Cyber-security got a major boost from the UK government, just as Tesco Bank – a subsidiary of supermarket giant Tesco plc ($TESO) – became the latest public company to suffer millions of pounds of losses and dented customer confidence following an unprecedented cyber-heist. While unfortunate for the victims of the attack, the news helped draw attention to the UK’s second major cyber-security initiative announced by Chancellor of the Exchequer, Philip Hammond.
Speaking at the launch of the UK’s latest cyber security strategy the government said it aims to ensure that the UK is secure and resilient to cyber threats, prosperous and confident in the digital world. Commenting on the initiative, Hammond said: “The National Cyber Security Strategy we’re publishing represents a major step forward in the fight against cyber attack. It is a key component of the government’s ambition for Britain to be the best place in the world to run a tech business.”
Streamlined response promised
As part of the strategy a new National Cyber Security Centre has been launched. The idea behind the single authority is to make it much simpler for business to get advice on cyber-security and to interact with government on cyber-security issues. As part of the changes, the NCSC will subsume UK’s national Computer Emergency Response Team (CERT UK) and will provide the UK’s cyber security incident management.
The Centre will bring together the full range of technical skills from across government and beyond to respond to significant incidents reported by business, academia or government departments. The Centre, Hammond said, will link up with law enforcement, help mitigate the impact of the incident, seek to repair the damage and assist in the tracing and prosecution of those responsible.
The government said it had three objectives: defend, deter and develop. The strategy outlines that the country has the means to defend itself against cyber attacks while the government would deter attacks through strong action. The government said it could detect, understand, investigate and disrupt hostile action taken against the country’s systems, pursuing and prosecuting offenders. At the same time the government said the UK has an innovative, growing cyber security industry, underpinned by world leading scientific research and development. The government said it would invest £1.9 billion over the next five years to transform significantly the UK’s cyber-security.
Money-laundering and cyber-security arrests
As evidence of the ongoing fight against cyber crime the NCA also announced last week the arrest of 14 people in the UK on suspicion of offences including laundering stolen money for international cyber criminals using malware. NCA officers believe the malware was developed and deployed by skilled cyber criminals in Eastern Europe.
Mike Hulett, Head of Operations at the NCA’s National Cyber Crime Unit said: “Cyber crime is an increasing threat in the UK and internationally, which the NCA is determined to combat at every level. The malware utilised in this case hits small and medium sized businesses particularly hard.”
Tesco bank breached
Less than a week after the launch of the UK government’s cyber security strategy, Tesco Bank – a subsidiary of the major supermarket chain – suffered an unprecedented cyber-security breach, highlighting the scale of risks and damage that consumers, companies and shareholders face.
Benny Higgins, chief executive, Tesco Bank said that around 40,000 of its customers’ current accounts had been subject to online criminal activity, and around half of these customers had money withdrawn fraudulently from their accounts. Higgins said that all money stolen will be refunded by the bank. The National Crime Agency has said it is coordinating the law enforcement response to the data breach.
£1.9 billion cyber-security fine for Tesco? Not quite yet
Under the EU’s forthcoming General Data Protection Regulation (GDPR), Tesco plc would face fines of £1.9 billion or more. The Regulation uses a company’s entire as the baseline for fines, which could be up to four per cent of turnover. Brexit notwithstanding, the GDPR is on track to come into force in May 2018 in the UK. Audit committees will need to get the cyber-risk strategy sorted out sooner rather than later.
Last Updated: 13 November 2016