It has been reported that the Government announced that it has partnered with UK tech giant Arm as it pumps more than £50m into a new programme to improve the country’s cybersecurity. Chipmaker Arm, which was bought by Softbank in 2016, will receive £36m to develop new chip technology that is more resistant to cyber-attacks. A further £18m will be injected into a new scheme aimed at cracking down on online disinformation, fraud and misuse of personal data.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
It has become increasingly obvious that the threat of a hostile cyber-attack progressively threatens to damage and destroy both businesses and individuals in the UK. This new cash injection is certainly a step in the right direction towards protecting our businesses and our sensitive private information, simultaneously encouraging nationwide awareness of the cyber-issue.
However, this new fund will not stop attacks altogether, nor will it take affect immediately. Therefore, there is a number of things that organisations and individuals must do in the meantime to protect themselves from hackers and malware. This includes investing in cyber security software, upskilling employees with cyber skills, and, most importantly, encouraging cyber secure online behaviour, protocols and procedures across organisations – this starts with operating a safe, secure online domain and IT system which is constantly kept up to date.
Cyberattacks can have a significant impact on businesses, from costing millions of pounds to causing reputational damage. Therefore, it is critical that we get ahead of the attackers. Increased connectivity and digitalisation have made us more vulnerable to cyber-attacks, leading to a growing urgency to build a more cyber resilient world. Therefore, cooperation between the UK Government, technology vendors and businesses is an important step in ensuring British businesses and the public are protected against cyber-attacks and online threats.
For too long businesses have focused on building walls to keep the bad guys out, and have failed to address critical security flaws within the technology itself. To truly protect against cyber threats, security can’t be an afterthought; companies need to go on the offence, and design security into their software and hardware from the very beginning. Security must be everyone\’s job.
Arm has rightly said that achieving robust security requires a radical shift. Businesses need to follow Arm’s lead, and proactively build security into devices, applications, and software from the start.
This continued investment in cyber security is proof that the issue is being taken seriously at the highest level. The collaboration between the government and organisations is an encouraging one – and with technological innovation speeding up, this support is going to be vital moving forward. If the UK wishes to become a leading digital nation, it’s important to put cyber strategy first; organisations must adopt a ‘security-by-design’ approach that puts security at the heart of their business. Ultimately, if cyber security isn’t part of boardroom discussions, they risk all kinds of financial and reputational damage as a result.
Collaborations such as these – including the partnership between Industry100 and NCSC – will help form an important part of reducing cyber attack exposure for many SMEs and larger organisations most at threat. And the message is clear from the government: they recognise the threat from foreign and domestic actors and the havoc that it could play on businesses up and down the country. As the threats evolve, so must the funding and increased importance on awareness to combat those attacks. This is a big step in the right direction.
The UK serves as a remarkable example of government-led cybersecurity initiatives serving the nation. With the reportedly settled Brexit deal, the UK will likely remain the European center for cybersecurity, providing a safe harbour for businesses and fertile ground for emerging cybersecurity startups.
Talking about this particular transaction, I would, however, be cautiously optimistic. First of all, the number of attacks and exploitation vectors that are reliably addressable on a hardware level remains pretty narrow. In addition, the time UK business require to migrate to the new hardware platforms will be quite long, making attackers enjoying their impunity for the time being.
Most of the successful attacks nowadays are caused by incomplete or outdated inventory of digital assets. A vast majority of businesses in the UK and abroad do not know where exactly their data is stored, how many applications or APIs they have or how many mobile devices are connected to their internal networks. That is a root cause of the problem, and deserves urgent attention and mitigation. Therefore, I’d urge investing in a supplementary cybersecurity initiative that\’s aimed at bringing visibility of data and assets to UK businesses.