by Simon Edwards
The UK is facing a bigger threat from cyberspace now than ever before: that was the message from the National Cyber Security Centre (NCSC) this week as it launched its first major report into the threat landscape. Produced in association with the National Crime Agency (NCA), it also featured input from Trend Micro. We’re pleased to be working side-by-side with law enforcement and government to help protect citizens and organisations — because only with collaboration across sectors can we offer truly effective threat defence against cybercrime and nation state hacking.
Threats on the rise
The NCSC claimed that criminals are “launching more online attacks on UK businesses than ever before”. In fact, between October 2016 when the GCHQ arm was first opened and the end of 2017, it recorded 34 “significant” cyber-attacks like WannaCry which required a cross-government response, and 762 other incidents. Most importantly, the report warns that “a basic cybersecurity posture is no longer enough” to defeat attackers.
So what are the key risks? According to the NCSC they include:
- Ransomware and DDoS
- Data breaches
- Supply chain compromise
- Fake news and information operations
- Business email compromise
- Security vulnerabilities
- IoT threats
- Cloud security
These are all threats Trend Micro has detailed in its own 2017 roundup report, The Paradox of Cyberthreats. But if a “basic security posture” is no longer enough to combat most threats, what can be done to keep organisations and internet users safe?
The first is close public-private collaboration. We have long-standing agreements with Interpol, Europol, UK police and the NCA, which have already led to arrests and convictions. Our world-leading threat intelligence network and forward-looking threat research team can provide invaluable resources for publicly funded agencies which may lack the in-house capabilities on a global scale. Without this kind of insight, many may be severely hampered in their investigations: because what you can’t see, you can’t police.
We also have the skills and resources to help train law enforcers if called upon, and to work in close collaboration on active investigations. Once again, there’s a vital role for private sector expertise to fill some of the gaps left by funding shortfalls and the endemic skills shortages facing IT and cybersecurity.
Perhaps most importantly, we can work with critical national infrastructure (CNI) and other organisations to help protect data and systems from attack.
It might not have the headline-grabbing hype of some newer market entrants, but the Trend Micro approach is well established and proven to work for organisations across government, financial services, healthcare and many more sectors. It’s all about layering up cross-generational tools and techniques, with the right technique applied at the right time to optimise protection. This could include app whitelisting, behavioural detection, exploit prevention and “high-fidelity” machine learning.
All combine to be greater than the sum of their parts, in a connected threat defence approach which ensures different layers of your security set-up — endpoints, gateways, cloud servers and networks — share intelligence to maximise protection.
The UK may be facing unprecedented levels of cyber-attack, but with the right approach to threat defence and close industry collaboration, we have the capabilities to mitigate the threat from cyberspace.