In-depth

Cyber security: striking a difficult balance

Governments alone cannot solve the IT security challenge. The IT industry, and business community need to take action too.

Inside the enterprise: If defence of the realm is the first duty of government, then when it comes to cyber threats, the UK should be ahead of the game.

Over the last few years, the UK government and its agencies have invested significantly in stepping up cybersecurity protection, even devoting a significant share of a declining military budget to cyber measures.

Maybe now is the time for the IT industry to show what it is doing to put its cyber-security house in order.

Business advice, too, has been at the centre of this more hands-on approach, with a range of measures drafted to help businesses improve their own cybersecurity posture. This is one area, at least, where we really are "all in it together".

By the Government's own estimates, 93 per cent of large companies, and 87 per cent of SMEs, have suffered a cyber breach over the last year with a cost ranging from 450,000 to 850,000 for breaches at large enterprises.

Aside from direct involvement in countering the cyber threat, such as the 650m committed to cyber protection in 2010's Strategic Defence and Security Review, the focus has been on improving collaboration between Government, and its security agencies, and business.

This has, for example, led to a more overt role for GCHQ, including an extension of the Cheltenham-led CESG CCP certification scheme to private sector candidates. Previously, this certification was limited to civil servants, the military, and of course, the spooks.

This is generally beneficial: smaller firms, in particular, should benefit from free and generally high-quality advice. But the government needs to strike a balance between supporting business, and dictating to them how to protect themselves. This balance is especially difficult in areas of critical national infrastructure (CNI), where companies deliver services that everyone in the country depends on.

The latest move by the UK Government is its policy paper, Cyber security skills: business perspectives and government's next steps, published earlier this month.

This latest paper includes a proposed, new cyber-security curriculum for 11 to 14 year olds, and more support around cyber security for the university sector. A large part of the Government's overall strategy, according to ministers, is to improve the UK's "cross- cutting knowledge, skills and capability" the country needs to improve cyber security protection.

This, the Government admits, is a challenge. Barriers range from a low take-up of STEM (science, engineering, technology and maths) subjects in school and a lack of awareness of cybersecurity careers, to a need to improve broader understanding of cyber risks. This includes continuing to raise awareness among company boards.

Again, addressing these issues is a laudable aim and the UK has made real progress in improving both awareness and the level of security skills, and the overall standard of defence over the last few years.

But there is a risk that well-meaning initiatives turn into overly prescriptive measures.

There is a plethora of security certifications in the profession already, and some industry figures question whether more are needed, especially certifications that lean heavily on public sector practice. And new laws coming up, such as the EU's Data Protection Regulation, could go further in telling companies how to protect their systems.

Government action so far has been useful, and should be welcomed. But maybe now is the time for the IT industry to show what it is doing to put its cyber-security house in order.

Stephen Pritchard is contributing editor at IT Pro.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

The JEDI contract's future becomes murky after AWS court win
Policy & legislation

The JEDI contract's future becomes murky after AWS court win

11 May 2021
Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
US fuel pipeline hackers reveal their motive
ransomware

US fuel pipeline hackers reveal their motive

11 May 2021
Trend Micro and Snyk team up to combat open source flaws
vulnerability

Trend Micro and Snyk team up to combat open source flaws

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021