National Cyber Security Centre
Advice on managing enterprise security published after major cyber campaign detected
TARGETED expert advice aimed at Managed Service Providers and their customers has been published after a global cyber attack was uncovered by a multi-organisation collaboration led by the National Cyber Security Centre (NCSC).
- Third parties who manage large organisations’ IT services attacked
- NCSC leading investigation in partnership with Cyber Incident Response partners
- Advice urges enterprise security teams to discuss risk with Managed Service Providers
The attacks are against global Managed Service Providers (MSPs), which are third parties who help to manage large organisations’ IT infrastructure and services. MSPs are particularly attractive to attackers because they have privileged access to other organisations’ systems and data.
Due to the incident affecting mainly larger organisations, the NCSC believes the risk of direct financial theft from individuals is unlikely.
The attacks provide a reminder about the importance of organisations choosing and monitoring their outsourcing partners carefully, so the NCSC has posted a range of advice on their website about what people should be done to mitigate against risks.
Ciaran Martin, CEO of the government’s National Cyber Security Centre Said:
“This scale of hostile activity is significant and our intervention is aimed at giving the UK the ability to tackle this threat head-on by giving organisations the tools and information they need.
“We always encourage enterprises to discuss this threat with their MSP, even if they have no reason to believe they have been affected. This incident should remind organisations that entire supply chains need to be managed and they cannot outsource their risk.
“The response to this attack is an example of the new NCSC at work with our partners. It would not have been possible to uncover the scale and significance of this incident as quickly without our close partners in Cyber Incident Response (CIR) initiative, including PWC and BAE Systems.”
The guidance reflects the technical advice and mitigation measures offered to U.K. industry and government departments on the Cyber-security Information Sharing Partnership (CISP) platform.
Organisations who outsource IT infrastructure are recommended to have an open dialogue with their provider and to understand what model they use to manage your services. If their model is unsatisfactory, the organisation should demand that they change it immediately.
The NCSC recommends that MSPs who are unwilling to work closely with customers or are unwilling to share information should be treated with extreme caution. They also advise that having an independent audit of your MSP is critical for security management – an organisation that neglects such monitoring is unlikely to ever be able to effectively manage the risk.
The NCSC, which is part of GCHQ, is the UK’s technical authority on cyber security. The NCSC was opened by HM The Queen in February 2017 and provides a single, central body for cyber security at a national level. It manages national cyber security incidents, carries out real-time threat analysis and provides tailored sectoral advice.
The UK government is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. A five year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9billion of transformational investment.
Notes to editors
- Managed Service Providers are third parties that provides a set of defined services to a customer and assume the responsibility of running, maintaining, and securing those services.
- If MSPs are targeted the impact can be quite large as they are a single point of entry into their customers. However, having a third party manage complex services can result in a better provision of service due to the economies of scale, contractual obligations.
- There is a lot of information in the public domain around this series of attacks. We have notified all members of the Managed Service Provider Information Exchange (MSPIE) and all Managed Service Providers on CISP have access to our technical information.
- In addition to following the advice and guidance detailed on the NCSC website and CISP, we also recommend that business follows published best practise guidelines, such as 10 Steps to Cyber Security and the Cyber Essentials Scheme.
- Cyber-security Information Sharing Partnership (CISP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
- The cyber security of the UK is a top priority for the Government which is why we are investing £1.9 billion and have opened the National Cyber Security Centre to help make the UK the safest place to live and do business online.
- The UK Government can’t do this alone. Every citizen, business and organisation must play their part. Government can help provide some of the tools and information needed to manage cyber security risks. However, organisations and company boards are also responsible for managing their cyber security risks and should ensure that their networks are protected and secure.
- If you are a member of the public and you believe that you are the victim of cyber crime, or cyber enabled fraud, you should contact Action Fraud. You can report the incident using Action Fraud’s online fraud reporting tool anytime of the day or night, or call 0300 123 2040. For further information see www.actionfraud.police.uk.
- For more information please contact NCSC press office: firstname.lastname@example.org / 07468 838 906 or 07468 838 893. Out of Hours: 07990 987 083
Latest News from
National Cyber Security Centre
Schoolgirls across UK prepare to vie for crown of cyber security champion31/01/2023 13:20:00
Girls prepare to go head-to-head at the finals of the 2023 CyberFirst Girls Competition, run by GCHQ’s National Cyber Security Centre.
SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest27/01/2023 11:10:00
Activity against targeted organisations and individuals in the UK and other areas of interest.
UK cyber experts warn of targeted phishing attacks from actors based in Russia and Iran27/01/2023 10:10:00
Advisory highlights techniques used by attackers in spear-phishing campaigns.
Cyber Essentials technical requirements updated for April 202323/01/2023 15:15:00
Part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats.
Charities offered latest insight into key cyber threats to help keep out attackers20/01/2023 13:05:00
Latest report published by the NCSC outlines key threats facing the UK charity sector.
Ukraine cyber defenders in UK for high-level talks19/01/2023 12:15:00
Members of the national Computer Emergency Response Team for Ukraine (CERT-UA) held bilateral talks to discuss the conflict and resilience building.
NCSC announces new joint directors for software security research institute13/01/2023 10:15:00
The National Cyber Security Centre (NCSC) has announced new joint directors for one of its academic research institutes, which specialises in software security and safety.
Organisations helping most vulnerable in society offered free cyber security support09/01/2023 13:05:00
Funded Cyber Essentials Programme offers some small organisations in high-risk sectors free practical support to help put cyber security controls in place.