Today, the National Audit Office released a report, warning that Britain may be vulnerable from cyber attacks for at least 20 years due to a lack of computer experts. The report shows that the number of specialists in the UK has not increased in line with the growth of the internet, and that this shortage of skills “hampers the UK’s ability to protect itself in cyberspace”.
The report recommends that schools should step up technology and cyber security lessons, in the hope of creating a new generation of IT specialists.
Amyas Morse, head of the NAO, said: “The threat to cyber security is persistent and continually evolving. Business, government and the public must constantly be alert to the level of risk if they are to succeed in detecting and resisting the threat of cyber attack.”
While the report paints a pretty bleak future for the nation, it should in fact be welcomed as evidence that the government is finally catching up to the true risk of online attacks. It’s also encouraging to see that the government is continuing in its line of investing in the next generation of IT specialists, following last year’s announcement that it would be plugging £8 million into the development of security skills at universities to help battle against cybercrime.
Reactive IT defences are undeniably outdated, and as Amyas Morse rightly stated today, organisations both public and private must be constantly aware of the cyber threat if the nation is to have any hope at protecting itself against attacks. As our world becomes increasingly connected and as data volumes grow at unprecedented rates, the potential for intellectual property or other critical information to get compromised in the chaos, or exposed to attacks, grows exponentially.
However, being ‘too proactive’ – such as in the form of pre-emptive strikes, as have been previously recommended by other government bodies – could incite disturbing consequences such as the execution of even more sophisticated state-sponsored attacks on the UK’s critical infrastructure.
Rather than launching pre-emptive cyber attacks, or relying solely on perimeter IT defences, we must start to introduce mechanisms that give context to data and facilitate a deeper understanding of all network activity, as it happens.
In doing so, we must turn our mindset towards proactive, continuous monitoring of IT networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all – after all, you can only defend against that which you can see. Hopefully this report will help enterprises and public entities acknowledge the level of constant awareness that is required to protect the data that they are entrusted with.