The term Cybersecurity is thrown around quite often but what does it actually mean? A straightforward definition is to protect computers, networks, systems and information from being hacked or attacked by external sources. For many people, an attack on their computer network is an affront to their personal security and well being, which is why many companies are taking the appropriate steps to ensure that their data and systems are fully protected. Implementing a properly aligned Cybersecurity programme which ensures compliance with UK law and effectively protects against potential attackers is one of the main challenges facing businesses operating within the UK.
UK’s National Cybersecurity Strategy (NCS SP) highlights three main areas which need to be addressed to meet and exceed the international standard. These are Education, Attribution and Protection. Att Attribution is all about knowing who has done what to compromise a system and Protection revolves around stopping or minimizing damage. Below we will briefly look at each of these key concepts and explore how they relate to cyber security in the UK.
Education is an important component of a comprehensive Cybersecurity strategy. Creating an environment of awareness and acceptance of the risks associated with running a computer network in the UK is necessary to generating an atmosphere of trust and confidence in businesses and individuals. Most businesses and organizations are not familiar with the norms associated with proper cybersecurity so why would they risk doing business with someone who may not be up to date on the latest developments and trends. Establishing consistent educational programmes and constant communication with customers and peers is an effective way to encourage openness and participation and builds a positive reputation.
As part of the wider effort to counter the threat from cyber criminals and a subsequent rise in UK cyber attacks, GCHQ, the UK’s national intelligence agency, has established a cyber crime unit. The aim of this unit is to increase understanding and provide direction to UK organizations and authorities on how to deal with the issue of cyber crime. Just last year the UK government published its first ever Cybercrime Strategy, which has been cautiously developed to target criminals specifically. This strategy focused on educating businesses on the risks associated with carrying out online activities, the importance of privacy and civil liability protection, as well as the need for stronger international cooperation in order to prevent and mitigate cyber crimes.
Companies are regularly infected by malware, viruses and other vulnerabilities that allow hackers to gain access to confidential customer information and compromise the security of the company’s networks. It is vital that UK organizations take the appropriate steps to stop and prevent these types of cyber attacks. It can be costly for businesses to respond to a vulnerability and it could also result in serious legal issues for those that were compromised. In late September, GCHQ released a draft strategy that sets out the objectives for the UK Government in relation to responding to the threat from cyber criminals.
Amazon has recently announced that it will begin offering cloud computing services to its users in the UK and will be providing the resources and technical expertise to build such a service at its UK headquarters. This follows the announcements by several large financial institutions including the London Stock Exchange. Cloud computing is a new concept that allows multiple companies to use the same infrastructure to run applications. It has the potential to reduce the cost and power consumed by businesses and to make them more energy efficient. The London cloud will allow businesses to access the Amazon’s own data center and its own network of resources, rather than having to rent infrastructure from third parties.
The threat of data breach in the UK has grown over the last decade. There are already many examples of high-profile data breaches in the UK, including the recent scandal with Royal Bank of Scotland and the United Kingdom’s National Insurance Number (NIN). However, a recent study by the Commons Science and Technology Committee showed that the numbers of reported data breaches in the UK are actually much higher than reported cases. This means that UK businesses face a substantial risk of being the next victim, as a large number of businesses have already been the victim of data breaches. This has created an urgent need to implement solutions to reduce the risks of data breach and to ensure that businesses and organisations can protect themselves against cyber attacks.
Cybersecurity is a rapidly developing field, driven by technology. Recently, we have seen rapid growth in the UK’s IT-savvy industry. As this pace of technological innovation increases, there is the increasing likelihood that cyber attacks will grow too. According to the Global Data breach Initiative, a recently published report prepared by Oxford University and PricewaterhouseCoopers, a large amount of data was lost due to data breaches in the UK last year. The report found that there is a global average of over one million reported data breaches every year, which represents a significant UK problem, and one that the country should address to reduce its vulnerability to cyber attacks.