19 May 2017
Blogs by author: Mark Hughes, President, BT Security
It’s imperative that nation states act now to put in place cyber defences to protect themselves from the most advanced threats the world has to offer.
We’re at cyber war.
The recent worldwide WannaCry ransomware attack is a stark reminder of the increasingly dangerous and fast-developing world of cyber crime we all live and do business in.
Every business, financial institution, telecoms provider, energy company and government should now consider itself to be under threat from cyber criminals intent on causing devastation for gain. This ever-growing network of cyber criminals is intent on developing the most advanced attack methods to penetrate your systems. And, increasingly, nation states are employing these hacker services to damage other governments and influence political outcomes.
We need to respond to this. Those of us with national responsibilities, the leaders of nationally-important businesses, and major institutions, need to unite to fight. We need to lead a defence strategy against this cyber warfare at a national level, bringing the best minds and tools together to protect your assets and serve the national interest.
Seismic shifts in the cyber landscape.
We all know that the cyber defence landscape is one of constant change, but 2016 saw a seismic shift in attack methodologies, threat actors, means, motive and opportunities.
Throughout 2015, identity theft and ransomware exploitation pay-rolled heavy criminal investment in new technology, new attack vectors and new, increasingly complex exploits. On the back of this growth, and due partially to geopolitical influences, cyber attacks in 2016 changed motives. The most advanced attackers moved to acquire a greater wealth: power. As a result, we’ve seen wave after wave of serious attacks designed to display, acquire or leverage power.
Nation states are flexing their cyber powers, and displaying a disturbing willingness to escalate their actions to cause major nation-state-level threats. Relatively unsophisticated countries are revealing the ability and determination to use cyber crime to fund national developments such as nuclear weapons.
Cyber defence at a national level is essential.
The only effective response to this level of cyber attack is a major step up in cyber security to give us national-level insight and oversight that will work closely with industry and government. We need to develop a cohesive, multi-layered and sophisticated national cyber defence capability.
So how does a nation make this a reality?
It starts by establishing a focus for its national cyber defence capability, by creating a National Cyber Security Centre, or Capability (NCSC), such as the ones in the UK and in the Kingdom of Saudi Arabia.
A NCSC then begins a significant period of strategy, policy creation and technical direction setting — all alongside working closely with its nation’s industry. It’s vital that government, critical infrastructure and industry forge strong and effective relationships to share relevant information and, together, make decisions that help detect, deter and (ultimately), defeat them at source. In fact, the NCSC in the UK played a vital role in coordinating a response to the WannaCry attack — so it’s clear that they’re effective.
A national cyber defence capability ideally divides its organisation into the four key operational domains of intelligence, forensics, threat monitoring and information sharing.
Leaders of large enterprises share the defence responsibility.
We all accept that business plays a key role in determining the success of a nation, and that national decisions impact on business; this interdependence now extends to cyber security.
Cyber security has stepped beyond the realm of pure cyber security specialists. Key decision makers need to understand what data the NCSC will require, as well as how to maintain and follow the guidance and policies provided. You need to be ready to action NCSC-generated intelligence, to respond and defend with agility, in order to help the NCSC identify threats that could devastate businesses like yours.
This spirit of shared enterprise makes it much easier for organisations like yours to scale up their cyber security measures, since the approaches taken by the NCSC provide a template to follow to develop a multifaceted, highly-responsive cyber defence capability.
Explore the possibilities and share in our experience.
We’ve always been at the forefront of cyber security development as an essential part of protecting our global network. And, as our expertise has evolved, we’ve shared our knowledge with UK government and some of the largest business organisations in the world. We’ve distilled all this insight and proficiency into practical functionality that can give your enterprise and your nation the cyber defence you need.
GISEC 2017 is just around the corner, and is the ideal venue for us to explore the future of cyber security at both an enterprise and national level. Find out more about the GISEC 2017 agenda and register today.