Education, behavioural change and scale of funding are being called for by cyber security experts as key industry chiefs largely welcome the government's commitment to the UK's digital safety.

This week, UK Chancellor Philip Hammond formerly launched the UK's new cyber security strategy, committing £1.9bn of support and partnerships with industry and academia to strengthen the UK’s digital defences.

'Today's initiative is a bold move by the UK government, who are recognising the critical role of government in protecting our country's critical infrastructure and digital assets,' responded David Howorth, senior VP EMEA, at Alert Logic.

Traditionally, the UK's cyber security strategy has focused on defence but in recent months we have heard much more rhetoric around an offensive cyber capability. 'Talk of strike back represents quite a change in mindset,' says James Tolfree, UK director at Cryptzone.

Doubts raised

But doubts remain about whether the measures announced are enough. 'It is yet to be seen if the level of funding proposed will be sufficient to deal with the rapidly evolving threats that both nations and businesses face, says Gubi Singh, COO at Redscan. His hesitation is echoed by other cyber security experts across the UK.

Digital skull

'We know that our current defences are inadequate,' says Cryptzone's UK director, James Tolfree.

'This is apparent by the 22% rise in cyber crime recently outlined in a report by Action Fraud. Given that the cost of this to the UK economy is estimated to be as much as £11bn per year, some might ask the question ‘ is this response by government enough?’

'Given the speed with which cyber crime is becoming both a national and international problem, one concern I have about today’s news is that £1.9bn and a five-year plan underestimates the ever growing problem,' spells out Rob Reid, COO and founder of internet security solutions provider StayPrivate.

'Day by day the amount of information sent via the internet and stored unsecurely is increasing at a far greater pace than the solutions that are coming to market can deal with, so it is not just a question of investing in more preventative measures, but ensuring there’s a much greater understanding of how to protect oneself, which is likely to take a great deal longer than five years given the way technology evolves.

'Cyber security is an ever-moving set of goal posts and it is necessary to re-evaluate risks and the threats that are posed,' agrees AlienVault security advocate, Javvad Malik.

'As cyber crime increases, it is necessary to shift investments and focus to prevent the biggest of threats,' he adds.

Infrastructure attacks

There is a rising risk from cyber attacks targeting vital services, such as transport, utilities and industrial systems within the UK.

'Taking down an electrical grid or breaching an air traffic or railway network, doesn’t just cause disruption and financial damage, it puts lives at risk,' points out Alex Mathews, EMEA technical manager at Positive Technologies.

Jonathan Sander, VP of product strategy at Lieberman Software believes that the devil is in the details, and he wonders if the committed cash will be put to the right use.

'There are hints that the Chancellor and GCHQ may be getting bad advice from the small details they revealed,' he says.

Cyber security 7

'Some spending will be aimed at producing more cyber security experts to combat threats. While experts are good to cultivate, they should also pay attention to normal folks both inside and outside the government, utility sectors, and everywhere else.

'If they could push out the basics on how to avoid falling for phishing scams to a majority of citizens, they would severely hamstring the bad guys who rely on people blindly clicking on bad emails as the start of their attacks.

'They also mentioned spending on sophisticated mechanisms to fight back against the attackers, but the latest Dyn attacks should have taught us that simple discipline in changing device passwords would be as, if not more, effective than the fanciest counter attacks,' Sander insists.

Education, education

Prof Roy Isbell, the Institute of Engineering and Technology’s cyber security expert is calling for the emphasis to be firmly on education and behaviour change, which needs to be led by business leaders.

'There is a real opportunity to educate organisations in how they approach and prioritise cyber security planning,' he believes.

'Training a new generation of cyber security experts is vital, but so is making sure that today’s leaders understand and can tackle the extent of the challenge we face,' Prof Isbell says.

'Hopefully the investment will be far-reaching and not only help the advancement of cyber security companies in the UK but also the education of the general public,' says Richard Meeus, VP technology EMEA at NSFOCUS.

'We are told frequently to close our windows and doors, not to speak to strangers, don't always trust people at your front door are who they say they are, yet how many people still don't have a screen lock on their Smartphone?'

There is widespread belief that cyber education can significantly reduce the risks of cyber crime and hacking attacks.

'A lack of user awareness around best practice continues to be one of the biggest reasons for successful attacks,' states Redscan's Gubi Singh.

'Educating users about the dangers of online threats from a young age could also be a smart long-term strategy to reduce cybercrime.'

Cyber security 10

Evolution, not revolution

'The investment will likely not signal a big step change but rather a continued evolution of the nation’s cyber defences, to respond to the growing cyber challenges that present themselves,' believes AlienVault's Javvad Malik.

'Part of the government's theme is to remove the fear factor from the whole topic of cyber security. Good cyber security solutions need to be flexible, easily consumable and deliver immediate meaningful outcomes,' says Aler Logic's David Howorth.

But this could prove challenging given that cyber attacks affecting UK citizens are becoming part of everyday life.

'Money is the current target for most attackers, but if the approaches they take are more political in nature, we could see the UK severely impacted unless proactive steps are taken to reduce the risks,' Gavin Millard, adds ominously.

He is EMEA technical director at Tenable Network Security. This raises an important point. 'In an ideal world, investment should be underpinned by added legislative teeth,' says Positive Technologies' Alex Mathews.

Perhaps the biggest challenge when it comes to cyber security is answering the question, 'when are we done, how much do we need to invest in security until we are confident that we’ve achieved enough,' concludes Javvad Malik.

Find out how to deal online from £1.50 in a SIPP, ISA or Dealing account. AJ Bell logo

Issue Date: 03 Nov 2016