“The world’s next big conflict is likely to begin in cyberspace” says Chancellor Philip Hammond.
If this is true, is the UK £1.9 billion Cyber Security investment enough, or is it already too late?
On 1st November 2016, the UK Government announced a new £1.9 billion cyber security strategy, aimed at matching the abilities of rogue states who currently would have the upper hand when it comes to an act of warfare in cyberspace.
Chancellor Philip Hammond was clear that he wanted to "strike back" against cyber criminals, and failure to do this could have “devastating effects”. Hammond proposes the new strategy will help the UK retaliate against cyber attacks.
The announcement comes following a warning from MI5 that Russia pose an increased cyber threat.
With the UK current threat level for international terrorism remaining at SEVERE, meaning an attack is highly likely, the UK Government is clearly now concerned about the technical expertise of their savvy international opponents and the vulnerability this places on the UK.
With this in mind, why has it taken the UK Government so long to respond?
Cyber security within business has been rapidly growing in importance and mindshare with Boards and shareholders, as so many businesses rely on the internet and storing information online to operate.
Malicious third parties could demolish a businesses reputation overnight if their data got into the wrong hands, and leave a lasting effect that can often lead to permanent losses.
Hospitals, schools, network providers and many more are all at daily risk of a cyber attack due to the sensitive consumer data they hold, and therefore have been expected to bolster up their security to pre-empt an attack and build resilience.
Gartner highlighted at a recent Security and Risk Management conference that when investing in cyber security, the focus should be less on prevention and more on detection.
Brian Lowans from Gartner explained that cyber attacks take just 1 to 6 days to infect, but then take anywhere between 6 to 256 days to infiltrate (often unnoticed) and 256 to 338 days to exfiltrate.
These timescales simply aren’t good enough and organisations and the Government alike need to get better at identifying potential threats and having the resources in place to respond.
In a position of national threat, it is imperative that we shorten these timescales and are able to accurately respond to an attack.Whilst these figures are shocking, they offer an accurate portrayal of the current cyber threatscape.
Large corporate organisations are still struggling to protect their digital assets from cyber threats, and businesses need to become much more agile when it comes to cyber security to be able to react quicker.
With this in mind, there are concerns about whether the UK Government has the capabilities to build the resiliency necessary to protect the UK from any imminent cyber threats.
What are your thoughts?
How do you currently protect yourself from cyber threats and do you think the UK Government is capable of implementing this strategy quick enough for it to make a difference?
We’d love to hear from you, please post your comments below.