Charlie gives an insight into his thoughts on the recent CyberUK conference and discusses how cyber security has changed in recent years.
This week I have been at the CyberUK Conference in Belfast. The conference is billed as ‘the UK’s flagship cyber security event run by the National Cyber Security Centre (NCSC)’. It is filled with the greats of the cyber world from government, security services, law enforcement, to the big cyber companies. It is very much government-orientated and about strategic, political and societal issues, rather than organisations selling their latest cyber security products.
Below are some thoughts on what I have learned:
- As malicious cyber tools and techniques have become cheaper and more available, new actors, which could include countries, will be able to use these tools to attack other countries and organisations. At present, the main countries which are adversaries to the UK, and are conducting cyber operations, are Russia, China, North Korea, and Iran. This makes it more likely that an organisation could be attacked if a nation-state sees them as an enemy. Further information can be read on the NCSC website here.
- In one of the government presentations, there was an increase in the threat from ‘cyber soldiers’ from Russia, carried out by the cyber-equivalent of the Wagner Group. They are switching from attacking Ukrainian targets, and may start to attack critical Western infrastructure. I think we need to be aware, as part of our planning, that utility failure caused by a cyber-attack is a possibility.
- Ransomware is not going away as a major threat.
- We are just about to enter a new revolutionary era with the new technologies of AI and quantum computing. This change will bring with it huge threats and opportunities. Nobody knows how their introduction will change society, but there is resounding agreement that huge change is on its way. As business continuity people, we have to recognise that we are in a time of change and keep up with our learning, CPD, and training, to ensure that we recognise and work to mitigate the threats to our organisation.
- There was lots of talk of a partnership between business and government in the area of cyber. This is a change in terms of security, the government used to hold all the leavers, they had the law enforcement individuals, equipment, and systems. Now, much of the security process behind the government is done by private companies, rather than the other way around!
- There was also lots of talk about what the cyber community is trying to secure, and ‘this is the end of our freedom and democratic values’. Cyber security is a constant battle against nation-states and criminals who want to attack those values and do us harm. This has moved from cyber security, to a process for making sure that we change our passwords, to a means of protecting our way of life.
P.S. There were lots of delegates from around the world attending the conference, as the UK is trying to position itself as a global cyber superpower.