Education is more effective than counter-attacks

Cybersecurity consultancy, Pentest People, has commented on GCHQ’s director’s statement that the signals intelligence agency could enlist the National Cyber Force (NCF) to hack ransomware gangs who target British organisations.

Sir Jeremy Fleming told the US Cipher Brief threat conference on 25th October that using the NCF to launch counter attacks was one of the measures being considered in response to ransomware attacks on the UK doubling in 2021.

Commenting on Fleming’s statement, Liam Follin, senior consultant at Pentest People warns, “Engaging in tit for tat action with organised criminal gangs is likely to lead to escalation on both sides. As we have seen time and time again, a ‘war on x’ rarely solves the problem and can exacerbate the issue. Attacks launched against state-sponsored ransomware groups could be viewed as an act of aggression against that state.

A concerted effort to educate people is required. Improving cyber security literacy, all the way from children in infant school to the elderly, is a more effective way to address this growing problem. Clearly, this is no easy task, however, I firmly believe that to combat cyber attacks at all levels, education is the way forward.”

Organisations commission Pentest People’s cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom.

The company’s Penetration Testing as a Service (PTaaS®) provides an initial consultant-led test, followed by ongoing vulnerability testing via Pentest People’s SecurePortal®. This combined approach provides continuous testing, that allows businesses to be alerted to newly-discovered threats and software patches, so that they can respond more rapidly to protect systems and data.



Financial Times, ‘GCHQ to use new cyber force to hunt ransomware gangs,’ 26th October 2021

Cyber Brief Threat Conference: 24th – 26th October 2021

National Cyber Force: 19th November 2021


About Pentest People:

Pentest People is a cybersecurity consultancy that provides Penetration Testing as a Service (PTaaS®) to organisations in the public and private sectors. This innovative approach to security testing combines the benefits of a consultant-led penetration test, bolstered by continuous vulnerability testing delivered via its SecurePortal®, which provides a living threat monitoring system throughout the contract, rather than a vulnerability assessment taken at a single point in time.

Established by the cybersecurity experts who founded RandomStorm, which was acquired by Accumuli Secuity in 2014, itself acquired by NCC in 2015, Pentest People operates a growing team of talented consultants, to help leading organisations to manage cyber threats and minimise disruption.

Pentest People is a CREST- accredited company and a Check Service Provider for its Penetration Testing services and has attained NCSC Cyber Essentials and Cyber Essentials Plus, as well as earning a place on the G-Cloud 12 framework. Pentest People is also certificated to ISO:9001 and ISO:27001.

For more information, please visit