In news that will delight hackers everywhere, it has been found that over a third of the UK’s national critical infrastructure (NCI) organisations haven’t implemented the government’s basic cyber security standards.
Cyber defence firm Corero Network Security’s FOI request revealed that 63 of 163 responding NCI organisations haven’t completed a 10-step security programme created by the National Cyber Security Centre (NCSC).
Amazingly, after the world-class fiasco that saw large sections of the NHS’s IT infrastructure massively disrupted by the WannaCry virus in May, 42% of NHS trusts are still failing to take the necessary basic steps to avoid another cyber catastrophe.
In more good, sorry, terrible news, it turns out that cyber sloppiness could lead to our hospitals, police forces and so on being fined up to £17 million per mishap under the General Data Protection Regulation (GDPR), which will come into effect in May 2018.
Corero’s director of product management, Sean Newman, said: ‘Cyber attacks against national infrastructure have the potential to inflict significant, real life disruption and prevent access to critical services that are vital to the functioning of our economy and society. These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.’
Here’s hoping the people looking after our nuclear weapons have at least installed Norton. I need a drink.