I recently gave a keynote speech at CyberUK 2022 – the UK’s flagship cybersecurity conference.
It’s a great event, bringing together experts from all over the security community to reconnect, discuss business needs and review the changing threat landscape. During the event, it was clear the past two years have massively changed how we think about cybersecurity and prompted the need to adopt a ‘whole of society’ approach. Right now, almost every organisation is revaluating their security posture, looking again at their existing measures and asking whether they’re really enough.
This high level of vigilance and concern used to be reserved for the CISO but, today, it's become the norm across every level in most organisations. It’s always been a volatile environment but now, due to the ever-evolving threat landscape, cybersecurity is more important to businesses than ever. Back in 2018, our cybersecurity platform used to process 100,000 events a second – now we process over two million. In total, that’s 170 billion events that we ingest and analyse on a daily basis in order to defend our network.
Adopting a ‘whole of society approach’ to cybersecurity
A ‘whole of society’ approach to security is really about the need for everybody to start doing more to support the wider security community. The interconnectedness of technologies today has increased dramatically from even two to three years ago – allowing attacks to spread much more quickly. This means we’re all now so interdependent that we’re only ever as strong as our weakest link. It’s no longer about protecting just yourself or even your industry – everyone is racing together to stay ahead of the cybercriminals and find our weakest links before they do.
Rather than responding reactively to threats, a more sustainable approach is to start unlocking and sharing any developments that will enable us all to get ahead of the next attack. The focus needs to be on building a collective resilience to improve our cyber capabilities globally. In particular, both government and industry should have an active role in helping all areas of society understand the part they play in remaining secure and educating individuals about the steps they can take.
We offer a range of free training and support to anyone who wants to access the knowledge and digital skills they need to properly secure themselves.
The need for innovation and change
For me, another key takeaway from this year’s event was that if we want to do more than simply race to keep up with the latest threats, we have to innovate and collaborate across all elements of our security thinking and strategy. One of the key ways we can support this is with automation. Only recently we launched Eagle-i, a platform that uses automation and AI to rapidly identify and predict cyberattacks. We trust this platform to automatically analyse issues and put preventative measures in place before they impact our business and our customers. To really outpace our current threats, we need to give automation far greater decision-making responsibility and free up our people to focus on more complex, strategic issues. This is critical due to the current skills gap in cybersecurity.
Not only do we face a lack professionals, but we also need far greater diversity to enable new and innovative ways of thinking. Cyber threats are constantly changing, and we won’t be able to respond to them in the future without a far broader range of views and perspectives. We also all need to remove barriers and create pathways to attract more people into cyber careers. There are some simple steps we can all take – from removing gender bias from the language in our job descriptions to creating more representative panels for interviews. As part of an industry-first partnership with CAPSLOCK, we’ve even been reskilling our employees from other areas so that they can learn the necessary skills for a career in cybersecurity.
Preparing your people
In fact, people were a major point throughout many of the discussions at CyberUK. Most importantly, the way organisations treat their people will have a huge effect on how they’ll cope in the event of an attack. Almost every organisation will experience an attack at some point, so it’s important to humanise the experience. A crisis can cause a lot of emotional distress, so start by working on how to prevent your employees becoming overwhelmed by dividing up responsibilities and setting them up for the unknown. Then, take time to review after an incident and think about what could have been done differently and what were the key learnings.
By working more effectively with our people and peers and forging new partnerships – we’ll strengthen our resilience against new and evolving threats. If you’d like to find out more about our work raising global cyber awareness and how it could benefit your organisation, please visit our webpage.