Just over a year ago, the UK Government launched a cyber security strategy aimed at making the public and private sectors safer online. The Executive Magazine considers how this ambition has impacted companies since its inception.
In November 2016, the UK Government highlighted its determination to make Britain more secure and resilient in cyberspace by launching a long-term, five-year strategy alongside establishing a brand-new National Cyber Security Centre (NCSC).
The impetus behind this was clear: not only was the public sector battered last year when the NHS had to cancel operations due to the WannaCry ransomware attack and the Houses of Parliament suffered a brute force attack, but companies themselves are increasingly at risk of online vulnerabilities due to their wealth of data and digital infrastructure.
Now, just over a year from the launch of the 2016-21 strategy, how exactly has the country been managing to stay safe online?
For one, it’s clear that the government’s efforts have begun to pay off. The NCSC responded to almost 600 significant cyber-attacks in the first year of operations alone, a statistic which singlehandedly justifies any amount of time and resource put behind the new organisation.
The centre has also been engaged in exciting plans as part of its Active Cyber Defence initiative, as well as looking at creating a ‘proving ground’ for new cyber products that can be tested and fast-tracked into the market. While the government will need to be cautious when approving private technologies, an export-driven framework will be key to promote innovation in the field.
The national centre and cyber security strategy have also come at a crucial time, with the new General Data Protection Regulation (GDPR) coming into force in just five months, alongside the Network and Information Systems Directive (NIS).
But despite all their achievements so far, these initiatives have clearly highlighted that it’s no time to be complacent. One of the major ongoing issues in the cyber security world still comes down to a pervasive problem that affects almost all industries worldwide: skills.
Estimates indicate that there will be a global cyber security workforce shortfall of a whopping 1.8 million by 2022. It’s no wonder the UK is so intent on developing a “sustainable supply” of homegrown cyber professionals, and several schemes – such as CyberFirst and a range of other industry-sponsored initiatives – have already been reaping benefits.
The NCSC is also seeking to develop a professional body for cyber security that can more clearly articulate career pathways to attract new candidates, while the DCMS has run boot-camps and mentoring programmes for academics to help them turn ideas into viable cyber security solutions.
Yet while these long-term schemes are welcome – after all, it’s vital to attract new entrants to the cyber market from a young age, ensuring digital skills are at the forefront of any school agenda – there is still a need to reskill the current workforce to ensure it remains up to speed with the fast-moving cyber security world. As well as looking at what skills can be transferred over from other roles, companies need to consider ways of forging new career paths to returners.
Similarly, human error – such as leaving an unencrypted laptop on a train, or sending an email containing sensitive data to the wrong address – must be dealt with if companies and the public sector will succeed in tackling its major threat to data security. Unfortunately for businesses, staff continue to be the weakest link when it comes to staying safe online – but thankfully, it’s one which can effectively be dealt with if supported with the right training.