The government is investing heavily in cyber security but it's a little too late
While the tech industry is welcoming the UK government’s plan to increase spending on cyber security, the question of whether it’s ‘too little too late’ remains.
During the annual conference of the National Cyber Security Centre, it was revealed that the government will increase investments in cyber security over the next few years, funding both research centres and school programs across the country. The news are welcomed - perhaps especially so in the wake of last year’s Wannacry attack which struck up to 70,000 devices in the National Health Services.
By completely numbing NHS, the ransomware which was reportedly launched by North Korea, made it awkwardly obvious that the UK is far from prepared for cyber threats. This is further supported by a recent report conducted by cyber security analytics platform RedSeal. In the survey, a majority of UK businesses reveal how they are “severely unprepared” for possible cyber attacks. And the statistics are indeed beyond sobering: 54% of the IT teams involved in the survey predict an imminent lack of the tools or resources necessary to avoid a possible threat. Additionally, 55% admitted that they “probably” won’t be able to react quickly enough when facing a major security breach.
This is astonishingly bad news for all UK businesses, especially since potential invasions can wreak havoc across the entire nation.
It was Amber Rudd, the former Home Secretary, who revealed that the government is planning a massive cyber security splurge, allocating a total of £50m in the next year alone. From this, £9m will enable UK law enforcement to tackle players of the dark web, while £5m will be invested in local and regional policing by setting up cyber crime units in every police force in England and Wales.
While these spendings are highly welcomed by cyber specialists and the industry as a whole, the question still remains as to why this is happening now. The answer, however, appears to be the impact of the Wannacry cyber attack of 2017. Apparently, Ms Rudd found it utterly “Sobering to learn that the National Audit Office’s conclusion was that the NHS could have avoided the crippling effects of the ‘relatively unsophisticated’ Wannacry ransomware outbreak with ‘basic’ IT security”. In the wake of this, Ms Rudd made it clear that cyber security is now a top priority for the UK government, thereby echoing similar claims made by Philip Hammond in October 2016 and by George Osborne in November 2015. But we assume, of course, that third time’s the charm.
The Launch of New Cyber Security Centres
As the recent budget allocations made the headlines, the Department for Digital, Culture, Media and Sport announced that they are setting up a £13.5m cyber security innovation centre in East London. Located at the 2012 Olympic Park, the new cyber hub will bring together UK’s top talent, industry and investors to identify and fight new security challenges. It’s a great initiative, and it's said to create approximately 2,000 new cyber jobs in London.
Also the north will receive their slice of the cyber cake. Renowned UK intelligence, security and cyber agency GCHQ have confirmed they will be expanding to a site in Manchester in early 2019. Rumours suggest that their Cheltenham HQ is getting far too cramped, and Jeremy Flemming, director of GCHQ, can confirm that the new camp will open for “hundreds of high calibre jobs” for eager cyber experts willing to relocate to the northern powerhouse. It’s an important decision, especially considering how valuable they are to UK cyber security. The skills and talent of GCHQ employees have previously been described as “the sharpest of our own national capability” in a speech by former chancellor George Osborne.
Osborne is not the only one raving about the collective talent of GCHQ. The agency tend to work alongside MI5 and MI6 on intelligence efforts, and its history can be traced back to First World War, when the group worked to decrypt German communications. The group was a secret held on extraordinarily close hold even within the government. Modern culture efforts, such as Hollywood blockbuster The Imitation Game, tend to trace GCHQ’s history back to Bletchley Park, where savvy mathematicians and code breakers were driving forces behind World War 2 intelligence.
Regardless of their history, institutions such as GCHQ are doomed to continuously reinvent themselves in order to keep up with industry challenges. As threats develops, it’s absolutely imperative that our capabilities can match those of our foes.
More Than Just Investment Opportunities
But what is really behind the government’s new investments? In order to extend our knowledge on the governmental focus on cyber security, we recently reached out to a British cyber security expert. Though his wish is to remain anonymous, he could still provide us with some valuable insights on this topic.
Q: As a cyber security expert, can you explain why this spending is taking place now?
A: I can only speculate, but I do believe that the threats posed to UK security and UK businesses from both criminals and hostile states is only increasing - in particular with respect to elevated tensions with Russia. As such, increasing spending and promoting collaboration between researchers and industry is a very good thing.
Q: Oh, it’s clearly a good thing. But are these efforts coming too late?
A: Could the UK have invested more money earlier? Hindsight is 20-20, but I think that increasing collaboration and investment in UK cyber security firms will have a positive impact upon both the businesses involved - and the security of all UK businesses.
Q: Fair enough. What other options should one consider?
A: I believe that other options to consider would be teaching cyber security more effectively in schools. There has been recent work towards this by NCSC and other organisations, and these groups are increasing their presence and awareness in UK universities.
Q: When considering these investments, what should one be careful of?
A: I think that in especially setting up the London Cyber Innovation Centre, one must be careful that the start-ups make a contribution towards cyber security and increased collaboration between researchers and industry, rather than being seen as just investment opportunities.
Furthermore, our cyber security expert appears to agree with the government on one particularly important aspect: the best preparation is the one you do yourself. It’s imperative that UK citizens follow basic rules in order to keep both themselves and their businesses safe. This includes installing appropriate security software, downloading software updates immediately after being released, and using strong passwords. Especially downloading new updates is seen as important - the reason being that companies often release new software updates because they have discovered security breaches in their existing versions. While indeed being a menial task, an updated software is meant to protect you.
Our expert further suggests focusing on building stronger passwords. “Having your birth date, your wife’s maiden name or your pet’s name as a password is beyond idiotic these days,” he explains. “We see it all the time, and the truth is that you don’t even need to be a hacker in order to get past passwords like that in a short amount of time, just really good at guessing.”
Our expert also requests a general change in attitude, claiming that our new starting point must be that every UK business is a potential target and that cyber crime is no longer something that simply happens to other people.
A New Generation of Coders
British schools are also noticing the cyber security investments. The government is currently launching a program to find the cyber security experts of tomorrow.
The game, which has been launched in schools around the country, consists of four stages: cyberstart assess, cyberstart game, cyberstart essentials and cyberstart elite. Each stage involves puzzles and challenges that will improve students’ cyber security knowledge, hopefully peak their interest in a job market that barely existed when their parents’ went to school, and pick out those who might make good cyber specialists in the future. Head of research and development at SANS Institute, James Lyne, could report that approximately 23,000 people across the UK took part in the first stage, and from there 12,000 showed enough interest and talent to progress to the second stage, cyberstart game. While the program has received a certain amount of criticism, Lyne is still evangelical in regards to the program.
By targeting children, Lyne explains, they get access to individuals who might not otherwise end up in cyber security. Unfortunately, many young people in Britain - and especially girls - make decisions about whether or not to study Stem subjects (Science, technology, engineering and maths) at an almost alarmingly early age. Truth is that if these children are not introduced to these concepts early on, they are unlikely to pursue them in the future. Hence, Britain will lose out on what can one day be a vital part of their cyber security efforts. This can be potentially tragic for a country in which 70% of the organisations recently claimed that they are in need of basic cyber security skills.
The recent investment is undoubtedly a positive and proactive move by the government, but one can only hope that they will be willing to follow their projects through this time. It's not long since Ernst & Young's Mark Brown was quoted on saying that the government is clearly going in the right direction but still “needs to try harder with cyber security campaigns”.
Let us hope that these changes will be enough to increase the level of cyber security here in the UK.
Six Questions with SAS: Prof Bill Buchan
Prof Bill Buchanan OBE, PhD, FBCS Professor of Cryptography at Edinburgh Napier University.
Six Questions with SAS: Bridget Greenwoo
Bridget Greenwood, Founder at the Bigger Pie.
Six Questions with SAS: Mia Baker
Mia Baker, B2B Product Lead at Prenetics International, answers Six Questions with SAS. -Wi...
The People Problem: Cyber Security
The majority of security breaches are “not due to the failure of the technology implemented, b...
A Conversational Future
One of the most significant modern trends to take the world of technology, and subsequently th...
ERP Review: The Pros and Cons of Odoo
Odoo ERP has grown a significant following around the world. But will it be the right ERP syst...
The Best Secure VPNs (with Free Trials)
Are you looking for the best secure VPN on the market? Our security experts have gathered up a...
Buyer’s Guide to Endpoint Protection
A solid endpoint protection is key for any business that wants a comprehensive approach to the...