Commons Public Accounts Committee Criticises UK Cyber Defences

Following the news that The Public Accounts Committee has warned government ministers need to tackle the skills shortage gap to best equip Britain against cyber-attack, IT security experts from Intercede, Vectra Networks, Experis UK & Ireland and Thales e-Security commented below.

Richard Parris, CEO at Intercede:

“It’s refreshing to see the Public Accounts Committee taking the growing cyber security threat seriously but simply throwing more people at the problem is not the answer. There is a gross skill shortage in the area and so we need to change our approach to securing critical data and infrastructure in the public and private sector. It’s time to move from simply investigating breaches, and post breach vulnerabilities, to actually mitigating the initial risk.

“Right now the global cyber security market is worth approximately USD$120 billion and is forecast to exceed USD$200 billion in the next five years. The vast majority of that money is invested in monitoring for breaches and in mopping up after a breach has occurred. At the same time the ‘front door’ of most of the infrastructure is closed by a laughably simple and insecure username and password protocol, or a ridiculously complex authentication that is so alienating to the user, it invites shortcuts and work arounds.

“Highly secure, user friendly and cost effective alternatives are available that would dramatically reduce the number of security breaches, approximately 75% of which originate at the point of user authentication. All we need is the political, regulatory and corporate will to make it happen.”

Matt Walmsley, EMEA Director at Vectra Networks:

“Faced with a shortage of skilled cybersecurity staff, the public sector should look to artificial intelligence (AI) and machine learning to ensure they’re more effective effort in tackling cyberattacks, because humans alone can no longer keep up with current threats.

“As the volume and sophistication of attacks increased, there has been a parallel demand for people with the skills to respond. However, human beings alone, no matter how skilled, won’t have the bandwidth to handle the tsunami of security data, cacophony of alerts, and plethora of security tools.

“With hyper growth in the attack surface and threat landscape – and constrained by limited security analyst resources and capabilities – the public sector will need to augment their teams with artificial intelligence to automate the real-time detection of threats and rapidly respond to security incidents before they become critical events.”

Geoff Smith, Managing Director at Experis UK & Ireland:

“While it’s concerning to see MPs questioning the UK’s front line defence against cyber threats in the news today, it’s not surprising, given the skills shortage we’re currently seeing in the market. In our latest Tech Cities Job Watch report, it was revealed that demand for IT security skills rose by 46% in 2016, with the average salary now standing at £57,706. With cyber criminals becoming ever more sophisticated, companies are also prioritising longer-term investment – with a 52.9% surge in demand for permanent staff year-on-year.

Prioritising long-term defence, organisations should anticipate and plan for potential risks in three to five years’ time, as well as dealing with current threats. We’re working closely with our clients to do just this, ensuring they have a flexible and scalable workforce solution. This enables them to bring in different skills and transfer knowledge between different people at different times. And, it will often include a combination of perm, short-term contractors, Employed Consultants, off-shoring and outsourcing.

While this talent can come in many forms, it’s important to look for people with the right mindset and transferrable skills, which can be assessed during interviews. By hiring and working with individuals with the aptitude and enthusiasm to learn new skills, and giving them relevant training and the freedom to experiment with new technologies, businesses can mitigate the risks. This will help to future-proof their organisation and ensure they don’t become tomorrow’s cyber security headline.

Peter Carlisle, VP EMEA at Thales e-Security:

“The UK’s chronic cyber skills crisis presents significant challenges for both government and for businesses when it comes to resourcing tech talent to tackle the rising tide of attacks.

That’s why it’s vital that the public sector works closely with industry through organisations such as the National Cyber Security Centre to develop stronger processes around data security and ensure the next generation are properly trained with the necessary cyber skills.

Initiatives like GCHQ’s CyberFirst programme are already offering hundreds of talented graduates support through bursaries, placements and employment opportunities which are critical for building a pipeline of the UK’s next cyber security leaders.

Alongside this important skills drive, industry and public sector collaboration is key to safeguarding companies, critical national infrastructure and citizens from increasingly sophisticated cyber threats.”