£1.9bn funding into cyber security should not mean organisations should sit back and rest easy.
The Chancellor of the Exchequer, Philip Hammond, is to formally launch the UK’s first systematic National Cyber Security Programme, with £1.9 billion in funding earmarked to help the UK defend against breaches and cyber attacks.
Mr Hammond has pledged to plough the near £2bn in funding towards a new Cyber Security Research Institute, specialist police forces and recruitment for cyber security talent to drive innovation.
The focus on cyber security by the UK government has been well received; we live in a world with a dark web underworld, driven by malicious hackers who are breaching big corporates and stealing the identities of UK citizens. That’s without mentioning the state-sponsored hackers who are gathering national headlines like trophies in the cyber underworld.
This is why Mr Hammond’s pledge to ‘strike back’ has been welcomed by many in the cyber security industry, with Smoothwall’s David Navin saying:
“The modern day business should know that when it comes to cyber security and the protection and defence of a company’s data, systems and intellectual property, security is of utmost importance. However, as we have seen even recently in the news, it is not always the case, and so the announcement today from the Chancellor of a £1.9bn spend to boost the UK’s cyber security strategy should be well received.”
The focus on cyber security by the UK government will certainly motivate organisations in industry to heighten their cyber security efforts, with the UK government setting the tone in investment and focus towards this ever important sector.
“Although much of the detail is yet to be announced, the unveiling of the Government’s National Cyber Security Strategy is a positive step forward in the UK’s fight against cyber-crime,” said Post-Quantum CEO Andersen Cheng.
“We are already seeing a big increase in investment in cyber-security protection from the more mature financial organisations but it’s critical that this is replicated across the board, so it’s promising to see the encouragement of industry to ramp up its efforts.”
However, whilst a step in the right direction, the UK government’s Cyber Security Strategy can only help cyber security efforts so much – organisations must help themselves and identify that the cyber security landscape is evolving and an important business factor which must be embedded into every corner of the business.
As we have seen from high-profile breaches from the likes of Sage, Sony and TalkTalk, big business is failing to a certain degree when it comes to cyber security. Organisations, as DQM GRC managing director Christine Andrews argues, must help themselves and not rely on the government.
“Whilst we welcome any boost in spending by the UK government to improve cyber security, unfortunately real progress will only occur when the organisations themselves start taking data governance seriously and consider cyber security as a boardroom issue – not a problem that can be resolved in a backroom department.
“Assistance from the government is a supportive step in the right direction, but it is vital that the organisations themselves implement an engaging staff training programme to ensure all employees are aware of the need to manage data securely.
“The most common and destructive mistakes are often due to human error – not state-sponsored, powerful cyber attacks. For example, even the simple loss or theft of a USB stick or laptop containing personal information about the business could seriously damage your organisation’s reputation, as well as lead to severe financial penalties.”
Hackers will look to the UK government’s efforts in stepping up cyber defences and act accordingly – after all, hackers are forming their own enterprises and we can expect them to take their own investment and fund R&D efforts to create new and profitable attacks. Businesses must regard cyber security as constantly evolving, never sitting still. Cyber threats will evolve in complexity, leveraging new technologies to navigate past defences.
“Continued investment is key to keep pace with developing cyber threats. Our adversaries can immediately decide to plough back 25-30 per cent of their ‘winnings’ into R&D – this is the industry standard nowadays in the dark world,” said Mr Cheng.
“As a result, the cyber-threats we face will continue to grow in dedication and sophistication, and this will be heightened by breakthroughs such as quantum computing. Developments such as this will change the landscape fundamentally – and this raises new issues such data’s security shelf life – the issue where data created today could be under threat in the relatively near future from rapidly maturing technologies.”
Organisations must not take the government’s cyber security strategy as a chance to rest easy, instead organisation must work to help themselves. UK government support will only go so far in a landscape which shows no signs of slowing down – organisations must take the UK governments lead and renew focus on cyber security, up investment, educate employees and embed security throughout the organisation.
“”The UK Government is leading the way with the cyber initiatives it is putting in place. However, the Government cannot protect the UK alone. Businesses must understand the cyber threat their organisation faces and take strong protective action themselves,” said Richard Horne, cyber security partner at PwC.
“It’s not just about having more budget to buy more technology to patch cyber security holes. UK organisations need to take a more strategic approach to how they spend their increased budgets to start to see a real uptick in security posture. Getting cyber security right means changing an organisation to be securable and that requires all aspects of a business to be engaged – from tough decisions at a board level, to the consideration of cyber risk in all decision-making processes.
“Only when UK organisations mirror the level of Government initiative and strategic investment will the UK be a secure place in today’s digital world.”