The UK must avoid becoming complacent in the face of cybersecurity threats, the CEO of the National Cyber Security Centre (NCSC) has warned.
Lindy Cameron made the statement in her first speech as NCSC CEO, which was delivered to a virtual audience at Queen’s University, Belfast. She took the position in July 2020, taking over from her predecessor Ciaran Martin.
“The cyber security landscape we see now in the UK reflects huge progress and relative strength – but it is not a position we can be complacent about,” she stated.
Citing recent major ransomware cases like the SolarWinds and Microsoft Exchange attacks, she noted that the UK is facing a significant threat from cyberattacks.
The speech recognised the new challenges and developing threats facing the organisation. Cameron noted that the entire UK has a role to play in making the UK the safest place to live and do business online.
“As our reliance on technology grows, from the institutional level down to the individual, so too will the opportunities for those who would seek to compromise our services, our systems, and our data,” she said.
“At the same time, the impact of any compromise will increase in severity as digital identity becomes ever more central to our daily lives.”
Cameron also warned that the number and skill of threat actors is growing.
“This means more than ever, we need to design systems that are tolerant to failure – where one wrong click by a user is not the end of the world.”
She pointed to the threat posed to the UK by nation-state threat actors, claiming that “Russia poses the most acute and immediate threat to the UK”. However, she added that Britain must “be clear-eyed about Chinese ambition in technological advancement”.
In addition, Cameron warned that many companies do not take cybersecurity as seriously as they should.
“The pace of change is no excuse – in boardrooms, digital literacy is as non-negotiable as financial or legal literacy,” she said. “Our CEOs should be as close to their CISO – their Chief Information Security Officer – as their Finance Director or their General Counsel.”
However, she noted that the slow pace of education contributes to this, and added that while cyber skills are not yet considered fundamental, they are essential in a digital economy.
“Security is not yet a key factor for business and consumer choice,” she said.
“Businesses don’t have tools to help them pick secure products for their enterprise IT and there’s no way for consumers to judge security.
“So, businesses seek to outsource their risk to service providers or sweat their IT assets longer than is sensible. And consumers aren’t offered security as a differentiator, only speed, convenience, and branding.”
- Scot-Secure 2021 | Traversing the changing cybersecurity landscape
- Scot-Secure 2021 | Cybersecurity in the age of uncertainty
- Scot-Secure 2021 | Understanding cybersecurity threat actors
In her speech, Cameron explained how the NCSC can help increase the UK’s cyber resilience. The organisation’s key priorities include protecting the nation’s critical infrastructure and protecting the ever-increasing amounts of data to ensure privacy is appropriately managed.
In addition, the NCSC wants to avoid repeating past mistakes with the next generation of commodity technologies and equip future generations to deal with growing complexity.