From malware and ransomware to phishing and artificial intelligence attacks (AI), the panorama of cybersecurity threats is evolving. Threat actors continue to deploy increasingly advanced tools to attack their chosen victims, with a Fortinet investigation that shows 87% of organizations experienced one or more cyber security violations in 2023.
As such, it is no longer a matter of whether an organization will experience a violation, it is when. Countries around the world have to press their defenses as a result, including the United Kingdom. But as other countries advance in their cybersecurity protection, how does the United Kingdom compare with its European counterparts and the rest of the world? How can the United Kingdom adapt its cybersecurity ecosystem to keep up with these tactics of changing threats, both now and in the future?
Digital transformation strategy in Fortinet.
Global cybersecurity regulations
Several countries have introduced regulations designed to protect against threats. For example, the NIS2 directive of the European Union requires that organizations in critical sectors, such as energy and transport, implement stronger cybersecurity measures, including risk management and response to incidents. It also requires that organizations report incidents within 24 hours, involve senior management in responsibility and guarantee that cybersecurity risks are mitigated throughout the supply chain.
Beyond, the National Cybersecurity Strategy of the United States also establishes minimum cybersecurity requirements for organizations in critical sectors and changes responsibility for them to encourage security through design and promoting the privacy of data in products and services. In Asia, Singapore has introduced an operational technology master plan with the aim of improving the security of technology that supports the country's economy.
This includes traffic light controllers, fuel station pumps and energy network control systems. The legislation also aims to boost cybersecurity talent through programs, threat intelligence exchange and the establishment of a cybersecurity center of excellence. So what happens to the United Kingdom?
Where the United Kingdom is compared
The government has taken significant measures to strengthen the cybersecurity defenses of the United Kingdom in recent years. This includes the next bill of cybersecurity and resilience that will expand the existing protections for critical infrastructure and digital services, together with the introduction of compulsory incident reports for organizations.
The United Kingdom has also introduced cyber security legislation aimed at specific industries, particularly those that face a large number of attacks, such as medical care, energy and education, due to the value and volume of the data for which they are responsible. This includes the 2022 Telecommunications Safety Law, which requires that telecommunications suppliers implement more strict cybersecurity measures and requirements on incident reports.
However, although these regulations are a step in the right direction, it is important that we continually evaluate and understand the gaps in the cybersecurity defenses of the United Kingdom and address them accordingly. So how can we take advantage of the progress that is already being done?
Narrowing these holes
One way in which the United Kingdom can strengthen its defense line is to make legislation, including the draft cybersecurity and resilience, more descriptive on how current and future threats will fight. As an example, the NIS2 directive clearly describes what should be done to address attacks and improve protection, as well as establish a risk chain risk profile. It also has the support of a group of the Networks and Information Systems Corporation to guarantee compliance between the Member States, which the United Kingdom could establish for the Cybersecurity and Resilience Law Project.
It is important to keep in mind that many EU member states have not yet been officially incorporated into NIS2 in national legislation, and harmonization was difficult due to different economic, logistical and geographical profiles between countries. However, this also provides an opportunity for the United Kingdom to 'choose' the best parts of the regulation and incorporate both into the draft cybersecurity and resilience and future legislation.
It is also vital that the United Kingdom addresses the growing threat of cyber security of AI. While the benefits of technology in cybersecurity are known, we must also recognize that threat actors can use AI who seek to evolve their attack methods, either through sophisticated phishing attacks or collect data, and ensure that organizations are properly protected.
The previous United Kingdom Government adopted a regulatory approach to AI technology, compared to the EU's law that enforced the requirements for use and development.
While the new Labor Government has promised to introduce a binding regulation for certain companies, we must also ensure that organizations are properly protected against threats. To do this, leaders must be encouraged to build a culture of cybersecurity through better employee education. Basic cybersecurity measures should also be implemented, such as multifactor authentication, zero confidence network and software patches and regular applications.
Worldwide, countries continue to strengthen their defenses against threat tactics that actors are deploying. Although the United Kingdom has achieved significant progress in the introduction of regulations designed to protect companies and economics in general, to continually review and adapt our cyber ecosystem, it is essential to identify the gaps in our line of defense. This will allow us to maintain the rhythm of the changing cyber panorama and continue a step forward.
We list the best IT management tool
This article was produced as part of the Techradarpro Insights Expert Channel, where we present the best and most brilliant minds in the technology industry today. The opinions expressed here are those of the author and are not necessarily those of Techradarpro or Future PLC. If you are interested in contributing, get more information here: