The IT security community and industry has welcomed the UK government's latest report on the progress of its National Cyber Security Programme.
The UK is meeting its objectives of the national Cyber Security Strategy, Cabinet Office minister Francis Maude has told parliament.
The notable achievements of the past two years are highlighted in an official report published today, which also sets out government’s cyber security plans for the coming year.
These include the introduction of an industry kitemark that will allow businesses to state publicly to prospective clients that they supply government with cyber security products and services.
2014 will also see the introduction of an industry-led organisational standard, based on ISO 27000 series to give industry a clear baseline to aim for.
Mark Brown, director of information security at Ernst & Young, said: “It definitely feels like the UK is getting to grips with cyber security and finally moving towards a pro-active stance on this growing international threat.
“From a business perspective, the government is demonstrating another step in the right direction by agreeing an organisational standard on cyber security which will raise the bar not only in central government but more widely in UK plc.
More on the National Cyber Security Programme
“Specifically, this standard will tackle the threats occurring in the supply chain where the benefits realised by companies in raising their internal bar on cyber security postures are being undermined by failures throughout their supply chain, and will therefore provide a mechanism for businesses to ensure they address delivery risks throughout their extended enterprise.
“However, the government runs the risk of being accused of back-door legislation. Ideally, we would expect government to be offering UK plc tangible incentives to put in place standards on cyber security. Only then, will the UK truly become one of the safest places to do business in the world,” said Brown.
While welcoming the government’s efforts, Richard Archdeacon, head of security strategy at HP Enterprise Security Services, also urged caution.
“It should however be noted that while the introduction of an industry-led organisational Standard for Cyber Security is laudable, businesses should only regard this as the bare minimum.
“Furthermore, as these measures are well documented and indeed known by our adversaries, companies need to go above and beyond in order to truly secure their critical data,” he said.
These initiatives will undoubtedly better prepare UK businesses and raise awareness of cyber crime
Ross Brewer, LogRhythm
Ross Brewer, vice-president and managing director of international markets at LogRhythm, said the government’s plans for 2014 clearly show how big a priority cyber security is becoming.
“These initiatives will undoubtedly better prepare UK businesses and raise awareness of cyber crime, which is key when faced with today’s sophisticated threats.
“By building skill sets and tightening standards, it will hopefully stimulate the much-needed adoption of even basic threat-detection steps,” he said.
Brewer said all organisations should follow the government’s example of taking measures to protect itself from financial and reputational damage.
“Essentially, more businesses need to make the most of the resources available to them – after all, they are the ones who will ultimately suffer should they fall victim to an attack because of inadequate defences,” he said.
With breaches and attacks being reported on an almost daily basis, Brewer added that organisations must ensure they are actively addressing their existing security strategies so that they are fully aware of what is happening on their networks at all times.