March 22, 2016 By Douglas Bonderud 2 min read

Information security (InfoSec) is now a top priority for many companies. As their potential attack surface grows, businesses often find themselves playing catch-up with insider and external threats, desperately trying to stay ahead of cybercriminals and anticipate possible vulnerabilities.

According to ComputerWeekly, the U.K. is now taking a more hands-on approach to help companies secure their data. The U.K.’s new National Cyber Security Centre (NCSC) will act as a “one-stop authority” for all things information security and hopefully take some pressure off cyber-strapped businesses.

Dollars and Sense

As noted by the ComputerWeekly piece, one top priority for the center is finance. Working with the Bank of England, the NCSC will generate security advice for financial institutions across the country. Ideally, this will increase their overall security posture and reduce the threat of a widespread cyberattack.

This kind of information sharing is a key goal of the NCSC. According to Matthew Hancock, minister for the Cabinet Office, the new venture will inform “the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online.”

While previous security investments haven’t paid off for the U.K., the hope is that a combination of research, information sharing and a cyber force ready to assist companies will strike the ideal balance between cyber defense and security offense to increase business safety.

The Information Security Effect

With information security such a hot topic in the tech sector, it’s worth asking: Is this first part of the U.K.’s five-year, $2.7 billion-plus plan really the best way to improve corporate data protection, or is there more hype here than help?

A recent article from The Register cited one professional who recently discovered a little-known protocol vulnerability that could expose more than 500,000 servers to the risk of amplified DDoS attacks. The trivial file transfer protocol (TFTP) is a file-sharing method that should never be used on an Internet-facing server. Port scanning by security researchers found almost 600,000 publicly open TFTP servers that, if compromised, could amplify traffic up to 60 times the original amount, paving the way for a massive DDoS attack. Both internal and external attacks are possible.

Usually, most companies wouldn’t think to check TFTP since it’s typically used to send small, noncritical files across internal networks. But proactive research and fast disclosure allowed this flaw to be identified and the proper parties alerted quickly. Simply put? Information security is paying off.

For the NCSC, this offers a solid chance that the endeavor will pay off on a much larger scale, enabling public security professionals to detect and disseminate information about emerging security threats and swing into action as required. It’s an experiment, but it’s one worth watching. With the right mix of transparency and technical sophistication, this could be the blueprint for next-gen, public-private collaboration.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today