Hands-On Approach: UK Opts for One-Stop Information Security Shop

Information security (InfoSec) is now a top priority for many companies. As their potential attack surface grows, businesses often find themselves playing catch-up with insider and external threats, desperately trying to stay ahead of cybercriminals and anticipate possible vulnerabilities.

According to ComputerWeekly, the U.K. is now taking a more hands-on approach to help companies secure their data. The U.K.’s new National Cyber Security Centre (NCSC) will act as a “one-stop authority” for all things information security and hopefully take some pressure off cyber-strapped businesses.

Dollars and Sense

As noted by the ComputerWeekly piece, one top priority for the center is finance. Working with the Bank of England, the NCSC will generate security advice for financial institutions across the country. Ideally, this will increase their overall security posture and reduce the threat of a widespread cyberattack.

This kind of information sharing is a key goal of the NCSC. According to Matthew Hancock, minister for the Cabinet Office, the new venture will inform “the entire business community and public sector about emerging threats, providing support when attacks happen and educating everyone on how best to stay safe online.”

While previous security investments haven’t paid off for the U.K., the hope is that a combination of research, information sharing and a cyber force ready to assist companies will strike the ideal balance between cyber defense and security offense to increase business safety.

The Information Security Effect

With information security such a hot topic in the tech sector, it’s worth asking: Is this first part of the U.K.’s five-year, $2.7 billion-plus plan really the best way to improve corporate data protection, or is there more hype here than help?

A recent article from The Register cited one professional who recently discovered a little-known protocol vulnerability that could expose more than 500,000 servers to the risk of amplified DDoS attacks. The trivial file transfer protocol (TFTP) is a file-sharing method that should never be used on an Internet-facing server. Port scanning by security researchers found almost 600,000 publicly open TFTP servers that, if compromised, could amplify traffic up to 60 times the original amount, paving the way for a massive DDoS attack. Both internal and external attacks are possible.

Usually, most companies wouldn’t think to check TFTP since it’s typically used to send small, noncritical files across internal networks. But proactive research and fast disclosure allowed this flaw to be identified and the proper parties alerted quickly. Simply put? Information security is paying off.

For the NCSC, this offers a solid chance that the endeavor will pay off on a much larger scale, enabling public security professionals to detect and disseminate information about emerging security threats and swing into action as required. It’s an experiment, but it’s one worth watching. With the right mix of transparency and technical sophistication, this could be the blueprint for next-gen, public-private collaboration.

Contributor'photo

Douglas Bonderud

Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and...