Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
August 31, 2017

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

Cyber consultation

Critical infrastructure industries face eye-watering fines for cybersecurity shortcomings

The UK government has proposed imposing punitive fines on critical national infrastructure companies that neglect their cybersecurity resilience.

The fines, which could be as high as £17m or up to 4% of annual turnover, have been proposed as part of a consultation by the Department for Digital, Culture, Media & Sport.

Critical national infrastructure, which encompasses sectors critical to the national economy and normal civilian life, includes energy and other utilities, transport, healthcare and digital infrastructure.

In common with other sectors, these industries are increasingly connecting critical systems via large networks in order to enjoy the benefits of interoperability, data analysis, remote monitoring and management.

“Although cybersecurity regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber threats in today’s digital world and the destruction they can cause, if undeterred,” says Eldon Sprickerhoff, founder and chief security strategist at cybersecurity firm eSentire.

“Even if you’re not a CNI, cyber threats should concern you. With cybercriminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cybersecurity practices.

“Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers.”

The government consultation was opened on 8 August and closes 30 September 2017.

Businesses in all sectors could also receive heavy fines – £7.9m or 2% of an organisation’s global turnover – under the forthcoming General Data Protection Regulations (GDPR), which strengthen EU data protection laws. Despite the ongoing Brexit negotiations, the regulations will be incorporated into British law.

eSentire has suggested some steps that organisations can take to make their systems less vulnerable to cyber-attack:

  • Encryption – store sensitive data that is only readable with a digital key
  • Integrity checks – regularly check for changes to system files
  • Network monitoring – use tools to detect suspicious behaviour
  • Penetration testing – conduct controlled cyber-attacks on systems to test their defences and spot vulnerabilities
  • Education – train your employees in cybersecurity awareness and tightly manage access to confidential information

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: