16 March 2019

The public perception is that many politicians are out of touch with technology issues, cybersecurity chief amongst them.

 

Redscan recently polled the UK’s 650 Members of Parliament to ascertain where they believe cybersecurity should rank among the concerns of UK businesses. Responses varied significantly, from no reply and no comment, to real-world accounts of data breaches – in which one MP was the victim.

 

Some of the highlights

 

Chi Onwurah, MP for Newcastle Central and Shadow Minister for Industrial Strategy, Science & Innovation, told us that she has always endeavoured to bring cybersecurity issues to the attention of her peers. In her account below, she underscores the degree to which the cybersecurity threat may have previously been misunderstood, underestimated or dismissed:

“In 2006 when I was Head of Telecoms Technology at Ofcom I was asked to look at internet security. When I came back with tales of bot attacks and honey traps, DDoS and white hat wizards, Trojans and worms, phishing and pharming, I was greeted with understandable scepticism. It was as if I was describing a war in a galaxy far, far away. But I knew it was just a matter of time before cybercrime went mainstream. Unfortunately, I was right. The Cabinet Office believe that cybercrime cost the UK nearly £30 billion in 2016, and given the extent of underreporting the true figure is likely higher.” – Chi Onwurah

To say that Onwurah has since been proven correct about the significant rise in cyber threats targeting businesses is something of an understatement. A seemingly never-ending stream of high-profile data breaches and the introduction of the GDPR has brought cybersecurity and data protection to the attention of the mainstream media. Sir David Amess, MP for Southend West, is in no doubt that the business community has woken up to the threats facing them.

“Last summer’s cyberattack against the NHS raised concern amongst the business community of the potential ramifications of a data breach. A massive 89% of small businesses who have fallen victim to cybercrime said their reputation had been harmed. Findings like these will continue to force online security up the agenda and the introduction of The General Data Protection Regulation will also help persuade business to take this matter more seriously.” – Sir David Amess

Fortunately, many industry and business leaders are not nearly as dismissive of the cybersecurity threat as they were a decade ago. Its impact is being clearly felt in all sectors, with Sir David Amess providing an example from his constituency in Southend West, where cybercrime had a devastating impact on a recently established charity.

“After much hard work a wonderful charity was set up to develop, celebrate and house the UK Jazz archives and provide a centre for jazz performers. Whilst the individual concerned was away in America, unbeknown to him the charity account was hacked so, when he returned to the office, he found the account had been raided and emptied.” – Sir David Amess

MPs themselves can also fall victim to cybercrime. Onwurah explained that her office previously suffered a data breach, and suggested that if the same attack had targeted a small business without the level of security expertise available to her team, the actual damage sustained would likely be far costlier and more disruptive.

“My office – about the size of a small business – was hacked a few years ago, which was a very good demonstration of the risks small businesses face. From the investigation that was done, we know that one of my staff had gone on to a perfectly legitimate website in the course of their work, where there had been an ad that had downloaded malware on to their computer. That had spread over the course of about three days on to our servers, and then the ransomware locked up our files and demanded a ransom.

As an MP’s office we had a big department supporting us and there was no compromise of constituents’ data. Our digital services identified the virus, cleaned up our systems and restored us to the day before the virus was downloaded – we lost a couple of days’ work. But if we had been a small business, we wouldn’t have had access to that kind of support, and it could have put us out of action for a lot longer.” – Chi Onwurah

Madeleine Moon, MP for Bridgend, was quick to suggest a key reason data breaches are now a regular occurrence, employees unwilling to take responsibility for security and quick to pass the buck.

“I spend most of my time in Parliament looking at cyber security from a defence standpoint so it was good to take the opportunity to attend a meeting with the Industry Parliament Trust to look at the issue from a business perspective. The statement that stood out for me, was that most staff don’t see cyber security as the reason they come to work, or their responsibility.” – Madeleine Moon

 

A growing threat

 

What’s clear from the results of our poll is that there is widespread agreement on the fact that the cyber threat shows no sign of abating. Ms Onwurah cites an increasing dependency on technology and the proliferation of internet-connected devices as two critical factors influencing why business’ cyber security risk is increasing.

“The UK has a huge challenge to step up to the level of cyber security necessary to be protected against current day threats. There is a severe current and future shortage of essential skills in this area. Without more of the properly trained people we will be vulnerable as a nation. It will be costly and challenging for smaller businesses to protect themselves from cyber-attacks. Even large organisations struggle to protect themselves; as the Wannacry attack on the NHS demonstrates” – Meg Hillier

Looking ahead to the future, Steve McCabe and Peter Dowd, MPs for Birmingham Selly Oak and Bootle, wanted to raise the issue of policing and awareness of cybercrime.

“I feel very strongly that there should be a requirement for mandatory reporting of cybercrime by banks and other businesses to the police. There is also a need for a cyber health check, perhaps on an annual basis, to ensure that staff and businesses are treating the issue seriously.” – Steve McCabe

“The crucial issue of policing resources and awareness to tackle cybercrime is one that requires more open debate. So, whilst the notion of cybercrime is the source of increasing public debate, the same should be the case for policing and awareness.” – Peter Dowd

Alex Chalk, MP for Cheltenham, reiterated the Government’s efforts and investment in cybersecurity in his constituency:

“The growing threats from cyber-attack have been recognised by the Government’s major investment in the development of a national cyber hub in Cheltenham. This has created a business hub where cyber startups can grow, nurtured by expert input from GCHQ and elsewhere.” – Alex Chalk

 

About Redscan

 

Redscan is an award-winning provider of managed security services, specialising in threat detection and integrated response.

Possessing a deep knowledge of offensive security, Redscan’s experts are among the most qualified in the industry, working as an extension of clients’ in-house resources to expose and address vulnerabilities plus swiftly identify and shut down breaches. Services offered include CREST accredited Penetration Testing, Red Teaming and Managed Detection & Response.

By understanding how attackers operate, leveraging cutting-edge threat intelligence, and offering highly acclaimed service, Redscan’s cyber security professionals can be trusted to provide the insight and support needed to successfully mitigate information security risk and achieve compliance standards.

 

back to all posts