The United Kingdom is in the process of implementing new measures to strengthen cyber security in the country. It is a part of a 2.6 billion pounds National Cyber Strategy and followed by high-profile cyber attacks.
It is stated the new cyber laws may enhance the standards of security in outsourced IT services and simultaneously improve the ways how UK businesses may report cyber security incidents.
The UK government has proposed legislation reformation to enhance flexibility as well as react to the technological change at the same pace.
It is also being proposed by the UK Cyber Security Council to get the power of creating certifications for those who are working in cyber security and they are well equipped in protecting businesses online.
According to Minister of State for media, data and digital infrastructure, Julia Lopez, the proposal may help in protecting essential services from cyber attacks and the domestic business houses need to take cyber resilience seriously to protect people online.
Simultaneously, the UK government launched Network and Information Systems (NIS) Regulations and below are some of the significant proposals:
Expanding the NIS Regulations' scope and equipping it with managed services provided by companies dealing in managing IT services for organizations. Large companies need to provide better cyber incidents reported and to notify all the cyber attacks they witness irrespective of whether these impacted their services.
Give the UK government the ability to make the NIS regulations further future-proof by updating will all the necessary and essential support as well as services. Transfer the costs incurred by the NIS in enforcing the regulations and simultaneously update the regulatory regime.
Meanwhile, NCSC Technical Director Dr. Ian Levy welcomed the proposals stating these may help in enhancing the overall cyber security resilience in the country.
Earlier this month, the UK, the US and Australia issued a joint advisory on ransomware threats using the internet. It noted about 14 US critical infrastructure sectors were attacked with ransomware and included Defense Industrial Base, Food and Agriculture, Information Technology, Government Facilities and Emergency Services sectors.
It stated that exploited vulnerabilities, Remote Desktop Protocols and phishing have been the key vectors for such intrusion and professional ransomware actors increased in 2021. The actors used independent services and negotiated payments.
The advisory suggested updating the operating systems in a timely fashion and to implement a user training programs in the country. The use of RDP should be minimized and implement end-to-end encryption.