Wave Systems Corp. (fka WAVXQ)

[Genz2]

UK cyber attack reporting set to be more streamlined

I would think that if the current cybersecurity that has gotten us to the point listed in the article then its time for a change that works and is an improvement on the current cybersecurity. Cyber insurance should be mandatory for critical industries. Cyber insurance companies shouldn't have to pay cyber attack claims where TPMs weren't 100% activated across the network. imo. It seems that Wave could have an important role in this with its many excellent cybersecurity products.

https://www.computerweekly.com/news/252438915/UK-cyber-attack-reporting-set-to-be-more-streamlined

Government funding has been allocated to help streamline cyber attack reporting, according to the National Cyber Security Centre

Plans are under way to set up a single point for reporting cyber attacks in the UK to make it easier for organisations to doso, the National Cyber Security Centre (NCSC) has said.

In announcing a new cyber crime classification framework at the CyberUK 2018 conference in Manchester, the NCSC said any cyber attack that may have a national impact should be reported to the NCSC immediately, while individuals or businesses suffering a cyber attack below the national impact threshold should contact Action Fraud, the UK’s national fraud and cyber crime reporting centre.

Paul Chichester, director of operations at the NCSC, clarified the statement, saying there has been no change in the guidance on reporting, but that the new classification system will help organisations to understand more easily the nature of the incident they are dealing with.

The new framework expands the cyber incident categories from three to six, outlining the impact of each category, who reponds to it and what they do.

The new categories of incident are: National cyber emergency, Highly significant incident, Significant incident, Substantial incident, Moderate incident and Localised incident.

“What we are trying to do with the new categorisation and guidance is give organisations more clarity to avoid any ambiguity,” Chichester told Computer Weekly.

“A key part of the work we are doing with law enforcement now and in the future will be to make it as clear as possible for citizens and business.

“In the coming year, we will be working with law enforcement to create a simpler way of reporting incidents and more victim-focused, so there is a single point to report to and the system will ensure that it gets to the right party, whether it is law enforcement or the NCSC.”

At present, said Chichester, there is already a behind-the-scenes capability to ensure that all reports are routed to the most appropriate teams, regardless of whether an incident is reported to the NCSC or Action Fraud.