Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
The UK is proposing a hefty fine for critical national infrastructure (CNI) companies that fail to protect against loss of service due to cyberattacks. For companies that do not comply with the new regulations, the fine could be as high as £17 million, or up to four percent of annual turnover.
Among other criteria, the fine would be assessed against companies that fail to:
The proposed measures will also cover threats affecting IT such as power and hardware failures and environmental hazards. This mandate comes on the heels of the EU’s impending General Data Protection Regulations (GDPR), which sets guidelines for how sensitive data should be protected. While GDPR focuses more on data loss prevention, this proposed legislation shifts the focus to comprehensive cybersecurity resilience and preparedness.
The legislation will help strengthen the security standards of industries that operate critical infrastructure that people depend upon. UK companies that operate electricity, transport, water, energy, health and digital infrastructure will be forced to take necessary measures to meet the challenges presented by modern cyber threats.
This proposal comes just months after several organisations in the United Kingdom fell victim to global cyberattacks including WannaCry – a ransomware campaign that held more than one million computer systems hostage – and Petya – the wiper attack that destroyed files on machines in more than 60 countries.
This fine will address the changing dynamics of the nation’s CNIs. As they move towards increasingly connected large networks that allow for monitoring and remote automated control via computer networks, the potential for cyberattacks rises.
According to a report released by the UK government, cyberattacks on CNIs can be motivated by financial gain (e.g. by ransom), to manipulate public opinion, demonstrate an attacker’s prowess, conduct espionage or cause physical disruption. Potential attackers range from individuals and activists with limited capability to organised crime groups and nation-states with significant expertise and resources.
The report also notes that foreign states or state-sponsored groups regularly attempt to penetrate UK networks, specifically targeting the defence, finance, energy, telecommunications and government sectors.
Is your company prepared for similar legislation? Here are some measures you can take to boost your cybersecurity:
Although cybersecurity regulations will require significant effort for the companies that are affected, this new legislation by the UK government demonstrates that they understand the severity of cyber threats in today’s digital world and the destruction they can cause, if undeterred.
Even if you’re not a CNI, cyber threats should concern you. With cybercriminals constantly adjusting their tactics, it is imperative that companies never stop defending themselves by constantly improving and expanding their cybersecurity practices. Managed detection and response (MDR) and incident response planning are common ways companies can stay ahead of their attackers.
MDR is an all-encompassing cybersecurity service used to detect and respond to cyberattacks. Using the best of signature, behavioral and anomaly detection capabilities, along with forensic investigation tools and threat intelligence, human analysts hunt, investigate and respond to known and unknown cyber threats in real time, 24x7x365.
In founding eSentire, Eldon Sprickerhoff responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over twenty years of tactical experience, he is acknowledged as a subject matter expert in information security analysis.