It would seem that ‘cyber awareness’ has never been so high on the public consciousness. Computer coding entered the IT curriculum in UK schools for the first time this year, the internet of things (IoT) transformed home automation, and further high profile hacks such as the current Sony scandal continue to make the headlines The government’s ‘Cyber Street Wise’, encouraging the UK public to safeguard their data more than ever before, is but one example of how ‘cyber’ is high on the UK’s agenda.
If 2014 has seen a greater general awareness of cyber safety, what next for 2015? How do we turn awareness into action across a range of issues affecting the industry?
The IoT conundrum – education will be vital
The advent of the IoT has presented numerous exciting prospects and opportunities – yet over the next 12 months we will need to begin addressing the complexity that it inevitably brings. Businesses and individuals will need to be mindful of securing each and every device in the ‘IoT’ network and have a responsibility to adequately educate those who will actually be using these devices. These intelligent, connected devices will eventually become our eyes and ears, impacting much of the critical infrastructure we all rely on – utilities, transportation, smart cities – smart everything.
> See also: How to prevent IoT nightmares
The scale of IoT networks, coupled with the amount of data that makes them tick, make them highly vulnerable and a prime target for cyber-criminals. Compromise at any point in the network could result in breaches the scale of which we’ve never seen before.
Cyber-skilling for the future
This year the Department for Education has actively sought to overhaul the approach to cyber skills in the UK. After what feels like years of underinvestment, we are finally turning a corner and recognising the crucial role that the cyber industry has to play in the future of the UK economy. Bringing ICT into the National Curriculum has been a fundamental step in helping to foster niche computer science and engineering skills needed to combat the next generation of cyber security threats.
The past failure to properly teach IT and security in schools puts us 6-8 years behind countries like the USA. Getting our house in order means continually investing in training in cyber-security awareness and creating more jobs in this area. Within businesses too, special attention must be paid to re-skilling our current cyber-experts. HR departments could work with IT departments to continually train employees in cyber best practice.
Cyber can be a key business export for the UK in the coming year, presenting an exciting opportunity to share or cyber-defence capabilities worldwide. Last year, the UK Trade and Investment export strategy detailed the export opportunities and how the UK was capable of entering the emerging, global cyber-security market. The government must continue to support businesses in this in 2015, encouraging businesses to leverage their international reputations to gain a share in the global market – by spreading our cyber-skills around the world, we can help other nation states protect their digital infrastructure.
Assume you are insecure
Organisations of all sizes, including those who have already invested heavily in cyber-security procedures and systems, should assume that their cyber defences are vulnerable at all times. This means not waiting for a cyber-attack to happen before you patch the vulnerabilities in the network. Today, external cyber-attacks multiply faster than legacy IT security solutions can keep up with, so it is vital that every step and procedure should be implemented, to stay ahead of the game. The Government’s Cyber Essentials scheme is a perfect example of an initiative that every organisation needs to re-visit next year, to ensure they are in line with compliance rules.
One step businesses could take in the coming year is to implement robust incident response policies with an external, third-party partner that will use a thorough auditing process to identify where they may be insecure. Let’s put it this way: you wouldn’t have an office without at least one health and safety practitioner. The same mind set has to be adopted with cyber security. Certain employees must be tasked with monitoring the cyber ‘health’ of the organisation and must have the knowledge of who to partner with to mitigate any external threats.
Let’s keep talking
A dialogue between nation states is crucial to mitigating international cyber threats on critical national infrastructure. We are already starting to see cyber-policies forming key aspects of international relations. Last year, Russia and the USA signed an agreement to reduce the risk of conflict in ‘cyber space’. This announcement (reminiscent of an agreement reached on nuclear warfare during the cold war) was the first of its kind, acknowledging the international scale of the cyber threat and the need for enhanced collaboration between nation states. The recent North Korean hacking into Sony Pictures demonstrates the global and political nature of the cyber threat.
Whilst high profile hacks aren’t going to disappear from the headlines any time soon, there are many steps that businesses can take to implement the necessary incident response procedures to deal with the evolving threat landscape. Furthermore, masterminding the complexity of IoT and nurturing crucial cyber security skills, will be the key to defending against cyber-attacks in 2015 and the future.
Sourced from Andy Settle, Chief Cyber Security Consultant, Thales UK