The threat of cybercrime is constantly growing and evolving: illustrated by the mega-breach of Equifax, where 143 million US and nearly 700,000 UK customers’ data was stolen; the global NotPetra ransomware outbreak that cost shipping giant Maersk $300 million; and the WannaCry ransomware attack that disrupted more than a third of NHS Trusts and resulted in nearly 7,000 cancelled appointments.
Despite this, however, there remains a lack of understanding around cybersecurity.
Speaking at the Parliament & Internet Conference this week, Ciaran Martin, head of the National Cyber Security Centre (NCSC), highlighted how CEOs typically understand a massive range of complex issues, from mergers and acquisitions, environmental responsibilities, to trade regulations. However, he continued, many CEOs still have a very low level of understanding of cybersecurity.
But what constitutes a good level of understanding of cyber and data security?
Martin provided the following questions he indicated business leaders should know the answers to:
- The company you bought: where’s the customer list?
- If you get ransomware, where’s your backup data?
- What did your last security detection report tell you?
- Can you operate your own security procedures or does someone do it for you?
- If someone hacked into your work phone, what would they get
- If a disgruntled employee put a USB stick into a port in your system, what could they get?
For a cybersecurity novice, understanding all the elements needed to answer the aforementioned questions is not a task to be sniffed at. But the responsibility is real to actively protect our networks and data. And, as Martin pointed out, “no one is asking a small business to take on Russia”.
Why is it important? Well, the UK is facing a significant cyber skills gap, with estimates indicating that there could be more than 3 million unfilled jobs in the cybersecurity sector by 2021.
To plug the gap, there is no question that we need more technical cybersecurity specialists. And just last week, the Government launched the Cyber Discovery Programme to build interest in security work among 14-18 year olds to help fill the looming gap.
But we also need people from all walks of life - business and public sector leaders, employees, and consumers alike - to understand their role in defending against and managing the cyber threats that they’re likely to face.
The UK needs its best cybersecurity talent to be facing the great cybersecurity challenges of our time. Candidly showing a map highlighting China, North Korea and Iran, Martin highlighted the significant and complex challenges that our nation’s best cyber experts need to be applied to.
Ultimately, we need to upskill the nation so that we can defend ourselves against common cyberattacks. From script kiddies, cyber gangs to nation state actors, the cyber threat landscape is rapidly growing and evolving and we all must do our bit to reduce the impact.
Only this way can the best cybersecurity talent with GCHQ focus on the adversaries that will keep our critical national infrastructure and services safe and secure.