IT Brief UK - Technology news for CIOs & IT decision-makers
Story image

UK urged to adopt proactive measures against cyber threats

Yesterday

The chief executive of ISMS.online, Luke Dash, has highlighted the challenges and necessary actions in UK cybersecurity following the head of GCHQ's National Cyber Security Centre, Richard Horne's speech on the magnitude of online threats from hostile entities.

Horne had stated that "hostile activity in cyberspace has increased in frequency, sophistication and intensity from enemies who want to cause maximum disruption and destruction" and stressed that "there is no room for complacency."

Dash echoed these concerns, pointing out that the UK may be underestimating the severity of cyber threats from criminal gangs and hostile states.

Dash noted, "It is clear that while we've made progress in addressing vulnerabilities, the pace of threats is outstripping the pace of our defences. Even over the last few weeks, we've seen a series of cyber-attacks that have been carried out on several councils - some of which have been claimed by a pro-Russian hacking group." He emphasised the need for a proactive approach to cybersecurity.

He referenced legislations like the Network and Information Systems (NIS) Regulations 2018, the Computer Misuse Act 1990, and the proposed Cyber Security and Resilience Bill, acknowledging that these measures and international collaborations such as the Five Eyes partnership symbolise a shift towards proactive cybersecurity strategies. Dash stated, "These measures reflect a shift from reactive to proactive cybersecurity and emphasise continuous monitoring, incident response planning, and the integration of cybersecurity with broader risk management, which can only be good for CNI's security."

Despite these advancements, Dash warned against complacency: "Many businesses delivering services to CNI operate under the illusion that cybersecurity is 'someone else's problem.' This mindset is dangerously outdated."

He warned that organisations often neglect fundamental security protocols such as system patching and conducting risk assessments.

Dash advocated for the utilisation of cybersecurity frameworks like ISO 27001, which he believes are essential yet underutilised.

Dash also warned that many businesses regard these frameworks as mere compliance requirements rather than strategic necessities, stressing that "the focus must shift from compliance as a regulatory requirement to compliance as an operational survival strategy."

He reflected on the interconnected nature of modern business operations, explaining that "in a connected ecosystem, your weakest link can become everyone's problem."

He called for a comprehensive approach to security, stating: "Effective security is not just technical—it's procedural, cultural, and strategic."

Concluding his comments, Dash emphasised the broader implications of aligning business operations with comprehensive cybersecurity frameworks.

"Businesses that align their efforts with comprehensive frameworks aren't just protecting themselves; they're contributing to the resilience of their business and that of their suppliers and partners, who could well be part of the extensive supply chain to the nation's most critical systems and services."

Dash underlined the urgency of staying ahead of adversaries, stressing the ongoing and evolving nature of online threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X