National Cyber Security Centre
Advice on managing enterprise security published after major cyber campaign detected
TARGETED expert advice aimed at Managed Service Providers and their customers has been published after a global cyber attack was uncovered by a multi-organisation collaboration led by the National Cyber Security Centre (NCSC).
- Third parties who manage large organisations’ IT services attacked
- NCSC leading investigation in partnership with Cyber Incident Response partners
- Advice urges enterprise security teams to discuss risk with Managed Service Providers
The attacks are against global Managed Service Providers (MSPs), which are third parties who help to manage large organisations’ IT infrastructure and services. MSPs are particularly attractive to attackers because they have privileged access to other organisations’ systems and data.
Due to the incident affecting mainly larger organisations, the NCSC believes the risk of direct financial theft from individuals is unlikely.
The attacks provide a reminder about the importance of organisations choosing and monitoring their outsourcing partners carefully, so the NCSC has posted a range of advice on their website about what people should be done to mitigate against risks.
Ciaran Martin, CEO of the government’s National Cyber Security Centre Said:
“This scale of hostile activity is significant and our intervention is aimed at giving the UK the ability to tackle this threat head-on by giving organisations the tools and information they need.
“We always encourage enterprises to discuss this threat with their MSP, even if they have no reason to believe they have been affected. This incident should remind organisations that entire supply chains need to be managed and they cannot outsource their risk.
“The response to this attack is an example of the new NCSC at work with our partners. It would not have been possible to uncover the scale and significance of this incident as quickly without our close partners in Cyber Incident Response (CIR) initiative, including PWC and BAE Systems.”
The guidance reflects the technical advice and mitigation measures offered to U.K. industry and government departments on the Cyber-security Information Sharing Partnership (CISP) platform.
Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.
The NCSC recommends that MSPs who are unwilling to work closely with customers or are unwilling to share information should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk.
The NCSC, which is part of GCHQ, is the UK’s technical authority on cyber security. The NCSC was opened by HM The Queen in February 2017 and provides a single, central body for cyber security at a national level. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice.
The UK government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. A five year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9billion of transformational investment.
Notes to editors
- Managed Service Providers are third parties that provides a set of defined services to a customer and assume the responsibility of running, maintaining, and securing those services.
- If MSPs are targeted the impact can be quite large as they are a single point of entry into their customers. However, having a third party manage complex services can result in a better provision of service due to the economies of scale, contractual obligations.
- There is a lot of information in the public domain around this series of attacks. We have notified all members of the Managed Service Provider Information Exchange (MSPIE) and all Managed Service Providers on CISP have access to our technical information.
- In addition to following the advice and guidance detailed on the NCSC website and CISP, we also recommend that business follows published best practise guidelines, such as 10 Steps to Cyber Security and the Cyber Essentials Scheme.
- Cyber-security Information Sharing Partnership (CISP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
- The cyber security of the UK is a top priority for the Government which is why we are investing £1.9 billion and have opened the National Cyber Security Centre to help make the UK the safest place to live and do business online.
- The UK Government can’t do this alone. Every citizen, business and organisation must play their part. Government can help provide some of the tools and information needed to manage cyber security risks. However, organisations and company boards are also responsible for managing their cyber security risks and should ensure that their networks are protected and secure.
- If you are a member of the public and you believe that you are the victim of cyber crime, or cyber enabled fraud, you should contact Action Fraud. You can report the incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information see www.actionfraud.police.uk.
- For more information please contact NCSC press office: email@example.com / 07468 838 906 or 07468 838 893. Out of Hours: 07990 987 083
Latest News from
National Cyber Security Centre
NCSC’s advice in response to the increase in sextortion scams02/11/2018 12:15:00
Advice from the National Cyber Security Centre in response to the increase in sextortion scams.
Ciaran Martin's speech at the Annual Review 2018 launch17/10/2018 11:42:00
Ciaran Martin speaking at the launch event for the 2018 Annual Review (16th October)
NCSC deals with 1,100 cyber attacks in first two years17/10/2018 09:15:00
On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week.
Annual Review 201816/10/2018 13:15:00
The Annual Review 2018 – the story of the second year of operations at the National Cyber Security Centre.
Gloucester children to benefit from groundbreaking cyber hub15/10/2018 15:05:00
Children in Gloucester will benefit from an innovative cyber environment in one of the NCSC's latest Cyber School Hubs.
Top cyber diplomat celebrated as “trailblazing”11/10/2018 13:22:00
Cyber expert Sarah Taylor given Marie Claire Future Shaper Award.
Reckless campaign of cyber attacks by Russian military intelligence service exposed04/10/2018 14:15:00
Today, the UK and its allies can expose a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport.
NCSC response and advice following Facebook cyber incident01/10/2018 13:20:00
An official statement from the National Cyber Security Centre after Facebook announced a security issue affecting almost 50 million accounts.