mailing list archives
Public sector needs cyber help 'more than big firms'
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 26 Nov 2013 01:07:17 -0700
An ICT expert has called on the government to extend a new cyber security
health check being offered to top commercial firms to the public sector.
According to reports, MI5 and GCHQ have sent a letter to the chairs of all
FTSE 350 companies in the UK, offering them assistance with analysing their
But Rik Ferguson, vice president of security research at software security
firm Trend Micro said that the initiative was also needed by local
authorities, NHS organisations and other public sector bodies.
He said: “I certainly hope that the same advice is being disseminated
throughout the public sector as well. The track record shows that there
have been multiple failures of operational security, resulting in swathes
of open source intelligence being available online, not to mention the
multiple losses of data from councils and health service employees.”
He said that extra help may be needed for these bodies, because they are
significantly less well funded than blue chip corporations.
Alejandro Rivas-Vásquez, principal advisor on cyber security at consultant
KPMG, told Publictechnology.net that as larger companies improve their
security systems, the public sector could be under greater threat from
He said: “Traditionally it was financial services firms that were at the
greatest risk from cyber criminals.
“What we are seeing is the cyber criminals are moving away from financial
services realising that the fence is so high to climb over. There are
easier targets and the crown jewels held by local authorities are seen as
He said that other private sector firms had approached KPMG about using the
benchmarking healthcheck, and that it would be possible for public sector
bodies to benefit from it.
The government’s letter, reportedly signed by MI5 director general Andrew
Parker, GCHQ director Iain Lobban and universities minister David Willetts
– states that cyber attacks against UK companies are already causing
significant damage to their reputations and revenues.
This new initiative, known as the “Cyber Governance Health Check”, comes
after consultant KPMG released research showing only 20% of large
organisations detected that outsiders had successfully penetrated their
network in the past 12 months and that just 21 percent of audit committees
are satisfied with the information they receive about cyber security risks.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
- Public sector needs cyber help 'more than big firms' Audrey McNeil (Dec 03)