Ruth Davis leads strategy for the cyber security portfolio of a FTSE 100 Communications Service Provider. She contested iCeredigion in last year’s general election.
A spotlight is being shone on Russia’s aggressive cyber activities. For weeks, providers of Critical National Infrastructure (CNI) have been on heightened alert following escalating tensions between Moscow and the West. Yesterday, security officials from both the UK and the US issued a joint warning about possible Russian attacks on critical infrastructure and attempts to steal intellectual property.
The media spotlight will move on, but our focus on our cyber security should not. Cyber-space is the primary means of global communication and a crucial foundation of our economy. This is why it has become the domain where states wage war by other means and the most attractive place for criminals to target individuals and businesses.
Government research shows that the average person is roughly eleven times more likely to be the victim of cyber-crime than an in-person robbery. All sorts of businesses have been targeted too: Mumsnet, Pizza Hut and Moonpig for example – it’s not just energy companies and broadband providers who need to worry.
This is widely recognised, but not matched by the investment needed to improve security. The majority of vulnerabilities exploited by hackers in 2016 had been known about for nearly a decade – that’s like leaving the front door to your office with a broken lock for 10 years.
The huge impact of cyber-crime is in part due to its professionalisation. ‘Cyber Crime as a Service’ kits are sold on the dark web, enabling criminals with very little technical know-how to extort and steal money. You don’t need the expertise and skills of Russian state hackers to wreak havoc and make some money, just a credit card and a Tor browser.
This is why the Government invests heavily in bolstering the UK’s cyber defences, pursuing cyber criminals and developing cyber security skills and businesses. But governments need the support of the private sector to succeed. That’s why Microsoft, and 33 partners, have launched the Tech Accord today. This is a public commitment to work together to protect customers from cyber-attack, design products that prioritise security and provide the information customers need to understand how to protect themselves online.
Here are a few thoughts on how they could start.
Awareness: there is a lot of information out there about staying safe online, but you have to go looking for it. It needs to be woven into everyday life. Companies have a better opportunity than governments to push safety messages to their customers. Some, like Barclays, have used advertising campaigns to do this.
Technology: designing security into products, such as making it mandatory to change a default password when setting up a new device, is another area that needs attention.
Information: better information on product packaging setting out, for example, the types of data the product will collect and what it will do with it will also help consumers make informed decisions about the products and services they are buying.
Finally, cooperation. The joint US – UK announcement this week has shown the importance of strong global ties in fighting cyber threats. The private sector also needs to support international partnerships. Last year, BT became the first communications provider to sign an intelligence sharing agreement with Interpol, providing information about cyber criminals, cyber-attacks and malicious domain names.
The Tech Accord is an important step toward a global recognition of collective responsibility for improving cyber security. Some businesses have been doing this for years, others are just starting. All must step up and we, their customers, need to hold them to account.