Security professionals in the UK have shared their insights about cyber threats, security challenges and opportunities in 2018.
“There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”John Chambers, former CEO, Cisco
The real number may be even higher: not all companies detect (or admit) they had breaches. Hackers are getting much better at disguising their attacks, so they can remain undetected for a longer period of time and extract more data.
Skills shortage is a major issue in many countries, and the UK is no exception. In cybersecurity, this is now starting to bite across every single sector. Education (i.e university courses, apprentices) won’t be enough to solve this problem by itself. Businesses in the UK must also look at embracing new tools such as automation, orchestration, AI and, crucially, integrated security, to optimise how their security professionals spend their time. For example, companies need security personnel who can think creatively (i.e like hackers) so they can identify all the ways their company may be breached. To cope with the skills shortage, we expect to see a wage inflation in cybersecurity positions in the UK. However, this may mean that certain demographics such as Government or SMEs may struggle to meet the higher wages, and will thus struggle to recruit and retain. This may also introduce an increase in managed security services, to cope with the current skills gap of approximately 150,000 unfilled vacancies. Cybersecurity positions in the UK desperately need to be filled!
Our industry is (thankfully!) moving from a point product solutions approach to more of a connected security solutions approach. Connected security doesn’t have to all come from one vendor – what’s crucial, for the sake of making our businesses safer, vendors must together to have their solutions working together in harmony. UK companies are currently using more vendors, but the emphasis should be on ensuring these vendors are connected. Connected security helps customers simplify their infrastructure, remediate attacks more quickly, and also mitigate the skills shortage because teams will be managing less interfaces. Sometimes there’s commercial gain in managing less vendors as well. The crucial thing is to ‘use what you’ve got’ before replacing everything, and making sure that everything comes back to the problem you’re trying to solve. At Cisco we’re committed to third party integration so that our customers are better protected. The bad guys are working collaboratively and connectively, so we need to make sure, as an industry, that we’re doing the same. Otherwise we will always be playing the hackers’ game, and having the rules dictated to us.
We all need to find a way of cutting the noise down and using technology to eliminate the volume of basic alerts. At the moment in the UK, it’s like having a never ending email inbox, filled with spam. You’re not able to work out the urgent from the important. More adopted use of technology can help to investigate real and critical alerts, rather than the alerts that don’t need worrying about.
In the UK we are often blinded by the volume of attacks, and also the severity and tenacity of some of the attacks. In addition, we see lots of variations of the same attack as cyber criminals realise companies haven’t got the right tools (connected in the right way) to deal with their levels of sophistication. Organisations, even the ones with increased headcount, are struggling to cope with skills shortage. However, cybersecurity is becoming more of a priority for businesses, and most in the UK are looking to increase their spend on both technology and people. Cyber as a risk is top priority for the NCSC, who are working in collaboration with Cisco to increase the awareness of cybersecurity at board levels. The aim is to reduce this cybersecurity fatigue figure and get businesses more on the front foot.
Hackers now tend to think like businesses. Like any other business, they’re thinking about how they can get the most ROI (i.e how much can they sell the data they collect for?). The potential for high net gains from UK organisations is higher than the global average, hence the increased attack vector and remunerations.
It’s no longer of case of ‘if’ a company is going to be breached, but ‘when’. As hackers target UK companies more than the global average, companies will have to become better prepared at disclosing breaches, especially in light of GDPR. To tackle the problems we have, we have to do it in collaboration – government and cybersecurity vendors. Criminals collaborate very well. It’s not about compliance and regulation for the sake of it – it’s about moving beyond that to work together to tackle the escalating threat.
It’s not a case of the UK being far behind from the rest of the world – it’s more down to the sophistication of the cyber criminals and the fact that they have more to gain by breaching UK companies. Also, you have to knock more down to obtain what you need in the UK – there are more obstacles that typically companies have put in place, which is why this stat is higher than the global average. It’s like breaking into a high security house – there are more systems you need to shut down in order to get to the main prize. We see a strategy of moving towards more thorough segmentation, and more intelligent security solutions in the UK.
Companies in the UK need to move to more of a connected security strategy - a simpler and effective and easier to remediate strategy. UK companies need to focus on that more, but are under more danger of attack than most countries globally. It’s all about working together so that we stop playing the game of the cyber criminals.
Companies should get more out of what the solutions they have already got, and get it connected. They should also remove tools that don’t work together. At the moment new technology such as the above is still in early adoption phase in the UK – but not so much for cyber criminals who are already using these new technologies to execute hacks. We’ve made a good start in using these technologies against them, but we need to accelerate.
Read the global study findings on the Cisco 2018 Annual Cybersecurity Report (pages 46 – 68).
The Cisco 2018 Security Capabilities Benchmark Study offers insights on security practices currently in use, and compares these results with those of the 2017, 2016, and 2015 studies. The global research involved more than 3600 respondents across 26 countries and the findings are available on the Cisco 2018 Annual Cybersecurity Report.
This page displays an excerpt of the EMEAR data, which included the responses from security professionals in the following countries: Belgium, France, Germany, Italy, Netherlands, Poland, Russia, Saudi Arabia, South Africa, Spain, Sweden, Switzerland, Turkey, United Arab Emirates and United Kingdom. The data displayed here focuses on 3 areas of the study: security challenges, cyber attacks and adoption of new technology.