RSA Summit: Gibson urges information sharing to beat ransomware
The director of CERT UK laid out some of the problems facing UK cyber-space and outlined what cyber-security could do to help fix them.
Some of the most common problems are still malware based
Chris Gibson, director of CERT UK, addressed today's RSA summit, imploring attendees to start sharing information.
CERT and Gibson represent the intersection between the private and public sector when it comes to cyber-security - rightly so, as the large majority of UK businesses will be affected by cyber threats if not outright breaches at some point.
Gibson, who is not the lifetime civil servant you might expect, spent nearly two decades at Citibank and seems well placed to phase between the private and the public.
The government recognises this, too. As Gibson mentioned it's already seen in the halls of power as a 'tier one' security threat, "on the same level as the bubonic plague".
That's borne out by the numbers. The government has invested £860 million in cyber defence at the same time that other government bodies are being dismembered.
The long march of interconnection between countries and continents, governments and businesses and adversaries and their targets is not something that can be avoided or denied. To that end, government want a role in protecting UK businesses from cyber-threats.
Those connections are largely where CERT UK are seeing threats. Focusing mostly on what Gibson deems 'the interesting cases', CERT is seeing action against critical national infrastructure through the often international supply chains that companies rely on. Gibson himself has seen "numerous cases where it's a supply chain trying to get into the (main) company".
APTs are a fact of life, added Gibson, recalling a conversation he had with a UK intelligence official. Where once only death and taxes were a sure thing, the official said "it's now death, taxes and a foreign intelligence service on your network."
But, "While we concentrate on APT, it's not what we should be worried about."
Still, the most widespread and enduring problems that the UK comes face to face with on a regular basis are basic.
Over 35 percent of all incidents reported to CERT UK are malware based. The pieces that the team sees most are conficker and neverquest, both years old and both still persistent problems for UK organisations. Why are these things still a problem?" said Gibson
Cert UK predicts that 80 percent of the problems UK organisations face could be fixed by simple adherence to the government Cyber-Essentials scheme.
Moreover, information sharing between organisations is critical. The Cyber information Sharing Partnership (CiSP) was set up to allow "industry to help other industry to do a better job".
Gibson asked the audience, "If you're not on (CiSP), why aren't you on it?"