While improvements to cybersecurity awareness are ongoing, there is still a long way to go in cultivating a cyber aware society, Stu Hirst believes.
Speaking at ScotSoft 2018, Hirst highlighted a broad variety of cybersecurity incidents he has witnessed over the duration of his career. From disgruntled employees deleting data to sinister Chinese bot activity, Hirst appears to have seen it all.
Hirst spoke to DIGIT to air his thoughts on Scotland’s cybersecurity community and some of the key cyber threats that may arise in the near future.
A Vibrant Community
While Scotland’s cybersecurity sector isn’t a behemoth of the global ecosystem, it is exceptionally strong and has the ability to grow, Hirst believes. With a number of “disruptive and innovative companies” all at play, along with an education system interwoven with the sector, the talent certainly is present.
“I think it’s one of the strongest (communities) on the planet,” he said. “For such a small nation, we’re innovators and that’s reflected in the number of tech startups coming out of Edinburgh – and the country as a whole.”
What separates Scotland is its tight-knit community which values cooperation and dialogue.
“The cyber scene is arguably the strongest in the UK,” Hirst suggested. “There isn’t really a community elsewhere in the UK like what we see in Edinburgh, for example.
“Yes it’s a smaller community, but it’s vibrant and the number of events going on, the people spinning out – like your Bill Buchanan’s or Jamie Graves – and the companies now working in the scene shows how talented we are.”
While the sector is growing and developing at a promising rate, Hirst conceded that there may be a challenge to keep talent in Scotland. To retain Scotland’s future cyber leaders, there has to be more than just a monetary appeal.
“Obviously places like London are going to attract people but that’s up to the sector to keep this talent. We’re going to see a lot of great people coming out of universities in the near future and there needs to be an incentive to stay here,” Hirst said.
“Edinburgh, and Scotland in general, is a great place to be so we have that to our advantage. The opportunities need to be there, however, and that means a strong ecosystem.”
Cybersecurity threats are growing worldwide, while the prospect of an escalation in cyber warfare between nation states looms. Hirst believes that for the UK, cybersecurity starts from the ground up. Although the government’s role is to protect the nation from global cyber threats, defence in British industry should always start with the employees on the ground.
Cyber hygiene and increased education, he explained, is key to preventing damning breaches and potentially life-changing financial losses for the everyday citizen. The importance of internal training and awareness, Hirst said, cannot be understated. While many organisations and companies maintain strict cybersecurity standards and firewalls, bad actors are increasingly turning to employees.
Phishing scams are of particular concern to Hirst and many others within cybersecurity circles. As the fastest-growing attack vector, phishing scams target the weak links in an organisation’s defences. To counter this and mitigate risks, companies have to invest in their people and improve company culture.
Hirst says that the UK has all the necessary tools at its disposal to take on the cyber challenges of the future.
“It’s the next warfare really, it’s already happening and it’s a serious concern. The potential to hack infrastructure that keeps countries running is very real. You’re even seeing it on a political level influencing elections now.
“It’s not just hacking either, it falls down to data in general and the proliferation of information. You see bots on Twitter spreading misinformation and this is a worrying development.”