Philip Hammond's £1.9 billion cyber security plan: Industry reaction and analysis

Earlier today the UK government announced a new £1.9 billion cyber security strategy, with Chancellor Philip Hammond vowing to "strike back" against cyber criminals.

In light of the news, various industry professionals have offered their reaction and analysis.

David Navin, Corporate Security Specialist at Smoothwall:

“The modern day business should know that when it comes to cyber security and the protection and defence of a company’s data, systems and intellectual property, security is of utmost importance. However, as we have seen even recently in the news, it is not always the case, and so the announcement today from the Chancellor of a £1.9bn spend to boost the UK’s cyber security strategy should be well received.

“Hopefully this new government spend will resonate with UK boardrooms and show the importance of having a robust security program in place with everyone from the CEO, CFO and CTO, ensuring they are educated to the risks and understand the importance of having strong enterprise grade security measures in place.

"Businesses should not rely on one security supplier when trusting them to protect their business. Instead, businesses should build its resilience through multiple layers of firewalls, encryption and good security software providers so that if one is compromised, the others are all in place and maintaining that high level of protection.”

Christine Andrews, managing director of DQM GRC:

"Whilst we welcome any boost in spending by the UK government to improve cyber security, unfortunately real progress will only occur when the organisations themselves start taking data governance seriously and consider cyber security as a boardroom issue – not a problem that can be resolved in a backroom department.

"Assistance from the government is a supportive step in the right direction, but it is vital that the organisations themselves implement an engaging staff training programme to ensure all employees are aware of the need to manage data securely. The most common and destructive mistakes are often due to human error – not state-sponsored, powerful cyberattacks. For example, even the simple loss or theft of a USB stick or laptop containing personal information about the business could seriously damage your organisation’s reputation, as well as lead to severe financial penalties."

Thomas Fischer, threat researcher and security advocate at Digital Guardian:

“The plans announced by the government demonstrate a good application of investment across the three cornerstones of IT security; people, process and technology. Many of the automated tools discussed in the strategy are widely available to businesses today, but we still come back to the issue of ensuring that the proper processes are in place and people are provided with the right skill sets and training. Faced with a constantly changing business landscape and changes in staff, it is very difficult for businesses to ensure security processes are well applied and that a strong foundational security culture exists. 

"Most organisations already accept that it is not if, but when, they were breached. This expectation may well reflect the fact that malicious parties are now more likely to extort the victim, or release the data to forums or even the public. Time and the security skills shortage are the enemies in this situation and they make it hard to ensure the three cornerstones are kept current and relevant."

Geoff Smith, Managing Director, Experis UK & Ireland:

“As the digital warfare intensifies, any measure that helps fight off persistent attackers should be lauded, and it’s very promising to see the Government pledge some of its cybersecurity strategy investment towards increased education and training opportunities for IT security experts.

“Cyber security expertise is in short supply, with businesses willing to pay more to bring in the right skill sets. In our recent Tech Cities Job Watch research, it was revealed that the average salary for permanent IT security professionals now stands at £58,003, up 7.95 per cent on last year’s figures. IT security day rates are also on the rise – up 4.98 per cent year-on-year (£443 on average), as many companies turn to short-term contractor support to help plug the gaps. 

“For organisations struggling to find the right talent, it’s important to look for people with the right mindset and transferrable skills, which can be assessed during interviews. By hiring and working with individuals with the aptitude and enthusiasm to learn new skills, and giving them relevant training and the freedom to experiment with new technologies, businesses can mitigate the risks. This will help to future-proof their organisation and ensure they don’t become tomorrow’s cyber-attack headlines.”

Tristan Liverpool, director of systems engineering, F5 Networks:

“The Government’s new cyber security investment plan is a positive move to help close the gaps in our cyber defences. However, more will need to be done to solve the major challenge of ending the UK’s cyber security skills shortage. 

“The current cyber environment is markedly different from even a few years ago where cyber security disciplines would fall under traditional IT roles. Due to the expanding range of threats, cyber security specialists are now needed to lead the fight against hackers. This will involve the Government nurturing students through tailored university courses, as well as supporting people in existing security roles to help them keep pace with evolving threats.

“As hackers find new ways to pierce our defences and steal our information, the Government also needs a plan that looks well beyond the current 2020 strategy to ensure we not only keep up with the hackers but get one step ahead.”

David Emm, Principal Security Researcher, Kaspersky Lab:

"It is encouraging to hear from Chancellor Philip Hammond that part of the £1.9bn to boost the government’s cybersecurity strategy will go towards education and training of cybersecurity experts. The next generation hold the key to plugging the widening cybersecurity skills gap. It is critical that we harness young people’s natural curiosity and strong digital capabilities to prevent cybercrime. If we can’t, we will not only struggle to fill the talent void, but we may also lose bright minds to the ‘dark side’, further exacerbating the problem.

"Unfortunately, our research shows that as it stands, employers themselves do not have entry-level cyber security roles and the industry is currently failing to provide a clear path for young people to find work, hone their skills, and serve society. This must change, and it needs a collaborative effort. The government, educators and industry must work together to enthuse young people about entering the cybersecurity field. Industry and educators must then ensure that students are taught the right skills to ensure they are work-force ready upon graduation.

"The final responsibility lies with industry alone, to ensure enough entry-level positions, and a nurturing environment for cybersecurity specialists to hone their craft and develop in the role. By working together we can ensure that their talent and curiosity is harnessed and nurtured for society’s good.”

Dave Larson, COO and CTO at Corero Network Security:

“The ever increasing and evolving cyber threat landscape has become dinner table conversation as of late, these events are becoming increasingly common, and proactive, automated solutions must take centre stage in defeating the threat. The modern Nation cannot sit back and hope that the next cyber-attack won’t impact critical infrastructure or take down major online institutions.

“These initiatives must be paired with consumer education in understanding the threats that exist and how to avoiding becoming an unintentional pawn in cyber warfare.

"Additionally, when you think about attacks on the Internet of Things escalating from consumer devices to businesses, enterprises, government agencies, utilities and more - you realise it is time to more aggressively secure every endpoint so entire networks including cloud services don't collapse and leave us vulnerable to other forms of terrorism.”

Bharat Mistry, Cyber Security Consultant at Trend Micro:

“This is much welcomed news that the Government recognises the potential impact of cyber based attacks, especially on Critical National Infrastructure and injecting much needed investment to combat the threat. As we have seen over the past few years, there is an increasing trend for attacks to be hit from cyber-space, be it from a Nation State, Activists with a political agenda or just cyber criminals. The UK needs to shore up its cyber defence capability and move to an offensive position.

"This will not only send a clear message that the UK is not to be messed with, especially in the light of Brexit, it will also protect the UK’s reputation as the biggest Technology Hub in Europe for innovation and technology for new start-ups.”

Image source: Shutterstock/jijomathaidesigners