Security

Perspectives on how the UK is currently coping with cybersecurity challenges: Part 1

Mark Weir
April 3, 2018

Cisco’s latest Annual Cybersecurity Report is ready for you to download – and it’s full of details on how cyber criminals are trying to hide their malware, the types of malicious campaigns they are executing, and of course plenty of advice from our threat intelligence experts on how businesses can better protect themselves.

Also covered in the report is a global picture of how security professionals are coping with the challenges they face, and how they deal with data breaches. We call it our ‘Security Benchmarks Study’, and it’s based on responses from thousands of companies.

We’ve dived into the responses and highlighted the UK stats for this blog, and compared them with both global and European averages.

There are some differences, so I’ve sought to add a potential explanation for these, and also offered some advice on what UK companies need to do to change the security equation, and not be dictated by the rules the cyber criminals are setting.

Here are the first 5 stats – stay tuned later for part 2 of the report.

69% of attacks in the UK resulted in damage over $500,000 (vs. 53% global)

Hackers now tend to think like businesses. Like any other business, they’re thinking about how they can get the most ROI (i.e how much can they sell the data they collect for?). The potential for high net gains from UK organisations is higher than the global average, hence the increased attack vector and remunerations.

31% of British organisations list lack of security personnel as one of the biggest obstacles to security (#2 in list, after ‘competing priorities’, and ahead of ‘budget’)

As in many countries, skills shortage is a major issue, and the UK is no exception. In cybersecurity, this is now starting to bite across every single sector. Education (i.e university courses, apprentices) won’t be enough to solve this problem by itself. Businesses in the UK must also look at embracing new tools such as automation, AI and, crucially, integrated security, that will ensure security personnel are put to better use than a lot of the manual tasks they currently have to carry out. For example, we need security personnel who can think creatively (i.e like hackers) so they can identify all the ways their company may be breached.

To cope with this skills shortage, we will expect to see a wage inflation in cybersecurity positions in the UK. However, this may mean that certain demographics such as Government or SMEs may struggle to meet the higher wages, and will thus struggle to recruit and retain. This may also introduce an increase in managed security services, to cope with the current skills gap of approximately 150,000 unfilled vacancies. Cybersecurity positions in the UK desperately need to be filled!

34% of British companies manage more than 21 cybersecurity vendors (21% globally)

Our industry is (thankfully!) moving from a point product solutions approach to more of a connected security solutions approach. Connected security doesn’t have to all come from one vendor – what’s crucial, for the sake of making our businesses safer, vendors must together to have their solutions working together in harmony. UK companies are currently using more vendors, but the emphasis should be on ensuring these vendors are connected.

Connected security means we can help our customers simplify their infrastructure, remediate attacks more quickly, and also mitigate the skills shortage because teams will be managing less interfaces. Sometimes there’s commercial gain in managing less vendors as well.

The crucial thing is to ‘use what you’ve got’ before replacing everything, and making sure that everything comes back to the problem you’re trying to solve. At Cisco we’re committed to third party integration so that our customers are better protected. The bad guys are working collaboratively and connected, so we need to make sure, as an industry, that we’re doing the same. Otherwise we will always be playing the hackers’ game, and having the rules dictated to us.

Only 58% of security alerts in the UK are investigated (vs. 56% global). Of those, 45% are legitimate. Of legitimate alerts, 55% are remediated.

We all need to find a way of cutting the noise down and using technology to eliminate the volume of basic alerts. At the moment in the UK, it’s like having a never ending email inbox, filled with spam. You’re not able to work out the urgent from the important. More adopted use of technology can help to investigate real and critical alerts, rather than the alerts that don’t need worrying about.

Our threat researchers and experts have studied the latest developments in the threat landscape and compiled them into our 2018 Annual Cybersecurity Report.