Press Release

British business on the back foot in terms of Cyber security says security firm

British business is on the back foot in terms of cyber security and the way in which they understand and deal with cyber threats.

British business is still very much on the back foot in terms of cyber security and the way in which they understand and deal with cyber threats, an IT security expert at MWR InfoSecurity claimed today.

Alex Fidgen, Director at MWR InfoSecurity was commenting on reports that the FBI (Federal Bureau of Investigation) have given U.S. Banking Officials security clearance in the last month to share details of investigations hitting banking systems over the past year.

Alex said: “The fact of the matter is that UK banks have traditionally led the way on IT security, but the kind of threats now being faced are on a new level.”

He added: “In Britain the banking sector talks amongst itself about security issues, far more than any other group of businesses. The support, however, that the banking sector has traditionally received must be expanded to cover other key business sectors.”

The British government has launched CISP, the Cyber Security Information Partnership that shares information with a variety of businesses but many businesses do not appear to be paying attention and the government needs their help to get it going.

Alex Fidgen said: “If these government initiatives do not have the right impact and more companies across the business spectrum do not pay attention then Britain may find itself in the position where the Americans are now and more open to attack.”

He added: “Business needs to understand that these threats are often nation state backed and are more interested in causing economic disruption than direct monetary gain – which was the case in the past from criminal gangs.”

Reports emanating from the US suggest that members of the financial industry were taken to over 40 FBI offices around the USA to join a classified videoconference.

Alex said: “Financial institutions along with energy companies and other organisations that provide the UK’s CNI (Critical National Infrastructure) need to take extra and immediate actions to address these emerging threats. The programme of attacks seen on US banks at the end of last and beginning of this year are clearly a sign of things to come, which is presumably why theFBI have acted. In the last week the U.S.
government warned of a heightened risk of a cyber attack that could disrupt the control systems of U.S. companies providing critical services such as electricity and water.”

He added: “Companies need to start investing more to protect themselves. Most boards do not understand the risks, as they need to translate an IT problem into real business impact. At the same time, in the majority of the cases, the IT department doesn’t detect the covert attacks because the general skill required to identify these breaches has not been developed enough.”

“Companies need to understand that valuable and sensitive information goes through their networks everyday and is at a high risk of being stolen”, he added.

Fidgen indicated that there were now three important watchwords that every company should be aware of: ‘Advanced Persistent Threat’ (APT), and that a war is being waged on British business from a variety of directions. He warned that attacks from APTs would continue to increase substantially in the next few years.



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.