British business leaders need to extend their cyber security defences beyond the threat posed by Russia to other states and criminal syndicates, one of the UK’s leading spymasters has warned.
In an interview with the Financial Times, Ciaran Martin, chief executive of the UK’s National Cyber Security Centre, which is part of the communications intelligence agency GCHQ, said that while Russia remained a serious threat to businesses, Iran and North Korea, as well as international cyber criminals, presented equal if not greater risks. IT security expetrs commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“Unfortunately the advice given is not actionable. How can businesses protect themselves from Russian national interests, when in actual fact they don’t know how to protect themselves from Russian inspired cyber attacks in the first place?
The UK needs a “cyber home front” initiative. It is in an Asynchronous Warfare situation, and the attackers constantly obscure their real intentions with a mosaic of apparently unstructured intrusions against any and all economic and political targets. This serves to dull our awareness to the overarching strategic goal of reducing western economic power, constricting political alliances and isolating individual nations.
The question that needs to be asked is “in a state of cyber warfare, what should we do differently?” and the answer to that question needs to be delivered to business leaders. Then, we might stop the death of a thousand cuts.”
Tim Helming, Director of Product Management at DomainTools:
“While it’s a sad fact that these measures are needed in the current geopolitical climate, it is a fact nonetheless. Threat actors from a number of hostile states are engaging in campaigns of cyber disruption and warfare in order to destabilise and damage political process in the West and further their own political aims: This is evident on both sides of the Atlantic. Detailed threat intelligence on the context and sources of these campaigns are necessary, but increasingly more difficulty to carry out in the current legislative climate. Much has been said of the dangers of cyber threats to physical infrastructure, but the threats to our political infrastructure can affect something even more critical; Our democracies.”
Josef Williamson, Threat Intelligence Analyst at EclecticIQ:
“Today’s five question guide for boards by the NCSC is a welcome initiative in light of recent incidents like the British Airways breach. It’s vital that cyber strategy is discussed at board-level and that organisations begin to take a more proactive approach to their cyber defences, considering their responses to the key questions outlined this morning. Providing organisations with best practice with a formal toolkit later this year will ensure UKbusinesses have the best chance in defending against any potential threats.
“The next step from there is that businesses become more open in their intelligence sharing, putting collaboration at the centre of the fight against the evolving threat landscape. Standards are maturing, technology is maturing, and there is a big push from government to set up collaborative initiatives to ensure the public and private sectors are sharing insight on threats. Transparency is vital to success in business and embracing a stance of openness cannot only improve a business’s view of cyber threats, but can also fuel a wider cyber intelligence revolution.”