Busting the Myths: NCSC and ICO Expose the Truth About Incident Reporting
In an unprecedented collaboration, the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) have united to issue a compelling call to action. Through a captivating joint blog post, they aim to debunk prevalent misconceptions surrounding incident reporting and break the vicious cycle of cybercrime.
Their message is clear: Keeping cyber-attacks under wraps not only increases the likelihood of future breaches but also diminishes the security of us all. By failing to report incidents, we miss valuable opportunities to learn and fortify our defenses. This is particularly true in the case of ransomware attacks, as succumbing to the demands of extorters only emboldens their malicious activities.
Let’s imagine this scenario: You return home after a long day of work, only to discover that your house has been burglarized. Instead of promptly notifying the authorities and seeking assistance, you hastily restore everything to its original order, hoping no one will find out. You choose to bypass any further investigation, pretending as though nothing had occurred.
Now, consider what happens next: Your next-door neighbor falls victim to a burglary the following week, an event of which you remain unaware because they too decide not to mention it. Subsequently, the burglars revisit your home, taking advantage of your oversight in failing to secure the previously unlocked window. Their return is effortless, paving the way for further intrusion.
This analogy serves as a stark reminder that by concealing cyber-incidents, we inadvertently invite a never-ending cycle of threats. Just as the unlocked window beckons burglars, our failure to address and report cyber-attacks creates an environment ripe for exploitation. The NCSC and ICO implore us all to step forward, report incidents, and collectively strengthen our collective security. Together, we can break this perilous cycle and safeguard our digital lives.
In a recent statement, the National Cyber Security Centre (NCSC) emphasized its commitment to maintaining confidentiality when it comes to incident information. The organization clarified that it never discloses such details proactively or shares them with regulators unless the victim organization gives consent. Similarly, the Information Commissioner’s Office (ICO) clarified its stance on incident disclosure, stating that it only confirms the occurrence of an incident without divulging further specifics.
The NCSC also highlighted a crucial point for organizations to consider in the face of double extortion ransomware attacks. They cautioned that relying solely on offline backups does not eliminate the risk of data theft. Even in cases where there is no concrete evidence of data compromise, the NCSC urged victims to adopt the assumption that their data has indeed been accessed.
Meanwhile, the ICO emphasized a fair and measured approach to regulation. Contrary to the claims made by online extortionists, not all breaches automatically result in fines. The ICO stated that its primary goal is to assist organizations in enhancing their data protection practices, recognizing that this approach ultimately safeguards individuals’ data. Only in cases involving severe, recurring, or negligent behavior that puts personal information at risk would enforcement action be considered, as the ICO rejects a one-size-fits-all approach to penalties.
Suggest an edit to this article
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.