Defence Online

Why businesses need military-grade security to tackle cyber-attacks

June 9, 2017

UK Government holds cybersecurity as a tier 1 threat, Stuart Laidlaw, CEO of Cyberlytic, explains why businesses need to secure their data.

The UK Government describes cybersecurity as a tier 1 threat. This means cybersecurity is considered a threat to national security in the same way that terrorism, proliferation of weapons of mass destruction and espionage are.

So, what does that really mean? It means that our government wants the UK to remain a safe and prosperous place to work and do business. It means protecting critical national infrastructure, such as key government departments, power stations, banks, telecommunication companies and many other industries that keep the country working. This is one of the most important areas for defence spending. If critical systems are successfully attacked, the impact would likely be catastrophic. The worst case would be loss of life; for example, if a nuclear power station was successfully compromised it could have incredibly dangerous consequences. Loss of life, disruption to critical services and financial loss can all cause significant harm to the UK. We also see that businesses outside the critical national infrastructure are seen as targets, and whilst the impact on the UK might not be catastrophic, the impact on that particular business could be.

That is why governments around the world are leading the way in funding research and the development of new tools and techniques to protect their interests and those of the businesses that operate under their protection, not just to attack their enemies. We can’t deny that cyber warfare is today’s arms race. Russia’s alleged campaign to disrupt the US presidential election would not have cost as much as conventional espionage. Depending on their motives, the return on their investment is potentially huge.

A significant problem is that advanced techniques developed by state nations no longer take a year to get into the hands of serious, organised criminals. It might only take a month. A recent case being the WannaCry ransomware attack that disrupted the NHS and many organisations around the world. The attack was a mutation of a state-developed malware, which exploited unpatched computers and was adapted to trigger a ransom request. We’re not yet sure who instigated this global attack… It might even have been a lower level criminal, in which case advanced attack tools are filtering down into the hands of individuals faster than organisations can update their defences.

To counter this growing threat, businesses must become more cyber-savvy. It is essential that critical data and data architecture is understood and effectively protected. It’s not an easy fix and will take time, but understanding what data and services are critical to your business is an important first step. Knowing how best to take protect critical assets and data will mean your business is better prepared to deal with the WannaCry ransomware attacks and the next mutation to hit the streets. So how can you make sure you’re clued up?

People are often considered the weakest link when it comes to cyber-risk exposure, and businesses that spend time and money educating staff to increase awareness are less likely to become victims. Understanding what the threat is and the likely attack vectors, is also key to understanding the risks. For example, how much cyber awareness training does the CEO’s executive assistant receive? What if they were to inadvertently click on a spear phishing email or be duped by a cyber-attack to provide access to the CEO’s data? How would that impact the business? These are the kinds of questions you need to ask yourself.

People and processes are of critical importance, but it is also important that all businesses equip themselves with appropriate tools and systems to ensure their cyber-risk is managed effectively. If an attacker can get their hands on the most advanced attack tools, then UK businesses should be allowed to defend themselves with the most advanced defences.

In November 2016, the Chancellor announced a further £1.9BN of Government funding for developing defensive, as well as offensive cyber capabilities. This money manifests itself in several ways:

Large, long-term programmes are delivered by government and defence contractors to meet specific requirements.
At the same time, groups like the Centre for Defence Enterprise (part of the MoD’s Defence Science and Technology Labs or ‘Dstl’) are charged with horizon scanning and uncovering the latest technologies from innovative start-ups and academia.
The Centre for Defence Enterprise has awarded contracts to companies such as ours (Cyberlytic) to deliver high-risk, innovative solutions. These contracts are designed to push the boundaries and allow the UK to gain an upper hand on the nation’s adversaries.

Hackers, hactivists, serious organised criminals and state-sponsored cybercrime developers deploy the most advanced techniques available to them to achieve their aims. Whist the UK government will of course retain some IP for national security purposes, the government is keen to build the UK cyber security market and capability, and allow UK businesses to purchase the best tools to protect the national interest. Therefore, where contracts permit, the government openly encourages reuse of military-grade security to support the growth and stability of UK businesses. And it’s clear that businesses have a need for this technology in the current climate.

Article submitted by Stuart Laidlaw, CEO of Cyberlytic. Cyberlytic has provided advanced technology for the UK Ministry of Defence since 2013, supporting critical cyber research projects and developing advanced cyber solutions that are key to defence requirements.

If you would like to join our community and read more articles like this then please click here

CDE cyber security cybercrime Cyberlytic Dstl hackers phising