Security Bytes- UK Cybersecurity insights

The UK’s National Cyber Security Centre (NCSC) recently published an announcement that they are now performing ongoing vulnerability scans for all systems internet accessible across the entire country. I find this quite interesting from multiple directions. There’s definitely an Orwellian vibe… knowing the government is constantly scanning your systems for flaws in hopes that information is used to your benefit as opposed to against you. 

Of course, there’s the obvious inverse that data collected will provide a nation-wide perspective on the overall degree of exposure and from that prioritise information and to help improve the country’s position, thereby helping to improve yours. 

The fact is simply this – you’re being scanned constantly by baddies anyway and they’re not going to let you know you have a hole – e.g., Shodan. Nevertheless, like some of the laws forming in the US and other countries concerning government demands for reporting incidents, it does start to challenge the concept of privacy at the organisational level. Frankly, privacy is a battle arguably being lost at the individual level too. No matter, as an organisation you can embrace it by not filtering two specific IP addresses used by the NCSC or contact them to opt out. 

About vCISO

Nash Squared’s global vCISO practice provides cybersecurity leadership expertise in exactly the way you need it. From short-term engagements to assist with major initiatives and critical projects, to longer term strategic support for overall security program effectiveness in a part-time or fractional model. We provide rapid access to world-class senior security experts with the much-needed skills and experience eliminating the need for project-oriented consultancies or having to hire permanent resources.