Critical infrastructure industries face eye-watering fines for cybersecurity shortcomings
Cyber consultation The UK government has proposed imposing punitive fines on critical national infrastructure companies that neglect their cybersecurity resilience. The fines, which could be as high as 17m or up to 4% of annual turnover, have been proposed as part of a consultation by the Department for Digital, Culture, Media & Sport. Critical national infrastructure, which encompasses sectors critical to the national economy and normal civilian life, includes energy and other utilities, transport, healthcare and digital infrastructure.
In common with other sectors, these industries are increasingly connecting critical systems via large networks in order to enjoy the benefits of interoperability, data analysis, remote monitoring and management. Although cybersecurity regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber threats in today s digital world and the destruction they can cause, if undeterred, says Eldon Sprickerhoff, founder and chief security strategist at cybersecurity firm eSentire. Even if you re not a CNI, cyber threats should concern you. With cybercriminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cybersecurity practices. Managed detection and response and incident response planning are common ways companies can stay ahead of their attackers. The government consultation was opened on 8 August and closes 30 September 2017. Businesses in all sectors could also receive heavy fines 7.9m or 2% of an organisation s global turnover under the forthcoming General Data Protection Regulations (GDPR), which strengthen EU data protection laws. Despite the ongoing Brexit negotiations, the regulations will be incorporated into British law. eSentire has suggested some steps that organisations can take to make their systems less vulnerable to cyber-attack: Encryption store sensitive data that is only readable with a digital key Integrity checks regularly check for changes to system files Network monitoring use tools to detect suspicious behaviour Penetration testing conduct controlled cyber-attacks on systems to test their defences and spot vulnerabilities Education train your employees in cybersecurity awareness and tightly manage access to confidential information Free Download: Securing the UK s borders.
Getting national security and Brexit right first time is crucial , we do not want to get this wrong.
This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.
Click here to download now