The UK government went on the cyber-offensive this week, with chancellor Philip Hammond reported as saying, “If we do not have the ability to respond in cyberspace to an attack... we would be left with the impossible choice of turning the other cheek, ignoring the devastating consequences, or resorting to a military response.”
Hammond was talking about the National Cyber Security Strategy, which not only seeks to protect infrastructure like power networks and air traffic control but to also help businesses protect themselves against cyber attacks and data breaches. His predecessor had already announced the government’s intention to spend £1.9 billion on cybersecurity: an awful lot of money, and we can only hope investment is targeted in the most effective ways. There’s been talk of, for example, specialist police units, recruiting more people to work in the National Crime Agency’s cybercrime unit, creating a Cyber Security Research Institute, and training a new generation of cybersecurity experts. BBC News also reported that “the government has already set up automated systems that screen out malware and spam before it reaches UK citizens. Other projects have helped the government verify where emails come from to thwart specific tax fraud campaigns aimed at the UK.” Yet much of this activity continues, including the malware threat, as industry surveys and reports show.
A national strategy is one thing, but businesses need to be doing more themselves. Every organisation that stores data or processes transactions in the cloud, that runs cloud apps and handles sensitive employee or customer data, needs to have its own cybersecurity strategy and policies. And while of course I recognise the threats posed by “hostile foreign actors” – MI5 recently warned of the increasingly aggressive cyber-threat posed by Russia – I also believe that arguably a bigger threat to business security is posed by end user behaviour. Encouragingly, Philip Hammond said it’s crucial “that Britain is a safe place to do the digital business... Trust in the Internet and the infrastructure on which it relies is fundamental to our economic future.” It’s a message that EveryCloud and its partners communicate at every opportunity: businesses need a strategy to deliver that trust in the Internet and their cloud apps, to gain that Cloud Confidence – and it can be a practical process, as outlined in my previous blog post. If you protect yourself properly, retaliation really does become the last resort.