Gigamon’s Mark Coates on What’s Wrong with UK Cybersecurity
In an era where digital threats loom larger than ever, the state of cybersecurity in the UK has come under intense scrutiny.
With recent high-profile attacks on critical infrastructure and a growing awareness of vulnerabilities in both public and private sectors, the need for a comprehensive and forward-thinking approach to cybersecurity has never been more pressing.
As the UK grapples with these challenges, experts are calling for a significant overhaul of current practices and a renewed focus on robust, adaptive security measures.
Yet the landscape of cybersecurity in the UK is complex and multifaceted, encompassing everything from government agencies and critical national infrastructure to small businesses and individual citizens. in fact, according to the Cyber Breaches Survey, conducted this year by the Department for Science, Innovation and Technology (DSIT), around half of UK businesses had experienced a cyber-attack in the previous 12 months.
These surveys have highlighted a concerning situation across various sectors, with many organisations struggling to keep pace with the rapidly evolving threat landscape.
But where is the shortfall to be found? To find out more, we spoke with Mark Coates, VP EMEA at Gigamon, about the current state of cybersecurity in UK businesses and the potential solutions on the horizon.
The state of cybersecurity in the UK
Mark paints a sobering picture of the current cybersecurity landscape in the UK.
"The state of cybersecurity in UK businesses is facing significant challenges," he notes. "Most UK businesses are severely under prepared to effectively handle the rise in cyberattacks.”
This underscores the pervasive nature of the threat and the urgent need for improved security measures. There is also a particularly alarming issue within the public sector.
"A recent government report reveals 43 legacy IT systems at critical risk, including 11 within the MoD, which is a ticking time bomb against modern cyber threats," says Mark.
The prevalence of outdated technology in critical systems represents a significant vulnerability in the UK's cybersecurity defences.
These legacy systems, often deeply embedded in organisational infrastructure, can be challenging and costly to replace. However, their continued use poses an unacceptable risk in the face of sophisticated modern cyber threats.
"But the problem isn't only prevalent in the public sector, unpreparedness is a key theme in private organisations as well,” says Mark. “A recent survey reveals that a quarter of organisations are unable to address active threats, leaving them vulnerable to serious damage."
A call for action
With a new government in place, there is hope for a fresh approach to cybersecurity. Mark outlines some key areas where governmental action could make a significant impact:
"To enhance the UK's critical national infrastructure security, the new government's approach MUST focus on two key weaknesses," he states. "Firstly, addressing the problem of legacy technology is crucial; modernising and securing outdated systems will help mitigate vulnerabilities and enhance resilience against sophisticated cyber threats."
Mark also highlights the importance of supply chain security. "Secondly, organisations must address the most common entry point to CNI's which are their extended supply-chains. When selecting suppliers and vetting third parties, it's important to assess not just the quality and price of services offered, but also the IT maturity of the supplier."
One of the key methodologies that Mark believes the government should be promoting is the adoption of Zero Trust models. "The new government should advocate for the adoption of Zero Trust 'like' models," he advises. "With 64% of IT and security leaders anticipating a government mandate for Zero Trust within two years, it's clear that this approach, which includes network segmentation and total network traffic visibility, is becoming increasingly important."
However, cautions come with relying solely on new security tools. "With research showing that 70% of CISOs are questioning the effectiveness of their tool stacks in identifying and remediating breaches, it's clear that investing in 'shiny' new security tools is not the complete answer."
Instead, Mark advocates for a more holistic approach. "All these tools must be integrated into a broader security strategy, configured properly, and supplied with accurate data at the right time and place to identify threats promptly. This holistic approach ensures there are no blind spots, and all tools are working in a cohesive manner."
The path forward
As the UK faces these cybersecurity challenges, it's clear that a multifaceted approach is necessary. This includes modernising legacy systems, improving supply chain security, adopting Zero Trust models, and fostering a culture of cybersecurity awareness across all sectors.
But Mark insists this should come as a call for mandates on all cybersecurity practices.
"Yes, a mandate on Zero Trust would push organisations to take a more proactive approach to their cyber security, encouraging better security practices across all areas, not just at the perimeter."
As the UK moves forward in this digital age, the importance of robust, adaptive cybersecurity measures cannot be overstated.
With concerted effort from both the public and private sectors, and a commitment to ongoing improvement and innovation, the UK can build a more secure digital future for all its citizens and businesses.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand