Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Staff and supply chains are biggest cyber threat

security

Staff and supply chains are the greatest cyber security vulnerabilities for critical national infrastructure organisations, according to a new report.

New research by consultant Atkins has revealed that more than half of senior industry figures have low confidence in the cyber security of critical national infrastructure (CNI) supply chains, while 50% cite people/staff as CNI’s greatest cyber resilience weakness.

The research forms part of Atkins’ new Cyber Resilient Infrastructure Report, published as part of European Cyber Security Month. The company said that the report outlined how the UK could become more cyber resilient.

Cyber attack confidence barometer charts

Cyber attack confidence barometer charts

Source: Atkins

New research by consultant Atkins has revealed that more than half of senior industry figures have low confidence in the cyber security of critical national infrastructure (CNI) supply chains, while 50% cite people/staff as CNI’s greatest cyber resilience weakness.

Atkins said that the research findings reflected the views of senior figures across a wide range of CNI, government and defence organisations, including Airbus Defence and Space, Anglian Water, the Department for Culture, Media & Sport, the Ministry of Defence, Qinetiq, and the UK Space Agency.

Although people were confident in the security protecting their own organisation, it was considered to be much more difficult to protect information assets and intellectual property once it entered a wider supply chain, according to the report.

When asked to rank their top three cyber security concerns today, half of respondents identified people/employees as their top concern. This response covered a range of issues including insider threat, user browsing, board-level awareness, and staff understanding of the part they play in helping to protect their organisation.

The second highest concern was network compromise and insufficiently protected legacy systems (25%), including issues around the Internet of Things (IoT) and cloud-based services. Atkins said that this was followed by concerns around the pervasive growth of organised and state-sponsored cyber crime (8%).

Cyber security concerns

Cyber security concerns

Source: Atkins

Staff and supply chains are the greatest cyber security vulnerabilities for critical national infrastructure organisations, according to a new report.

When asked to look ahead and cite their top CNI cyber security concerns for the future, 28% suggested it was the rapid advance of technology, especially the IoT and convergence. This was followed by the growth of organised and state-sponsored cyber crime (24%), and then a shortage of skills required for the UK’s cyber defence (20%).

When asked to gauge whether advantage currently lies with the cyber attacker or defender, 70% believed it was with the attacker (compared to 61% last year), 13% said it was currently balanced (compared to 17% last year), and 17% believed it was with the defender (compared to 22% last year), said Atkins.

Cyber attack perception of advantage graph

Cyber attack perception of advantage graph

Source: Atkins

When asked to gauge whether advantage currently lies with the cyber attacker or defender, 70% believed it was with the attacker (compared to 61% last year), 13% said it was currently balanced (compared to 17% last year), and 17% believed it was with the defender (compared to 22% last year), said Atkins.

“As well as serving as a confidence barometer, the research results also help paint a picture of the CNI and defence industry’s major cyber security concerns, both today and in the future,” said Atkins head of cyber security Andy Wall.

“Although some of these results are concerning, there are, of course, some CNI organisations – particularly the civil nuclear industry – who are leading in this area, and there is much that parallel sectors could learn from their example”

Wall added that alongside the concerns outlined already, transparency was also raised as an enduring industry challenge.

“A lack of clear definitions of risk terms and reliance upon confusing technical language to define the cyber threat is turning off senior leaders,” he said. “This, in turn, is preventing them from fully understanding the risks and potential mitigation measures. Hopefully this report will help to overcome some of those barriers.”

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Please note comments made online may also be published in the print edition of New Civil Engineer. Links may be included in your comments but HTML is not permitted.