March 22, 2016 By Douglas Bonderud 2 min read

Information security (InfoSec) is now a top priority for many companies. As their potential attack surface grows, businesses often find themselves playing catch-up with insider and external threats, desperately trying to stay ahead of cybercriminals and anticipate possible vulnerabilities.

According to ComputerWeekly, the U.K. is now taking a more hands-on approach to help companies secure their data. The U.K.’s new National Cyber Security Centre (NCSC) will act as a “one-stop authority” for all things information security and hopefully take some pressure off cyber-strapped businesses.

Dollars and Sense

As noted by the ComputerWeekly piece, one top priority for the center is finance. Working with the Bank of England, the NCSC will generate security advice for financial institutions across the country. Ideally, this will increase their overall security posture and reduce the threat of a widespread cyberattack.

This kind of information sharing is a key goal of the NCSC. According to Matthew Hancock, minister for the Cabinet Office, the new venture will inform “the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online.”

While previous security investments haven’t paid off for the U.K., the hope is that a combination of research, information sharing and a cyber force ready to assist companies will strike the ideal balance between cyber defense and security offense to increase business safety.

The Information Security Effect

With information security such a hot topic in the tech sector, it’s worth asking: Is this first part of the U.K.’s five-year, $2.7 billion-plus plan really the best way to improve corporate data protection, or is there more hype here than help?

A recent article from The Register cited one professional who recently discovered a little-known protocol vulnerability that could expose more than 500,000 servers to the risk of amplified DDoS attacks. The trivial file transfer protocol (TFTP) is a file-sharing method that should never be used on an Internet-facing server. Port scanning by security researchers found almost 600,000 publicly open TFTP servers that, if compromised, could amplify traffic up to 60 times the original amount, paving the way for a massive DDoS attack. Both internal and external attacks are possible.

Usually, most companies wouldn’t think to check TFTP since it’s typically used to send small, noncritical files across internal networks. But proactive research and fast disclosure allowed this flaw to be identified and the proper parties alerted quickly. Simply put? Information security is paying off.

For the NCSC, this offers a solid chance that the endeavor will pay off on a much larger scale, enabling public security professionals to detect and disseminate information about emerging security threats and swing into action as required. It’s an experiment, but it’s one worth watching. With the right mix of transparency and technical sophistication, this could be the blueprint for next-gen, public-private collaboration.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today