March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Sept 2016 Digital Edition
British cyber expert: Recent survey results indicate a need to simplify the issue
By Steve Bittenbender
Editor, Government Security News
A British survey on cybersecurity released on Wednesday indicates that most businesses in the United Kingdom have sought information or guidance on how to handle cyber attacks. However, relatively few companies look to government sources for information on combating such threats.
According to the Cyber Security Breaches Survey 2017, commissioned by the Department for Culture, Media and Sport as part of the UK’s National Cyber Security Program, 58 percent of British businesses have looked for help regarding cybersecurity. Of those seeking advice, only four percent mentioned the public sector as a source.
The findings also indicate that two-thirds of the businesses have invested funds in cybersecurity, with large- and medium-sized firms doing most of the spending. That causes some concern with at least one British cyber expert, who wonders if those companies are getting a proper return on their investment.
Brian Lord, OBE, said many business leaders are confused about what to do because they don’t understand the threats against their companies and what they need to do to protect them. In many cases, cybersecurity experts pitching their solutions aren’t helping matters, added Lord, the managing director of cyber and technology for PGI Cyber.
“A ‘cyber mythology’ has been created by the industry, to sell unnecessarily expensive solutions through fear,” Lord said. “All recent high profile cyber-attack incidents could and should have been prevented with relatively low cost solutions.”
Before joining PGI in 2013, Lord served in the British public sector for more than 20 years. He worked within the Government Communications Headquarters during that time, eventually serving as its deputy director for intelligence and cyber operations.
A day before the DCMS released its survey results, the British Chambers of Commerce released its own survey results with some similar findings. It noted that roughly a quarter of the businesses its surveyed had cybersecurity accreditations in place. The smaller the business, the less likely it was to have an accreditation or be threatened.
“Cyber-attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity,” said Dr. Adam Marshall, the director general of the British Chambers of Commerce. “While firms of all sizes – from major corporations to one-man operations – fall prey to attacks, our evidence shows that large companies are more likely to experience them.”
The most common attack on British businesses came via email, with nearly three-quarters of those attacked saying their employees received a message that led to breach. A third of the companies attacked indicated a virus or spyware led to an incident. The number of times a company was attacked varied greatly, as 37 percent said they were attacked just once in the last year while another 37 percent said they were attacked at least once a month.
Regardless of the quantity of attacks, Lord said that oftentimes the solution isn’t as complicated as the client initially expects.
“It is necessary to simplify everyone’s understanding of the threat,” Lord said. “Whenever I give advice to clients on this subject to business or at a national level to formulate national security policies, the client emphasis is always around finding expensive technical solutions. The unfortunately more boring but more realistic (however considerably more effective and cheaper) solutions reflect a blend of technology, human education and procedural measures. And that blend depends entirely upon the type of threat a company faces.”
Lord said he hopes the British government continues its work to make information about cybersecurity more easily available to the general public. That would serve as the best strategy in bolstering security and reducing the threat he said.
For a copy of the British report, go to: https://www.gov.uk/government/uploads/system/uploads/attachment_data/fil...