Industry weighs up GCHQ cyber protection plans
Security market watchers cast a critical eye over Government plans to protect businesses from cyber crime.
Industry watchers have cautiously welcomed plans to get GCHQ to advise private sector firms on how to protect themselves from cyber attacks.
According to a report in the Guardian newspaper, the government surveillance agency will provide the bosses of some of Britain's biggest firms with advice on protecting their online services from cyber criminals.
"GCHQ now sees real and credible threats to cybersecurity of an unprecedented scale, diversity, and complexity", said GCHQ director Ian Lobban.
The Guardian report cites figures from a new GCHQ publication, Executive Companion - 10 Steps to Cyber-Security, which claims that "thousands" of IT systems are compromised by hackers for commercial reasons every day, jeopardising Britain's economic security.
The government can't just give advice it needs to give practical help.
News of the initiative won the support of a slew of security industry watchers, although some have aired concerns over how effective GCHQ's attempts to educate businesses will be.
Rob Cotton, chief executive of information security specialist NCC Group, said GCHQ should provide training and support for businesses, not just advice on avoiding cyber threats.
"The government can't just give advice it needs to give practical help [in the form of] training for employees to reduce the social engineering risk, grants for businesses in need to bolster their security, and mandatory transparency to reduce the stigma of suffering a breach," said Cotton.
Orlando Scott-Cowley, security technologist at cloud-based email archiving vendor Mimecast, said GCHQ should also widen its remit to include a wider range of firms.
"There has always been a threat of cyber-attacks [against] UK businesses, but while it used to be the case that only high value organisations like banks or those dealing in intellectual property were at risk, today all businesses face this threat," he said.
"Being security-conscious' is the job of all companies, their management and their staff."
Mark Brown, director of information security at advisory firm Ernst & Young, added: "This is an appropriate short term solution, [but] the longer term cure for this problem surely involves re-evaluating the skills and knowledge gap in industry rather than government intervention."
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download