It's official: new laws to protect consumers from cybercriminals have finally come into force in the UK.
Hailed by the UK Government as “world-leading” legislation that puts businesses and consumers at the forefront against cybercriminals, the measure has been welcomed by the industry as an important step in increasing the UK's resilience against cybercrime. .
But the UK's journey towards full cyber resilience is far from over. Daily advances by bad actors, now further fueled by AI, mean that new and innovative ways to deceive consumers and invade business networks are coming to the fore.
So what exactly does this new legislation do and resolve? And what more should we do to protect UK businesses and consumers from cybercriminals?
ISACA Global Strategy Director.
What's new?
Security vulnerabilities in Internet-connected devices provide great opportunities for cybercriminals. And with 99% of UK adults owning at least one smart device and UK households owning an average of nine connected devices each, this problem is bigger than ever.
To address this, new legislation requires smart devices connected to the Internet to meet minimum security standards and requires manufacturers to take steps to protect consumers from hackers accessing devices with Internet or network connectivity, from phones from smart phones to game consoles and connected refrigerators. Additionally, manufacturers will need to be transparent about security updates and publish contact details to allow issues to be reported.
Under the new regime, passwords are also being overhauled: weak, easy-to-guess default passwords are becoming a thing of the past.
What does this mean in practice? From the beginning, products will be built, sold, configured and monitored with cybersecurity in mind. There is no doubt that this is a significant leap in protecting individuals, businesses and the broader economy from cybercrime.
AI changes the game again
It's great to see the government turn cybersecurity concerns into action. But does this legislation go far enough? The simple answer is no. Protecting yourself from cybercriminals will require more than having strong passwords, regularly updating your phone, or having strengthened online data protection policies.
This is even more important in the age of AI. We have yet to witness the full power of artificial intelligence, but we know that it is advancing rapidly and therefore so are the threats it poses. In fact, recent ISACA research found that 61% of cyber professionals are extremely or very concerned about bad actors taking advantage of AI.
For example, AI has the power to rapidly synthesize large volumes of data and imitate people and messages, meaning that common signs of hacking, such as misspellings or the absence of personalized greetings, will be eradicated. Ultimately, this is making attacks by cybercriminals more compelling than ever and leaving consumers, businesses and supply chains more vulnerable than ever.
The bottom line is that cybercriminals are advancing at a rapid rate, and if we want to win the cyber arms race, we must too.
Building a culture of cyber awareness and experience
While welcomed as a great first step, government cybersecurity legislation does not go far enough or fast enough. And we can't simply focus on strong cyber protections for consumers in their daily lives – we must take stronger steps to ensure that businesses and the structures that support them are protected too.
To keep pace, we must create a culture and society that prioritizes consumer cyber awareness and prevention and enables businesses to create the skilled workforce needed to confront cybercrime head-on.
However, it is widely recognized that the tech and cyber industry faces a skills shortage, and companies often struggle to find cyber talent to help them protect their businesses from bad actors. In fact, a recent report from the Department of Science, Innovation and Technology found that around 739,000 businesses (50%) have a basic cyber skills gap.
Only when we have people with the right skills and training can we properly detect cyber threats and attacks, protect organizations and their data, and quickly recover and remediate them. We must support legislative change with a culture of training and upskilling cyber capabilities; Otherwise, regulation and legislation will not have the desired impact.
There is hope on the horizon
There are steps that can be taken to create the skills culture we need across the UK and beyond.
Government schemes such as the Cyber Explorers program are helping to encourage young people to enter the industry and develop their cyber skills. Schemes like this will be crucial in the drive towards greater cyber awareness and protection.
But companies also have an important role to play in this regard. Today, companies hiring for cyber positions demand years of relevant experience from potential talent. Instead, they should provide accessible routes to cybersecurity and open their minds to different talent pools. Employers need to recognize transferable skills, take a leap of faith and recognize that it is worth training someone from the entry level, or even retraining someone from another industry.
The UK is taking steps to address the need for greater cybersecurity protections through new legislation. But these steps will not be enough without a culture of cyber skills and expertise to support them. Cyber skills must become a focus; Otherwise, we risk losing the cyber arms race forever.
We have presented the best endpoint protection software.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
