It appears that all the building blocks are now in place to tackle the threat of cyber security.
The IT industry is not one known for looking back in the misguided sense that things were better in its past. Why? Because they weren’t. Some of us ‘computer boomers’ from the 1980s may have dewy eyed memories of our first Sinclair Spectrum or Commodore 64 but if truth be known they were severely restricted in all elements of computing.
Therefore, we look forward to what is next. The forthcoming release of software, the speed hikes in processor speed, the continual expansion of storage, the increasingly vivid graphics and the stunning sound reproduction that comes out of the hunks of aluminium and glass that adorn our desks.
But is this wise? Would it be a useful exercise to sometimes just pause, take a breath, assimilate all the information that has passed through our inboxes and see if we are perhaps further forward that we thought we were.
As Cyber Insights, the weekly blog from the National Cyber Skills Centre, approaches its second anniversary, I started to do just that. To look back and consider how things have progressed in all aspects of the cyber security area – both technical and non-technical.
The most striking realisation is that cyber security has gone from a relatively small section of computer science to making front page news around the world. Victims of cyber crime have been measured in the multiples of millions and the proceeds lining the criminal’s pockets has vaulted into the tens of millions. This means that awareness amongst even the most technically shy has reached a point that they now know they are potential victims.
To combat this growing threat Governments have been investing in national cyber defence measures. They have also been offering advice and sharing their threat intelligence with business community.
As cyber security was predominately created by the exploitation of flaws within software, the software companies have been regularly issuing patches and updates as soon as these flaws have been exposed or utilised. In the past updating software, would happen infrequently. I now find myself updating, thanks to the modern notification systems, on almost a daily basis.
Complementing the established software vendors are also a new breed of software companies who provide a dizzying array of technologies to secure an individuals or organisations data assets. Technologies such as VPNs, two factor authentication and anti-malware solutions are now common place.
Training and consultancy in cyber security has been maturing well over the past couple of years as well. Briefings for executives through to hands on training for IT managers and everyday users is now widely available. Consultancies will undertake technical and process audits to independently inform an organisation where their risks may be and the necessary action required to mitigate them.
With industry recognised and government recommended standards for cyber security available, such as Cyber Essentials and IASME, plus the wider reaching ISO 27001 standard. There is a model to which any organisation can measure themselves against. With GDPR being adopted into UK law no longer will meeting standards be optional, but will be mandatory and the potential costs, in the form of fines, should a company suffer a cyber attack or data breach is now spurring many into some long over action.
Business support services regarding cyber security, have also been developing well. The cyber liability insurance market continues to grow and many companies are investing in such polices to assist them should the worst happen. Digital forensics, for cyber crime investigation, is also developing into a highly valued service. As the traditional law enforcement agencies struggle with this seismic shift in the crime landscape they themselves are utilising the services of such organisations to bring cyber criminals to justice.
The law is catching up regarding loss of personal data too and individuals are being provided with greater and greater power to see what information organisations hold on them and can ask for copies of it, or for it to be removed.
All in all, things are progressing well in the cyber security world. Is it all completely resolved now? No, but the necessary building blocks appear to all be in place so that there is no longer a compelling argument to NOT do anything about this issue.
The IT industry continues to move forward at an almost unrelenting speed of development and improvement. Those old home computers from the 1980s, despite their nostalgic charm, appear to the modern world of computing as outdated as a covered wagon does when compared to the latest super car. This attitude of ‘things will always improve’ is hardwired into its psyche and they have proved that many times over. Thankfully they have proved themselves once again, but this time regarding cyber security.