The Cabinet Office minister Francis Maude has offered a progress report on the Coalition’s one-year-old Cyber Security Strategy.
He said: “Government cannot do this alone. We know that industry is the biggest victim of cyber crime and intellectual property theft through cyber crime is happening on an industrial scale. In the past year we have cast our net wide to work with industry, academia and ever wider across the public sector to promote awareness of the need to address cyber threats. We have produced and promoted a ‘Cyber Security Guidance for Business’ document for industry Chief Executives, which sets out how board members and senior executives should adopt a holistic risk management approach to cyber security.”
For the full ministerial statement, visit the gov.uk website – https://www.gov.uk/government/speeches/uk-cyber-security-strategy-statement-1-year-on
GCHQ and the other intelligence agencies launched a new technical apprenticeship scheme which aims to identify and develop talent in school and university age students. They aim to recruit up to 100 apprentices who will be enrolled on a tailored two-year Foundation Degree course.
Maude admitted that there is still much work to do. He said: “Working with the private sector to improve awareness of the need for better cyber security continues to be a priority. We are now focussing our efforts on making sure that the right incentives and structures are in place to change behaviour in a sustainable way. Government departments and agencies are working with professional and representative bodies to ensure the consideration of cyber security becomes an integral part of corporate governance and risk management processes. We are supporting the development of organisational standards for cyber security so consumers can identify those businesses with good cyber security practices.” What he termed a permanent information sharing environment called CISP (Cyber-security Information Sharing Partnership) will be launched in January.
Comment
Richard Archdeacon, Head of Security Strategy at HP Enterprise Security Services has said: ‘HP is fully supportive of the Cabinet Office’s efforts in the realm of cyber security. Undoubtedly, yber security has become one of the biggest threats to companies and businesses around the world and the countries in which they are based. Not only can a breach affect an organisation’s bottom line and reputation, but we’ve seen numerous cases where high value intellectual property has been stolen.
HP sponsored research, undertaken earlier this year indicated that UK businesses generally f face fewer successful cyber attacks per week than USA, Japan and Germany amongst others. This is certainly, in part, due to the combined efforts of both public and private sectors. We welcome the efforts made to further secure our digital shores through the National Cyber Crime Unit and various other schemes.
Education clearly plays a huge role, not only in helping to raise awareness – and by extension, levels of security – but also providing commercial and employment opportunities. The UK infosecurity space is reportedly short by around 16,000 professionals. Traditionally 90% of security budgets have been spent on the technical defences – defending against attacks – but now we need new additional skills to manage the impact of attacks and the increasing regulatory requirements being placed upon organisations.
It should however be noted that whilst the introduction of an industry-led organisational Standard for Cyber Security is laudable, businesses should only regard this as the bare minimum. Furthermore, as these measures are well documented and indeed known by our adversaries, companies need to go above and beyond in order to truly secure their critical data.’
And at the audit firm Ernst & Young (EY), Mark Brown, Director of Information Security at the company, said: “There has been much achieved by the UK government over the last two years on its cyber security strategy. It definitely feels like the UK is getting to grips with cyber security and finally moving towards a pro-active stance on this growing international threat.
“From a business perspective, the government is demonstrating another step in the right direction by agreeing an organisational standard on cyber security which will raise the bar not only in central government but more widely in UK plc. Specifically, this standard will tackle the threats occurring in the supply chain where the benefits realised by companies in raising their internal bar on cyber security postures are being undermined by failures throughout their supply chain, and will therefore provide a mechanism for businesses to ensure they address delivery risks throughout their extended enterprise.
“However, the government runs the risk of being accused of back-door legislation. Ideally, we would expect government to be offering UK plc tangible incentives to put in place standards on cyber security. Only then, will the UK truly become one of the safest places to do business in the world.”
And Ross Brewer, vice president and managing director of international markets at LogRhythm
“The government is taking measures to protect itself from financial and reputational damage and organisations need to learn from this. Essentially, more businesses need to make the most of the resources available to them – after all, they are the ones who will ultimately suffer should they fall victim to an attack because of inadequate defences. With breaches and attacks being reported on an almost daily basis, organisations must ensure they are actively addressing their existing security strategies so that they are fully aware of what is happening on their networks at all times. To gain this level of visibility, proactive continuous monitoring of all IT network activity must be in place. Only by being vigilant and having greater insight into the network 24/7 will businesses be able to identify abnormal activity and stop a potential attack before it causes any damage. Any organisation that fails to do this, in particular those that work directly with the government, may not only see their reputation put at risk, but also that of the country’s.”
