On 6th and 7th of July 2023, Templar Executives and Lancaster University will hold a Cyber Security Symposium for Cyber Leaders from the UK and abroad to discuss: Innovating Cyber Leadership for Global Challenges. There will be a lot to think and talk about. In this short blog I aim to highlight a number of the themes which I am sure will be ‘hot topics’ at the Symposium and reflective of the industry landscape.

I will start therefore with CyberUK 2023, GCHQ/NCSC’s flagship conference held in Belfast on 19th and 20th April. Many of the key-note speakers used a recently released Government report on Cyber breaches from 2022 to remind delegates that in the modern era, Cyber is more important than ever before.

In its 2022 Cyber Breaches Report, the UK government revealed some concerning trends in cyberattacks and data breaches. The report showed that the number of cyberattacks on UK businesses has increased, with more than half of all firms experiencing a breach in the past year. Key Findings from the 2022 Cyber Breaches Report were:

• Increase in Cyber attacks: 32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or more in annual income (56%).
• Decrease in Priority: The proportion of micro businesses saying cyber security is a high priority has decreased from 80% in 2022 to 68% this year. Qualitative evidence suggests that cyber security has dropped down the priority lists for these smaller organisations, relative to wider economic concerns like inflation and uncertainty.
• Decline in Cyber Hygiene: across the last three waves of the survey, some areas of cyber hygiene have seen consistent declines among businesses. This includes:

1. use of password policies (79% in 2021, vs. 70% in 2023)
2. use of network firewalls (78% in 2021 vs. 66% in 2023)
3. restricting admin rights (75% in 2021, vs. 67% in 2023)
4. policies to apply software security updates within 14 days (43% in 2021, vs. 31% in 2023).

• Increase in Cyber Crime: A total of 11% of businesses and 8% of charities have experienced Cyber crime in the last 12 months, rising to 26% of medium businesses, 37% of large businesses and 25% of high-income charities. Looked at another way, among the 32% businesses and 24% of charities identifying any cyber security breaches or attacks, around a third (34% for businesses and 32% for charities) ended up being victims of Cyber crime.

It was against this backdrop that the CEO of NCSC, Lindy Cameron opened her speech by announcing that all providers of Critical National Infrastructure had that morning received an alert warning that state activity against the UK was likely to increase and for them to be on their guard. Her speech covered 4 main areas:

1. Ransomware: the increasing threat of ransomware attacks was emphasised, noting that they are becoming more frequent, sophisticated, and impactful. She called on organisations to prioritise Cyber Security and prepare for potential attacks.
2. Supply Chain Risk: the risks posed by supply chain attacks was highlighted. She urged organisations to better understand their supply chain risks and to implement appropriate security measures.
3. Nation-State Threats: Cameron noted the ongoing threat posed by nation-states in Cyberspace, including state-sponsored attacks on critical infrastructure, theft of intellectual property, and espionage. She called for increased collaboration between governments and the private sector to address these threats. China was singled out in its quest for technological superiority.
4. Cybersecurity Skills Gap: Finally, Cameron discussed the growing Cyber Security skills gap, noting that there is a shortage of skilled Cyber Security professionals in the industry (some 14,000 vacancies in the UK). She called on organizations to invest in training and education to build a stronger Cyber Security workforce.

However, as the ‘newest kids on the block’ technologies such as Quantum (computing and encryption), Artificial Intelligence (AI) and Large Language Models (LLMs) such as ChatGPT were a favourite topic of discussion both in and out of plenary. As a Cyber Leader of course we need to understand, from a strategic, operational and tactical point of view what pros and cons such tools present us with and their implications. However, our track record over the last 40 years in understanding the cons is, frankly, woeful. Ever since 1st January 1981 when the modern internet protocol was launched we have always been too altruistic in our belief that mankind would do the ‘right thing’. Consequently, for the last 40 years the development of the internet, sharing of open source software and social media platforms, Cyber Security has always been a ‘bolt-on’ and never ‘baked in’ at the initial design stage. The mantras of ‘Secure-by-design’ and ‘Secure-by-default’ were championed clearly and often during the conference by many eminent speakers. Something we have of course heard before but something we definitely need for these new technologies as they develop further. I expect some constructive and enlightening discussions at the Cyber Leader’ Symposium in July on how we as Cyber Leaders develop strategies to use them safely and securely in our personal and business lives.

Related Blogs

• 

  The Value of Personal Development in Cyber Leadership

• 

  About TAS-S

• 

  Unlocking Employment Opportunities in Cyber Security

Disclaimer

The opinions expressed by our bloggers and those providing comments are personal, and may not necessarily reflect the opinions of Lancaster University. Responsibility for the accuracy of any of the information contained within blog posts belongs to the blogger.