After an Autumn that has seen the biggest ever DDoS attack, some of the world’s leading websites taken down, and Russia accused by the US of systematic hacking campaigns, it can only be a positive thing that the UK Government announced a new £1.9bn cyber security investment plan to help close the gaps in our digital defences.
The investment represents the Government’s shift towards a more central and robust cyber security strategy. This is crucial given the growing threats that UK public services and businesses face, and by extension the public themselves. If we are to have confidence in our increasingly digital economy, and enjoy our connected world safely, we have to make sure the right measures are in place to protect against hackers.
However, more will need to be done than the strategy laid out by UK chancellor Phillip Hammond to solve the major challenge at the core of our cyber deficiencies – ending the UK’s cyber security skills shortage.
Call in the specialists
The current cyber environment is markedly different from even a few years ago when cyber security disciplines would fall under traditional IT roles. Due to the expanding range of threats, cyber security has become a specialist position, where those responsible need to marry a deep technical knowledge with an awareness of the constantly evolving threat landscape and how best to respond. The threat landscape is almost unrecognisable from a decade ago.
Back then, attacks were predominantly malware-based, designed largely to disrupt and irritate. This was a world before the iPhone, mobile apps and internet banking, where the threat landscape was far less complex and there were simply fewer vulnerabilities for a hacker to exploit. Now, with our lives increasingly played out in the cloud, and dependent on personal credentials, we are more exposed than ever before.
As a result, we need security specialists, and in far larger numbers than at present. This will involve the Government nurturing students through tailored university courses, as well as supporting people in existing security roles to help them keep pace with evolving threats. However, there is work to be done earlier in the education process to ensure an increasing supply of talented and motivated youngsters.
Currently, IT still suffers from the perception that it is largely inferior to more sort-after careers such as law, media and finance. Cyber security stands as good an opportunity as any area of IT to overturn this trend offering youngsters the chance to be at the forefront of an intensifying battle against hackers, and having an impact on something that is relevant to so many areas of our lives. This approach might also overturn the gender divide in IT and help attract more women to the industry – another key challenge to be overcome.
Although the Government has yet to disclose where much of the £1.9bn will be invested, too few of the details that were announced suggested the Government has this longer term, education-focussed, thinking in mind. The specifics mentioned included the hiring of 50 more specialists to GCHQ, and a more promising commitment to funding research. However, what was missing was any mention of improving collaboration between businesses, government and citizen bodies. Furthermore, Hammond’s strategy was also packed in to a 2020 timeframe, a mere four years away in which much will change across the IT and security landscape.
With cyber criminals constantly finding new ways to pierce our defences and steal our information, as well as an escalating state hacking environment, the Government needs a plan that looks well beyond the current 2020 strategy to ensure we not only keep up with the hackers, but get one step ahead.
Image Credit: Den Rise / Shutterstock
Gad Elkin, Head of EMEA Security at F5 Networks