Folllowing the news that Philip Hammond has pledged to invest £1.9 billion to improve Britain’s cyber-defences, IT security experts from Imperva and Intergrator Axial Systems commented below.
Spencer Young, RVP of EMEA at Imperva:
“Whilst we welcome the acceptance from the UK Government that threats are increasing and that we need to more adequately equip ourselves to defend against foreign states, criminal groups and activist individuals, it is clear that we have lagged behind in a number of key areas. For instance, I believe there is a serious talent issue in the country, in that organisations and government departments find it hard to hire individuals with the experience and skills to add value to their cybersecurity teams. This stems from the lack of focus and funding in our schools, colleges and universities in devising vocational based learning and qualifications, to attract our brightest young minds into the cyber security industry and giving them the skills they can apply in a work environment from day one. The new investment will no doubt enable the technologies required for the government to better defend its citizens, but without the skilled workforce behind it, the cyber-criminals will continue to stay a step ahead.
However, that said, the attack types we see are becoming more and more sophisticated. Therefore it is not enough to defend against high volume, low sophistication attacks. Today we need to be more focused on defending high volume, highly sophisticated attacks, which are becoming more prevalent and dangerous.
In addition, it would be good to understand who is advising the government on the technology strategy they are adopting? Simply adding investment to defend websites or e-mail systems will not prevent hackers from gaining entry. The information they want resides in databases and applications that exist on-premise and in the cloud. Protecting only websites and email systems is akin to having a burglar alarm on the front door, but leaving the valuables in plain sight once the thieves enter the home.”
Mike Simmonds, Managing Director at Axial Systems:
“£1.9B sounds like a lot of money when said in the context of a programme to improve cyber-defence, and I hope that as well as delivering the necessary technical “bridges and moats” in the country’s security-sensitive infrastructure, a suitable proportion of it will be employed to educate those who currently fall foul of the low-level and somewhat unsophisticated “scatter-gun” scam emails and other mechanisms used to poison users and companies alike so that the human element is addressed, as well as the technical symptoms.
There is a great deal that technology can do as a partial-solution to these ills, by reinforcing network perimeters/cores and ensuring user connections are as secure as possible. But, when the innocent-looking invoice appears in front of the untrained office junior as an incoming urgent email and a simple double-click on the “invoice copy” deploys its payload, the case for education, education, education becomes paramount. Security is not a destination it’s a state of mind.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.