Without trust people turn away from doing business online yet the increasing reliance on cyberspace not only brings new opportunities but also new threats. While cyberspace fosters open markets and open societies, this very openness is making us more vulnerable to criminal hackers. The most serious of these attacks can hit organisations’ revenues, reputation and profits so hard that their very existence is threatened.
In January 2015 Prime Minister David Cameron said, “we need to make sure the UK remains one of the most cyber secure places in the world to do business”. As a world-leading digital economy, UK businesses earn £1 in every £5 from the internet and with the right Cyber Security Strategy, Northern Ireland could become the most cyber secure place in the UK for businesses and, therefore, a world-leading location for companies.
With over 40 years’ of combined experience delivering cyber security, leading experts John Bodels and Conrad Simpson from Cyphra talked to Agenda NI on what Northern Ireland needs to do to ensure it is one of the safest and most trusted places in the world to do business.
1. Can you first tell us more about Cyphra and the specialist services you provide?
Cyphra provides expert cyber security services and solutions across the UK and Ireland for a wide range of public sector, finance and large and small private sector clients. We help our clients manage their digital risks and ensure their security strategy supports their business agility and growth objectives. Our strength is in our people who have a combination of technical skills, consulting experience and managed service expertise, thus ensuring our clients understand the risks to their organisations and that they apply appropriate and effective controls to manage them.
2. What role does cyber security play in supporting digital transformation in government?
The adoption of digital technologies is not only helping to reduce costs and create efficiencies that support Northern Ireland’s economic growth, but is changing the way we do things and creating opportunities for innovation. The Northern Ireland Public Sector’s own digital transformation programme is well underway and already delivering benefits. However, the risks posed due to increasing reliance on digital technologies needs to be addressed. Criminals are using the internet to bully vulnerable people, extort money, steal intellectual property and sexually exploit children. The UK Government understands the critical importance of cyber security and has put in place a series of measures designed to boost the cyber security industry. However, it is vital that we in Northern Ireland also understand what needs to be done to protect our society, our businesses and our public services from cyber criminals and those malevolent individuals who launch attacks via the internet.
3. What are the current risks facing the Northern Ireland economy, government and businesses?
The growth of the digital economy brings with it a growing number of internet savvy cyber criminals using increasingly diverse and sophisticated attacks against public and private sector targets. These threats are real, they are here now, the number of attacks is increasing and they are impacting local companies. Business leaders need to understand that whilst high profile organisations such as Talk Talk, Ashley Madison or Sony may have been specifically targeted, the bulk of cyber-attacks are “target and location agnostic”, which means that Northern Ireland organisations both large and small are equally at risk. The internet, or cyberspace, is now being used as a platform for committing traditional crimes such as fraud on an industrial scale. Identity theft and fraud online now dwarf their offline equivalents, with a recent report estimating that cybercrime is costing the Northern Ireland economy almost £100m a year. As businesses and government services move more of their operations online, the scope to exploit potential targets will continue to grow. In his recent speech at GCHQ, Chancellor George Osborne stated that “The starting point must be that every British company is a target, that every British network will be attacked, and that cybercrime is not something that happens to other people”.
4. How is Government and industry tackling these issues?
Progress has already been made at the national level to address growing cyber security threats. The UK Government Cyber Security strategy published in 2011 introduced new structures such as CERT-UK (including the Cyber Information Sharing Partnership) and the National Cyber Crime Unit, programmes such as Cyber Streetwise and Cyber Essentials (that have been established to help consumers and SME’s), support for innovation in the UK cyber sector has seen through the Cyber Growth Partnership and the establishment of the Academic Centres of Excellence in Cyber Security Research scheme (which includes CSIT at Queens University).
Private sector financial institutions have understood the risks posed by cybercrime for many years but many more corporate organisations are now realising that cyber security is a boardroom issue and at the heart of their business and risk strategy. The financial cost and reputational impacts have been played out live on our TV’s for all to see and no Chief Executive wants to find themselves in Dido Harding’s position or have to spend £30m to £35m to fix a cyber security breach.
5. Why does Northern Ireland need its own Cyber Strategy?
Northern Ireland needs a co-ordinated and tailored approach, not only increasing our local economy’s resilience to cyber threats but also driving further economic growth through building Northern Ireland’s reputation as a centre of excellence for cyber security and a safe place to trade and invest.
Northern Ireland is already falling behind. Companies bidding for government tenders in England and Wales now need to demonstrate they hold a Cyber Essentials certification and many larger private sector organisations are applying the same standards to their supply chains. There is no such requirement for NI Government tenders and little local guidance to SME’s on how to improve their basic cyber hygiene. Scotland has just published its own Cyber Resilience strategy with the aim of becoming one of the safest places in the world to live and do business. Northern Ireland needs a similar strategic approach that can forge better collaboration between public sector, industry and academia to address areas such as leadership, education and innovation.
6. Does Northern Ireland have the skill sets to protect against the current and future cyber-threats?
Northern Ireland has some world class cyber capability with expertise in the private sector, key government agencies, and academia. However this in itself is not enough. The 2015 Global Information Security Workforce Study predicts that the global cyber security workforce shortage will reach 1.5 million within five years as demand outstrips supply. Northern Ireland has an opportunity to help address this gap. It needs to move quickly to encourage expertise into the region, and to ensure our schools and further education colleges are incorporating cyber security into the curriculum. Only then can we provide a pipeline of skills that can help meet this demand and support further local inward investment and innovation in the cyber sector. The Scottish Qualification Authority has already developed awards in Cyber Security for schools and in the US they have introduced programs at primary school levels in collaboration with the cyber security industry.
Doing nothing is no longer an option. With a structured co-ordinated approach, Northern Ireland has the opportunity to be cyber leaders rather than cyber laggards. Northern Ireland can become the safest place in the UK to live, work and play. And, by inference, one of the most secure places in the world to do business.