Logo Header Menu

Why the UK must invest more resource into cyber security—now

As digital transformation continues to roll across every aspect of our lives, the UK’s ability to function effectively is ever increasingly dependent on cyber security  Why the UK must invest more resource into cyber security—now image

I read recently we create 2.5 quintillion bytes of data every day, and the more data we generate, the greater the risk to our digital security. Coupled with this, the threat of cybercrime to every organisation is constantly growing—attacks are becoming not only more frequent but in some instances more damaging. It’s well understood that the face of organised crime is changing as it moves away from traditional crime and into cybercrime.

In fact, people are now more likely to be affected by online crime than any other kind— the latest crime survey from the Office of National Statistics found that 1.83% of adults have experienced a computer misuse crime, compared to 1.75% who’d been a victim of violence, theft (0.8%) or robbery (0.3%). In addition, the National Cyber Security Centre recently warned that it’s only a matter of time before the UK faces a “Category 1” cyber emergency, i.e. a cyber-attack that causes “sustained disruption of UK essential services.”

A Category 1 attack would cause severe economic and social damage and even loss of life. Things have definitely moved on from the odd virus 25 years ago.

A country unprepared?

But while new research suggests that 53% of UK businesses have increased their cyber security spending in the past three years, the country’s outlay pales in comparison to that of other countries.
A report comparing businesses of varying sizes across seven countries found that British firms had the lowest cyber security budgets. Companies in the UK spent on average less than £690,000 on digital security; a far cry from the £1.12m cross-country average.

The good news is that Government and organisations in the United Kingdom are starting to take note of the growing threat and are increasingly investing to protect themselves.

Following the impact of the 2017 WannaCry virus, the NHS has pledged £150m in additional cyber security spending over the next three years. Plans to tighten security include ensuring all health and care trusts can access Windows 10 software, rolling out a £21m upgrade to firewalls and network infrastructure, and imbuing the Care Quality Commission regulator with powers to inspect cyber and data security standards. A new cyber security operations centre will also be established to help detect and address attacks and breaches quickly. This is all a really positive sign.

UK leads Europe in scaleup investment, according to Tech Nation

Investment in the UK tech scene continues to grow at a rapid rate, despite all the economic and political uncertainty

But taking the NHS as an example, is it enough? The age-old problem of ‘security economics’ will continue to thrive, i.e. what’s an acceptable and sensible level of investment in security protection vs risk acceptance for each and every business and public sector organisation. Security experts often criticise companies and government for determining the security budget before determining security strategy. These are First World problems that in many profit-making businesses simply have to realise and prioritise accordingly.

Increasingly sophisticated attacks

The challenge with stats and averages to track how safe you are is that cyber-crime is ruthlessly unpredictably. Protecting yourself is not a one-and-done job; it must be a constant priority to address and react to moving goalposts, evolving policies and changing budgets.
Cybercriminals are getting a lot more sophisticated. With things like advanced phishing techniques, remote access attacks targeting smart devices like thermostats, TVs, and cameras, and malware in mobile apps all becoming increasingly prevalent. Cybercriminals have evolved, and so, in turn, must businesses.

Security is not an add-on

Opening the door to digital will do wonders for a business, but not if you leave the door open behind you. Outsourcing infrastructure, changing the way data is stored and shared, and enabling greater connectivity between a plethora of devices can leave businesses exposed to new threats if they don’t take proper precautions.

The big risk in digital transformation is that the attack vector is now much larger. Data is everywhere, and it’s no longer hidden behind firewalls.

Greater access from more devices means companies need to focus slightly less on the castle walls—the data centre and its perimeter—and more on the treasure in the chest; actual business data. Thinking about access management, DLP, encryption, robust multi-factor authentication should be a priority.

The UK is more confident in security compared to EU counterparts

Confidence in UK security levels is higher than the rest of businesses within other EU countries, according to Thales’ 2019 Data Threat Report

Too many businesses consider security as the last stage of transformation. They build the castle and then add the moat. But security is not a distinct layer that can be dropped on top of existing operations. It is not a switch to flip. It needs to be woven into culture and processes as early as possible.

It’s clear that UK businesses have to start tackling risks to cyber security with more conviction—and that means more than simply shelling out for the latest security software. Investing resource in security is about planning and people as much as platforms.

The underfunded weapon in the war against cybercrime: people

One of the most crucial elements of a cyber security investment plan is internal training.

Users are the biggest threat to any organisation’s security; it’s thought that more than 95% of security incidents are caused by human error.

Many users within a business still believe that guarding against cyber threats is the IT department’s responsibility. The reality is that security systems can only do so much when end users have not been adequately educated about everyday risks, such as links in spam emails, or locking their accounts with the same password they’ve been using for a decade.

AI in cyber security: predicting and quantifying the threat

Jonathan Pope, CEO and co-founder at UK cyber security company, Corax, explains how AI in cyber security can predict and quantify the threat

In my opinion, one of the most important things a company can do to protect itself in the face of advancing security threats is to initiate a sea change in their workplace. Businesses need to invest in training, internal messaging, and process changes that position cyber security as an “us” issue, rather than a “them” issue. Employees need to understand that cyber threats don’t come through a single, mythical pipeline behind their firewalls, but attack from all angles, on all fronts.

With cyber threats constantly evolving, businesses need to be more reactive in the way they educate their employees. Having staff read and sign a list of rules once a year isn’t enough; it’s just as important to “patch” people as it is software. Businesses should regularly circulate concise and informative updates, ensuring all staff are aware of any new trends or known threats to look out for.

The battle against cyber threats will not let up. It’s time for businesses to invest wisely in their defences, or potentially face paying with more than just their money.

Written by Mark Hill, CIO at niche IT staffing firm Mason Frank

Latest news

divider
Automation
Three pillars for scaling intelligent automation: process, technology, people

Three pillars for scaling intelligent automation: process, technology, people

16 July 2019 / Scaling intelligent automation is proving more difficult than anticipated, says Chris Huff, three pillars, involving [...]

divider
Healthcare
Healthcare’s biggest barrier to AI adoption

Healthcare’s biggest barrier to AI adoption

16 July 2019 / This article will explore the biggest barrier to AI adoption in healthcare. Less than 4% [...]

divider
Automation
How startups can stay competitive in the digital age with intelligent automation

How startups can stay competitive in the digital age with intelligent automation

16 July 2019 / Automation is now at the forefront of digital transformation for enterprises across the world. Every [...]

divider
PE & VC
IQ Capital raises over $300 million to invest in UK deep tech

IQ Capital raises over $300 million to invest in UK deep tech

16 July 2019 / Deep tech venture capital firm, IQ Capital, has launched a new $125 million Growth Opportunities [...]

divider
Recruitment
Tech skills shortages are a national challenge – but they are also a sign of growth

Tech skills shortages are a national challenge – but they are also a sign of growth

15 July 2019 / We have become accustomed to talking about tech skills shortages in recent years. With so [...]

divider
Cybersecurity
For network vulnerability Huawei ban is a red herring 

For network vulnerability Huawei ban is a red herring 

15 July 2019 / Even supposedly ‘trusted’ members of the supply chain introduce cyber risk. The real challenge for [...]

divider
EMEA
What’s driving growth in Bristol’s burgeoning tech scene?

What’s driving growth in Bristol’s burgeoning tech scene?

15 July 2019 / The South West is home to many innovative and diverse businesses and, despite uncertain times, [...]

divider
Software and Applications
Innovating in the API economy: instant and on-demand expertise

Innovating in the API economy: instant and on-demand expertise

15 July 2019 / In recent years, we’ve witnessed the inception of the so-called ‘API economy’. While the use [...]

divider
AI & Machine Learning
AI projects to double within the next year ⁠— Gartner

AI projects to double within the next year ⁠— Gartner

15 July 2019 / AI projects are on the rise and will double within the next year according to [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest