According to a new Freedom of Information request, over a third of critical infrastructures outages in the UK were down due to cyber-attack over the past year.
Corero Network Security received responses from around 200 critical infrastructure organizations including ambulance trusts, fire and rescue services, NHS trusts, water authorities, energy companies and transport bodies.
They found out that 70% of these organizations had suffered from a service outage in the past 2 years and that within this number 35% had suffered the interruptions due to cyber-attacks.
This high level of disruption can be blamed partly on ineffective patching. 11% of respondents claim that they do not ensure that security patches for crucial vulnerability are patched routinely within 14 days.
A new EU law, the NIS Directive will be announced next week that could charge GDPR-level fines on these critical infrastructure organizations if they fail to provide adequate security.
Corero claimed that if maximum fines would have been charged on all the cyber-security incidents that caused service outages in the past 2 years, it would have cost the economy around £2.5bn.
But if you look at the bright side, 98% of these CNI organizations polled saying that they will follow the NCSC-National Cyber Security Centre’s “10 Step to Cyber-security” best practice guidelines.
Corero president, Andrew Lloyd claims that the guidelines are too reactive and the NCSC has released a detailed guideline on how to meet the requirements of the NIS Directive.
Lloyd added saying, “Across all sectors, we are seeing a greater number of sophisticated and, when undefended, damaging cyber-attacks. Government ministers and agencies have reported that these attacks are increasingly believed to be the work of foreign governments seeking to cause political upheaval.”
He further adds saying, “The head of the National Cyber Security Centre has already warned that it is a matter of when, not if, the UK experiences a devastating cyber-attack on its critical infrastructure. The study poses serious questions about the UK’s current capability to withstand such an attack.”