GCHQ's cyber security chief warned that the nation's businesses are at risk of being attacked by criminals and terrorists whose main motivations are money, power and propaganda.
Giving a keynote speech at the Infosec conference held in London this week, the intelligence agency's Director General for Cyber Security, Ciaran Martin, said that organisations should take their lead from GCHQ and render them as "irrelevant as possible".
He said that in the last 10 years, the security industry has moved from talking about "what might happen" to what is now happening on a daily basis". He told delegates that it had fallen to the agency to be the UK's "top scarer". He explained that the three main motives in cyber-attacks were money, power and propaganda - particularly as intellectual property and corporate reputation gain increasing importance to organisations.
"We're genuinely surprised at the variety of UK organisations that can been subject to intrusion," he said. He urged firms to think about what would make them "attractive as a target" to criminals as a good way of approaching IT security.
Martin said that organisations faced too many incidents to be concerned about "stopping attacks everywhere" and now the main aim in IT security was to protect "what you care about most".
But the UK market, despite increased awareness of attacks, displayed a "relative immaturity of norms and practices", even in supposedly secure institutions, said Martin. He hoped that new GCHQ standards would prevent the sorts of attacks that wiped bank drives in Asia and affected a Saudi Arabian oil firm in 2012.
Martin distanced his agency from the controversial allegations that it conducted mass surveillance of British citizens and said that GCHQ's powers were "strictly circumscribed" and "needed clear justifications as laid down by parliament".
When questioned on the upcoming Investigatory Powers Bill, or 'Snooper's Charter', that the government plans to enact, Martin refused to give an answer but added that the agency's roles only worked "because we have an intelligence capability".
"If we want to protect the UK from the darkest reaches of cyberspace, we have to know how it all works."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Former GCHQ intern risked national security after taking home top secret dataNews A former GCHQ intern has pleaded guilty to transferring data from a top-secret computer onto his work phone.
-
Businesses must get better at sharing cyber information, urges former GCHQ chiefJeremy Fleming, the former head of GCHQ, has warned businesses face increasingly sophisticated cyber attacks on critical national infrastructure (CNI).
-
UK and US pledge to punish cyber criminals at annual meetingNews Intelligence and defence officials met at the annual forum to discuss approaches to cyber security for the years ahead
-
GCHQ opens up about concealing cyber threats from global communityNews In a series of publications from GCHQ and the NCSC, security directors explain why and how it keeps security threats a secret
-
Government 'must be held to account' over illegal Snooper's Charter
News Gov should be given until April to make changes to the Investigatory Powers Act, court told
-
GCHQ has "over-achieved" at developing state hacking tools
News The organisation has developed double the offensive cyber attacks than that of criminals
-
UK faces challenges to bulk spying in European Court of Human RightsNews Privacy groups argue bulk data collection breaches Article 8 in landmark court case
-
Canada's spy agency releases its own anti-malware tool to the publicNews The CSE says its scalability makes it an ideal fit for enterprise applications
