Experts say UK must keep pace with cyber threats
Industry welcomes £1.9bn investment, but highlights skills shortage
With the UK government committing 1.9 billion of spending to shore up the country's cybersecurity defences, experts in the field have given their verdicts on what the announcement will mean for the industry and the nation.
Sam Millar, litigation & regulatory partner at global law firm DLA Piper, told IT Pro that the chancellor was right to emphasise the need for the UK to keep up with the scale and pace of cyber threats.
"It is clear that individuals and businesses are not yet equipped to cope with these collective risks likened by Hammond as being as dangerous a threat to our national security as terrorism. It is vital that the government ensures that law enforcement efforts and legislation to tackle cybercrime are agile, up-to-date and robust so that the ever-evolving risks are managed and criminals prosecuted swiftly wherever possible."
Millar said that on the corporate side, there is no doubt that responsibility for ensuring that organisations are as secure as they can be against cyber attacks rests firmly with the CEO and the board.
"How that responsibility is exercised and the extent of resources deployed will differ from corporate to corporate and sector to sector," he said.
"Stronger partnerships between government, law enforcement, industry (in all sectors) and academia will be essential if the UK is to protect its businesses and infrastructure both physical and digital - and ultimately remain a global leader," Millar added.
Mark O'Halloran, a partner at law firm Coffin Mew, told IT Pro that the new strategy is "great news" for business as it shows the government's commitment to invest significantly in taking on large-scale and state-sponsored cybercrime.
"But business should not be complacent and think this means the cyber environment will become easier to navigate," he said.
"The onus will still very much be on companies to shore up their own cybersecurity. We've seen from the ICO's record-breaking 400,000 fine of TalkTalk that the government expects companies to invest heavily themselves and adopt state-of-the-art protection."
He added that when GDPR comes into play in May 2018, the ICO will be able to impose even heftier fines up to 4% of a company's global turnover for data breaches - even those resulting from targeted hacking by sophisticated criminals.
"Companies should always remain vigilant and remember that the most successful hacks result, not from clever software, but from human vulnerabilities. One of the most common types of incursions, spear phishing, simply needs an unsuspecting employee to respond to an apparently genuine email asking them to verify their login details."
O'Halloran said that training employees in cyber awareness will remain as essential as deploying the latest anti-virus and attack detection software.
"Therefore, the government may help prevent massive Denial of Service (DDoS) attacks, but that won't stop a friendly phone call to your finance team from someone claiming to work in your IT department needing to run a software update."
Mike East, VP EMEA at CrowdStrike, told IT Pro that the UK's cash injection to shore up cyber defence is a nod to its acceptance that reactive action to cyber threats is no longer enough. The next step is to use intelligence to support the detection and management of attacks, and better counter criminal activity, he said.
"The theft of information to uncover a government's national security strategy is one thing, but the theft of information in order to influence elections, is another - it changes the dynamic," said East.
"Ultimately, the UK government has a fundamental right to protect its citizens. Moving forwards, it must focus on understanding its adversaries better their motives, their tactics, and how that intelligence can be used in order to stay one step ahead."
Jonathan Martin, cybersecurity & cloud department manager of IT recruitment firm Networkers, saidhis firm welcomed the government's 1.9 billion investment into cybersecurity, and was pleased to hear that some of this investment will be dedicated towards education and training of cybersecurity experts.
But he warned that there is currently a shortage of cybersecurity experts to manage the increasing problems presented by the integration of tech into our daily lives.
"As industry incorporates more and more technology, the need for these experts will only increase and as a result, we anticipate a steep rise in demand for their skills. Without a concerted programme to entice the next generation, the UK could leave itself vulnerable," he said.