2 November 2016

The UK government has unveiled a £1.9bn national cyber security strategy designed to help combat the growing problem of cybercrime.

In this latest blog, Redscan COO Gubi Singh welcomes the extra investment but warns that businesses also need to take more responsibility when it comes to protecting themselves against the latest, complex threats.

 

The package of measures announced by the chancellor as part of its national cyber security strategy emphasises the growing threat of cybercrime to the UK.

Hardly a week goes by without news of highly damaging cyber-attacks making headlines around the world.  Well-resourced and determined cyber criminals are continuously advancing the sophistication of their approach to stay ahead of the latest defences.  As technology develops, with a rise in cloud computing and growth in IoT devices, more and more investment in critical infrastructure will be needed to protect against increasingly complex threats.

Any person unconvinced about the latest threats posed should look at last year’s reported cyber-attack on a Ukraine power grid to understand the significant consequences of a failure to adequately protect defences. The incident in the Ukraine is just one high-profile example of an attack that was made public.  Far too many organisations are blissfully unaware that their defences have been breached and a lack of regulation across markets means than many attacks go unreported.

Investing to improve the UK’s cyber defences will help to ensure the UK remains competitive in an increasingly digital economy, as well as being able to better protect vital infrastructure. It is yet to be seen however if the level of funding proposed will be sufficient to deal with the rapidly evolving threats that both nations and businesses face. It’s also important to note that as well as increased investment, greater collaboration between governments and businesses to share threat intelligence is essential in the fight against cybercrime.

The chancellor’s announcement will certainly improve confidence in British businesses, especially at a time when there are many question marks around the impact of Brexit on the economy. If the UK is perceived to be a leader in developing cyber security defences, it will help to attract increased investment from the private sector, create skilled jobs, and improve global demand for these expert services.

In addition to investing in improving defences, cyber education can significantly reduce the risks of cybercrime. A lack of user awareness around best practice continues to be one of the biggest reasons for successful attacks. Educating users about the dangers of online threats from a young age could also be a smart long-term strategy to reduce cybercrime.

Companies simply can’t be reliant on the government to protect them and need to do more themselves to improve their security posture. By regularly assessing defences, proactively monitoring threats and rapidly responding to incidents, organisations can significantly reduce their security risk. There are also existing government-backed initiatives, such as Cyber Essentials, that provide an easy way for businesses to reduce their security risk.

Security expertise across the country is in short supply which means that hiring qualified professionals can be costly, particularly for small businesses.  Recruiting talent is very much a long-term strategy that will require investment beyond 2020. Identifying the right personnel will be critical to avoid inadvertently training and arming the next generation of hacktivists.

back to all posts