for Technology at GCHQ, and a cybersecurity lecturer from Oxford University — will scrutinize the conclusions and assign a classification.
“The probability of significant cyber occurrences is now higher than ever before as UK entities have become progressively dependent on technology,” stated the Chief Executive Officer of the CMC, Will Mayes, in a press release. “The CMC has the capacity to assist enterprises and persons in gaining a better grasp of the repercussions of cyber occurrences, reducing their effects on individuals, and improving cyber resilience and reaction schemes.”
Businesses in UK Need to Avoid Solely Depend on a Reactive System, Critics Suggest
While the evaluation system provides valuable perspectives, some cybersecurity analysts advocate against relying solely on it as the primary safeguard. Instead, they stress the significance of pre-emptive security measures.
“An impressive incident response is well organized, well trained, well tested, and has real-life incident experience,” stated Benedict Peet, Information and Cyber Security Risk Manager at Standard Chartered Bank, in a message to TechRepublic. “Just a general incident response is where there’s a framework in place, no testing, no planning, and no experience.”
Haris Pylarinos, Chief Executive Officer and Founder of the security education platform Hack The Box, conveyed in a message to TechRepublic: “The introduction of the Cyber Monitoring Centre in the UK is a positive step, but it focuses more on the aftermath than the root cause. Companies should seize the chance to learn from lifelike and dynamic crisis scenarios to pressure-test their incident response capabilities before an event occurs.”
About Author
