Latest news with #ComputerMisuseAct1990
Yahoo
10-04-2025
- Business
- Yahoo
Four in 10 UK businesses hit by cyber attack or breach in last year
The number of businesses reporting a cybersecurity breach or attack in the last 12 months has fallen slightly compared with the previous year, according to British government figures. The annual Cyber Security Breaches Survey found that 43% of businesses and 30% of charities had experienced a breach or attack in the last year, which for businesses was down from 50% last year. The report said the decrease was down to fewer small businesses reporting attacks, but warned that the prevalence of breaches among medium and large businesses remained high. According to the figures, it was estimated that the average cost of the most disruptive breach for each business in the last 12 months was £1,600 ($2,000) for businesses and £3,240 for charities. Cyber attacks on businesses and infrastructure have become increasingly common, and the Government has unveiled plans to introduce new legislation – the Cyber Security and Resilience Bill – designed to compel firms to beef up their cyber defences and better protect the UK from the growing threat. Last year, the government also announced the designation of UK data centres as critical national infrastructure, meaning that in the event of a major incident, including a cyber attack, they will receive the same level of government support as utilities such as water and energy. According to the Cyber Security Breaches Survey, the last 12 months have seen an improvement in good cyber hygiene practices among smaller businesses, with the uptake of cybersecurity risk assessments, cyber insurance, formal cybersecurity risk policy and continuity plans all reported as rising. However, it said the number of high-income charities reporting good practices, such as carrying out risk assessments, had fallen. The study said insights from charities suggest this could be linked to budget constraints. The report said a formal cybersecurity strategy was found to be in place at 70% of large businesses, but only 57% of medium-sized firms. Simon Whittaker, head of cybersecurity at IT firm Instil, said the UK needed updated cybersecurity laws to help better protect businesses from the 'relentless' attacks they faced. Whittaker, who is a supporter of the CyberUp campaign, an industry coalition which is calling on the government to update existing cyber laws, said: 'Today's results paint a stark picture of the cyber threats facing UK organisations. 'Time and again, we see that businesses and charities are under relentless attack, but those on the front line of our digital defences are working with one hand tied behind their back by outdated legislation. 'The Computer Misuse Act 1990, drafted in a different era, is no longer fit for purpose. 'It risks criminalising the very professionals we rely on to detect, defend against and prevent these attacks. 'While other countries have moved with the times to empower their cybersecurity sectors, the UK is still relying on legislation written before smartphones, cloud computing or even the modern internet. 'The government has rightly prioritised cybersecurity with the first dedicated cyber Bill and a wider focus on technology adoption and the digital economy. 'However, these efforts risk being undermined by legal constraints on our cyber defenders if our laws do not catch up with the reality of today's threats. 'We urgently need a modern legal framework that protects the public and enables cybersecurity professionals to do their jobs.' Cyber security minister Feryal Clark said: 'These figures show why we've put such a focus on making sure the UK has robust cyber security defences in place. 'Cyber attacks are disrupting our citizens, businesses and economy, and this year's survey puts the risks we face into sharp focus. While we are making progress, there's still more to do, and we all have a role to play. 'That's why in the last 10 days we've set out our plans for cyber security legislation and launched a suite of packages to support businesses in shoring up their defences – working to protect the public and the economic growth which is central to our Plan for Change.'
Yahoo
10-04-2025
- Business
- Yahoo
Four in 10 UK businesses hit by cyber attack or breach in the last year
The number of businesses reporting a cybersecurity breach or attack in the last 12 months has fallen slightly compared with the previous year, according to government figures. The annual Cyber Security Breaches Survey found that 43% of businesses and 30% of charities had experienced a breach or attack in the last year, which for businesses was down from 50% last year. The report said the decrease was down to fewer small businesses reporting attacks, but warned that the prevalence of breaches among medium and large businesses remained high. According to the figures, it was estimated that the average cost of the most disruptive breach for each business in the last 12 months was £1,600 for businesses and £3,240 for charities. Cyber attacks on businesses and infrastructure have become increasingly common, and the Government has unveiled plans to introduce new legislation – the Cyber Security and Resilience Bill – designed to compel firms to beef up their cyber defences and better protect the UK from the growing threat. Last year, the government also announced the designation of UK data centres as critical national infrastructure, meaning that in the event of a major incident, including a cyber attack, they will receive the same level of government support as utilities such as water and energy. According to the Cyber Security Breaches Survey, the last 12 months have seen an improvement in good cyber hygiene practices among smaller businesses, with the uptake of cybersecurity risk assessments, cyber insurance, formal cybersecurity risk policy and continuity plans all reported as rising. However, it said the number of high-income charities reporting good practices, such as carrying out risk assessments, had fallen. The study said insights from charities suggest this could be linked to budget constraints. The report said a formal cybersecurity strategy was found to be in place at 70% of large businesses, but only 57% of medium-sized firms. Simon Whittaker, head of cybersecurity at IT firm Instil, said the UK needed updated cybersecurity laws to help better protect businesses from the 'relentless' attacks they faced. Mr Whittaker, who is a supporter of the CyberUp campaign, an industry coalition which is calling on the government to update existing cyber laws, said: 'Today's results paint a stark picture of the cyber threats facing UK organisations. 'Time and again, we see that businesses and charities are under relentless attack, but those on the front line of our digital defences are working with one hand tied behind their back by outdated legislation. 'The Computer Misuse Act 1990, drafted in a different era, is no longer fit for purpose. 'It risks criminalising the very professionals we rely on to detect, defend against and prevent these attacks. 'While other countries have moved with the times to empower their cybersecurity sectors, the UK is still relying on legislation written before smartphones, cloud computing or even the modern internet. 'The Government has rightly prioritised cybersecurity with the first dedicated cyber Bill and a wider focus on technology adoption and the digital economy. 'However, these efforts risk being undermined by legal constraints on our cyber defenders if our laws do not catch up with the reality of today's threats. 'We urgently need a modern legal framework that protects the public and enables cybersecurity professionals to do their jobs.'
Yahoo
01-04-2025
- Yahoo
Students given top secret access in spy chiefs' internship schemes
Spy agencies are giving interns access to top secret information. Candidates are told they can gain 'unique access to our operations, gain experience, and make key contributions to real projects' during placements at MI6, MI5 and GCHQ. The summer intelligence internship also serves as a diversity scheme for those from ethnic minorities and lower-income households. The revelation comes after it emerged Hasaan Arshad, 25, stole top secret data while on an internship at GCHQ. Potential applicants are told: 'No matter which organisation you choose, you're not just there to shadow. 'From day one, you'll be welcomed in and treated like members of our organisation with real work to do. With unprecedented exposure to the way we work, as well as our social societies, mentors, and affinity groups, you'll get a realistic view of life at a UK intelligence service.' The GCHQ website says the 'summer intelligence internship' allows applicants to 'immerse yourself in the work of one of our intelligence mission teams'. It adds: 'This isn't just work shadowing. With access to genuine case studies and briefings by various Operational Intelligence teams, you'll be treated like a member of our organisation and expected to get involved with real projects. 'If you're in your final (or penultimate) year of university and from a black, Asian, mixed heritage, or ethnic minority background, and from a socially or economically disadvantaged background, this is your opportunity to discover if a career in intelligence is right for you. We'll even cover your accommodation – all you need to bring is your fresh perspective.' While M15 and M16 only offer the summer intelligence internship, GCHQ offers a wider variety of schemes. In one for maths and cryptography, applicants are told they will work alongside experts on problems that have 'genuine practical importance', while its Summer Language Talent Programme says applicants will 'draft intelligence reports, translate foreign language material and deliver briefs'. Arshad, from Rochdale, Greater Manchester, took his work mobile phone into a secret location within the intelligence agency and connected it to a workstation, before taking it home and transferring the sensitive data to a hard drive linked to his personal computer. It is understood that Arshad was not on the summer intelligence internship, which is also a diversity scheme, offered by GCHQ, MI5 and MI6. The Telegraph understands all internships offered by all three intelligence agencies are subject to the same vetting standards and that MI5 is not looking to review their vetting processes based on Arshad's case. However one Whitehall source said there has to be an element of trust when recruiting for the schemes. Arshad, who pleaded guilty to a charge under Section 3ZA of the Computer Misuse Act 1990, will be sentenced later this year. Once an internship finishes candidates have the opportunity to apply for permanent roles within their chosen organisation should they wish. 'Top secret' is the classification for the Government's most sensitive information, when compromise might cause widespread loss of life or threaten the security or economic well-being of the country or friendly nations, according to Ministry of Justice security guidance. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Telegraph
01-04-2025
- Telegraph
Students given top secret access in spy chiefs' internship schemes
Spy agencies are giving interns access to top secret information. Candidates are told they can gain 'unique access to our operations, gain experience, and make key contributions to real projects' during placements at MI6, MI5 and GCHQ. The summer intelligence internship also serves as a diversity scheme for those from ethnic minorities and lower-income households. The revelation comes after it emerged Hasaan Arshad, 25, stole top secret data while on an internship at GCHQ. 'Unprecedented exposure' Potential applicants are told: 'No matter which organisation you choose, you're not just there to shadow. 'From day one, you'll be welcomed in and treated like members of our organisation with real work to do. With unprecedented exposure to the way we work, as well as our social societies, mentors, and affinity groups, you'll get a realistic view of life at a UK intelligence service.' The GCHQ website says the 'summer intelligence internship' allows applicants to 'immerse yourself in the work of one of our intelligence mission teams'. It adds: 'This isn't just work shadowing. With access to genuine case studies and briefings by various Operational Intelligence teams, you'll be treated like a member of our organisation and expected to get involved with real projects. 'If you're in your final (or penultimate) year of university and from a black, Asian, mixed heritage, or ethnic minority background, and from a socially or economically disadvantaged background, this is your opportunity to discover if a career in intelligence is right for you. We'll even cover your accommodation – all you need to bring is your fresh perspective.' While M15 and M16 only offer the summer intelligence internship, GCHQ offers a wider variety of schemes. In one for maths and cryptography, applicants are told they will work alongside experts on problems that have 'genuine practical importance', while its Summer Language Talent Programme says applicants will 'draft intelligence reports, translate foreign language material and deliver briefs'. Abuse of trust Arshad, from Rochdale, Greater Manchester, took his work mobile phone into a secret location within the intelligence agency and connected it to a workstation, before taking it home and transferring the sensitive data to a hard drive linked to his personal computer. It is understood that Arshad was not on the summer intelligence internship, which is also a diversity scheme, offered by GCHQ, MI5 and MI6. The Telegraph understands all internships offered by all three intelligence agencies are subject to the same vetting standards and that MI5 is not looking to review their vetting processes based on Arshad's case. However one Whitehall source said there has to be an element of trust when recruiting for the schemes. Arshad, who pleaded guilty to a charge under Section 3ZA of the Computer Misuse Act 1990, will be sentenced later this year. Once an internship finishes candidates have the opportunity to apply for permanent roles within their chosen organisation should they wish. 'Top secret' is the classification for the Government's most sensitive information, when compromise might cause widespread loss of life or threaten the security or economic well-being of the country or friendly nations, according to Ministry of Justice security guidance.
Sky News
31-03-2025
- Sky News
Ex-GCHQ employee pleads guilty to causing risk to national security
A university student accused of removing top secret information worth millions of pounds while on a work placement with GCHQ has pleaded guilty to causing a serious risk to national security. While on secondment to the agency, Hasaan Arshad, 25, took his work mobile phone into a top-secret area and connected the device to a workstation. He then transferred sensitive data, containing the names of GCHQ employees, from a secure computer to the phone before taking it home. Arshad, the son of a local councillor from Rochdale, Lancashire, allegedly then transferred the data to his personal home computer. Prosecutors said the data was potentially worth millions of pounds and contained a tool that could have "put lives at risk". On the first day of what would have been a three-week-long trial, he pleaded guilty to an offence under the Computer Misuse Act 1990, and admitted to creating a significant risk of serious damage to national security. Suspect discussed 'bug bounty' sale After his arrest in 2022, Arshad gave a prepared statement to officers in which he admitted to removing the data but insisted he had no intention of providing it to someone else. "I removed the data simply out of curiosity to further develop some of the changes I was unable to complete during the course of my placement," he said. "I had intended to use my developments when I hopefully returned to my previous team. "I'm sorry for my actions, and I understand the stupidity of what I have done." Arshad then told the police he understood "the potential damage and risk," but insisted nobody had seen or had access to the sensitive data. Investigators found after his arrest that he used WhatsApp to discuss "developed vetting" in the cyber sector on 26 May 2022. He also mentioned the term "bug bounty" - an amount of money paid for providing details of a digital bug to either fix or create a software issue. In the chat, Arshad said: "You can get like 10k for simple info leaks." Prosecuters told a previous hearing the data removed was classified as "top secret" - including names of former colleagues whose anonymity was said to be critical to the safety of GCHQ. "Top secret" is the classification for the government's most sensitive information, where compromise might cause widespread loss of life or threaten the security or economic well-being of the country or friendly nations, according to Ministry of Justice security guidance. The court also heard the data removed provided a "tool" used by GCHQ - said to amount to many thousands of hours of work and a "significant amount" of taxpayer money. Prosecutors said that if the tool was compromised, it would "put lives at risk". Nina Grahame KC, defending, told the court that the plea had been made on "on the basis of recklessness as to the damage caused" rather than intent to cause damage. She added that Arshad was 21 when he began his internship, 22 at the time of the offence, and the defence would submit psychiatric and psychological reports before sentencing in June. He was released on bail and Mrs Justice McGowan ordered a pre-sentence report but warned him "that does not mean there will not be a custodial sentence." Arshad will be sentenced at London's Old Bailey court on 13 June. He will also be sentenced for two offences of making indecent images of children, which he pleaded guilty to in 2023. As part of the investigation into the GCHQ data breach, officers found Arshad had collected 40 "category A" images, the worst type, and four "category B" images on his Samsung phone.
