Former UK Cyber Boss: Big Change Unlikely Before ‘Highly Destructive Attack’

Cybersecurity cyber

John Noble, former director of the National Cyber Security Centre in the United Kingdom, took a pessimistic view on the future of cybersecurity during a BeyondTrust webinar on Wednesday.

“I predict that we’re going to see destructive attacks become a norm, and unfortunately I think it’s going to take a highly destructive attack on the critical infrastructure to really make us change the way we approach this so we introduce security right from the start,” said Noble.

The Symposium covers today’s most pressing cyber issues – holistic security, AI, IoT, cloud, security-as-a-service, and more. Join us on October 30. Learn more and register

Among other high-level risk factors, Noble highlighted the risk of corporate mergers and acquisitions
to cybersecurity, saying, “following the merger, you inherit a whole pile of cyber risk you may not

understand.” He also noted that companies tend to reduce staff during and following acquisitions, which may reduce resources devoted to security.

Noble also highlighted the risks of outsourcing and supply chains, and pointed to the example of managed service providers (MSPs) in the U.K. who found themselves victims of the APT10 Chinese hacking organization. “I think out of a number of worrying things that came out of this investigation, we saw that a number of the MSP security teams had detected these issues and had attempted to mitigate the risk. Unfortunately, generally they weren’t successful, as they underestimated their adversaries and overestimated their own capabilities.”

Recent