Detica says that the UK's critical national infrastructure (CNI) is also at risk if military levels of cybersecurity are not used to defend against this wave of malware and allied threats.
According to a Detica-sponsored report from Chatham House just published, government best-practice around high-end cyber warfare defences has not yet permeated some areas of the UK's critical national infrastructure.
The security firm contends that, whilst the UK's military and government have historically seen the real necessity of advanced security for their most sensitive information and operations, private sector organisations are faced with the need to balance the cost and practicality of implementing security for low probability, but high-risk attacks.
Henry Harrison, technical director with Detica, says that the sponsored report - Cyber Security and the UK Critical National Infrastructure - stresses the importance of cyber space to national security.
Harrison argues that, whilst it is vital that the UK protects it critical national infrastructure from attack, one of the report's principle conclusions is that there appears to be a less than coherent picture within CNI organisations of either the risk or potential impact of cyber attack.
“This is a particular challenge for low probability but potentially very high impact attacks that could affect the operation of our critical national infrastructure. The reality is that the private sector organisations which largely run CNI form the front line for this Tier 1 national security threat”, he said.
“Historically there has been very limited adoption within the private sector of the very high-end security approaches used to protect the world's most sensitive information and systems. If our national security ambitions are to be realised, there is a pressing need to improve the usability and efficiency of these solutions in order to enable more widespread deployment”, he added.
Harrison went on to say that the most sensitive systems of our critical infrastructure need to be robustly separated from more general-purpose interconnected networks.
Where that is not the case today, he explained, CNI organisations need to introduce that separation while minimising the economic impact to business efficiency.
Detica's technical director notes there is a growing portfolio of tools that ensure organisations don't have to trade usability for security, ensuring that critical systems can be separated and the risk of attack minimised with comparatively low impact on day-to-day business operations.
“What is needed to achieve that is a business-led approach to the analysis and design of effective risk management frameworks, combined with technology innovation that allows networks to be protected from cyber criminals,” he said.