Recently, our Information Security Manager, Greg Nott attended the CyberUK 2022 Conference at the ICC in Newport. Hosted by the National Cyber Security Centre (a part of GCHQ), the event aims to raise awareness around the latest cyber security news. Following the event, Greg has summarised his key findings and how this will benefit organisations moving forward.
The overall theme of the Conference was the UK Government's National Cyber Strategy for 2022, which envisions a “Whole of Society” approach to Cyber Security. We aim to support this and help contribute toward making the UK the safest place in the world to live and work online.
“As a society, cyber is for everyone. Through this strategy, the government is doing more to protect UK citizens and companies, and its international partners – helping realise its vision of cyberspace as a reliable and resilient place for people and business to flourish”
Those of us that work in Cyber have been advocating the message that ‘everyone is responsible for security" for years, so it is great to see the Government encouraging this message.
The new "UK Cyber Security Council", along with schemes such as "CyberFirst", will provide consistent, up-to-date frameworks and regulations to encourage and enforce best-practice across UK organisations. They also aim to inspire students from all backgrounds and ages to consider a career in Cyber, along with training paths to make these career aspirations easy to access.
This year alone the Government is investing £2.6 billion into Cyber Security, an industry that is now worth £10.1 billion to the UK economy, and growing.
Cyber Security works best when we work together, something which mirrors our own ‘One Team’ ethos here at Circle. So, rest assured we are fully aligned with this strategy and here to support you in any way we can. The “Whole of Society” as One Team.
Below we summarise some of the key messages from CyberUK 22.
- The Covid-19 pandemic has moved more of our lives online globally meaning that we need to trust the systems we use more than ever, but those systems are now facing more threats than they ever have.
- The growth of Social Media has impacted all of our lives, including influencing political movements around the world and even changing the face of modern warfare (Russia’s invasion of Ukraine).
- Even crime has started to move away from traditional proximity-based attacks to distance-based activity such as phishing and other cybercrimes.
The Welsh Governments Approach
Circle is proud to be a Welsh organisation, so it was great to hear how Wales is positioning itself as one of the leading places for Cyber Security in the UK:
- It was announced during the Conference that a new £9.5 million ‘Innovation Hub’ was to be established in Wales
- The Welsh Government and Cyber Wales strategy ensures that Cyber Security is built into the heart of future policy making
To read more about the Welsh Government's pledge, click here.
Education - A key target
- Education is a big target for Malware
- Historically Education networks have always been built for convenience, not security. Studies also show that 40% of Head Teachers don’t understand the risk of Cyber Security threats or how to address them.
Circle, in particular, has worked with many Education establishments around the UK to build out their Infrastructure with Security in mind and will continue to drive this message and support the Education sector where we can.
Cyber - The Present
- Zero-Day attacks are on the rise, driving efforts by Governments and organisations to monitor the web & dark web for talk of ‘Proofs of Concept’ to better predict these attacks before they impact us all
- On average only 7.7% of organisational budgets go towards Cyber Security. Some of us may half-joke that 7.7% is significantly more than their entire IT budget but joking aside, it's nowhere near enough.
- Ransomware is the largest Malware threat to the UK. The average demand made by victims is £1.8million.
- Fraud under £100k value will not be investigated properly – attackers know this and will stay under this threshold with many attacks, knowing there will be little to no comeback.
- Luckily the paradigm is starting to move from ‘Reactive’ to ‘Proactive’ – this needs to continue.
Cyber - The Future
- NCSC and their counterparts around the world are working with and supporting MSPs to ensure the strength of the Supply Chain and make sure organisations can choose their partners wisely and confidently.
- Already being certified to Cyber Essentials Plus and ISO 27001 standards Circle champion this approach and welcome the Government to drive this message further in the community.
- One proactive scheme being worked on by the Government in partnership with Nominet is the ‘Protective DNS’ scheme which allows Government & Public Sector customers to actively protect against DNS based attacks.
- New legislation is being built, and old legislation is being updated, to better reflect and enforce the reality of Cyber crime as it exists now and in future
- The ‘Digital Security by Design’ Technology Access Programme, sees NCSC, ARM and Cambridge University come together to promote a working proof of concept of the CHERI Architecture developed by Cambridge University which is designed to combat memory-based vulnerabilities which make up 70% of identified CVE’s (70-80% of Zero Day attacks could have been avoided with this technology in place).
What can you do now?
- Get support. Choose your partners wisely. Circle are here to take this stress away from our customers. You can contact us to book a meeting with our experts, here.
- Have active Business Continuity, Disaster Recovery and Incident Response plans in place.
- Test these plans regularly to make sure they are robust and mature!
- If you haven’t already, risk assess your business, infrastructure, processes and people. Understand the risks you face, their potential impact on your business and who owns those risks.
- Work to change the culture in your organisation. Cyber Security is not ‘someone else’s problem’. The responsibility for keeping us all secure is everyones.
If you want to understand the National Cyber Strategy in more detail you can download a copy here.
Our findings are based on the research conducted by our Information Security Manager, Greg Nott. If you'd like to read more about the latest cyber security news, be sure to keep an eye out for the next of Greg's security updates.
- NCSC – ‘Exercise in a Box’ (Exercise in a Box - NCSC.GOV.UK)
- Cyber Scotland – Incident Response Plan templates (Cyber Response – Cyber Scotland)
- NCSC – Report Phishing Scams (Phishing: Spot and report scam emails, texts, websites and... - NCSC.GOV.UK)
- NCSC - National Cyber Strategy (National Cyber Strategy 2022 (HTML) - GOV.UK (www.gov.uk))
- UK Cyber Council Website (The UK Cyber Security Council: voice for the UK’s cyber security profession | UK Cyber Security Council)
- Cyber First Scheme (CyberFirst overview - NCSC.GOV.UK)
- Digital Security by Design Technology Access Programme (www.dsbd.tech)