Government, industry and individuals all have to play their part in enhancing cyber security practices
We all watched a few weeks ago as the chancellor set the new Budget, pledging an extra £1bn to boost UK defences, including cyber security. Add to that the proposed internet safety laws and new regulations around the collection and use of personal data, and in many ways we are on the right path to keeping the UK as a safe place to live and do business online.
But it is always worth reminding ourselves, whether we represent government, industry or the individual, of the key part we all have to play in creating the skills, practices and expectations of a safe online and working environment.
The objective of government should be to help create an environment in which industry and individuals are encouraged to expect and deliver good cyber security, and where the UK has the cyber skills and workforce it needs. This can be achieved through the levers available to government – legislation, policy and incentives.
One area where the government is leading on such efforts in the UK is in establishing new “secure by design” measures, encouraging manufacturers to embed security into the design of new technology rather than as a bolt-on or afterthought.
The Department for Digital, Culture, Media and Sport (DCMS) says there are expected to be more than 420 million internet-connected devices in use across the UK within the next three years, with the risk of poorly secured devices leaving people exposed to large-scale cyber attacks.
Such secure-by-design codes of practice, developed by the DCMS and the National Cyber Security Centre alongside industry, are not only key in driving innovation in technology, but in creating trust between government, industry and individuals through the development of products and services that keep people safe.
The role of government is also to set an example. According to EY’s 2018-19 Global information security survey, half of all local authorities in England still rely on unsupported server software.
In the face of emerging global cyber threats, and as the gatekeepers to our essential services, effective cyber security can only be tackled with the relevant technology and training rolled out across public sector departments, agencies and bodies to protect our critical assets.
Cyber security awareness
EY’s survey found that 77% of organisations are still operating with limited cyber security and resilience. Asked what they saw as their top vulnerability, 34% of organisations said careless or unaware employees. This underscores the importance of cyber security awareness and culture as key aspects of the defence against cyber attacks.
So what can be done? Even if the board knows that cyber attacks are on the rise, is it prepared to make the necessary investments in people, processes and technology to tackle these issues? The survey is encouraging in this respect, with 53% of organisations saying they have increased their budgets this year and 65% planning an increase next year.
Despite this, most organisations admit they would be unlikely to step up their cyber security practices or spend more money unless they were hit by a breach or cyber incident. So a breach where no harm was caused would not lead to higher spending for most organisations. The problem is that in most cases, harm has been done – it simply has not come to the surface yet.
But there is an opportunity here. Many organisations now regard emerging technologies as a high priority for business growth, which implies that cyber security could, at last, be designed in. That includes more secure cloud and mobile computing, and also enablers such as cyber security analytics, robotic process automation and machine learning, which can provide early detection, prevention and resilience in the event of an attack.
Ultimately, the role of businesses is to protect their enterprise by building effective lines of defence around their business crown jewels, optimising cyber security by leveraging suitable technologies, and embedding cyber security as an enabler, rather than a barrier, to growth.
In an age when we manage most of our lives online, educating the public to be cautious when it comes to operational security can affect individuals positively, both as employees and consumers.
Finally, it is impossible not to mention the cyber skills deficit. With 30% of surveyed organisations saying they still don’t have the skills they need, cyber security must be promoted more strongly as a growing career path.
Government, industry and the individual all have their role to play in this – government in building the education infrastructure for IT; industry in creating the jobs that will encourage the workforce of the future; and individuals by taking the time to understand cyber security.
If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 03333 393 139 or email [email protected] or complete the form on our contact page NOW