World leaders gathered in London this week. Our prime minister and foreign secretary hosted all the luminaries and dignitaries. Senior politicians and diplomats from around the world were there, even presidents. Global business leaders were in attendance. Hillary Clinton would have been there, were it not for the sad death of her mother – but US vice president Joe Biden stood in for her by video link.
With a guest list like that, such an event would be bound to be big. BBC 10 O’Clock News? Newsnight maybe? Front page of The Times?
Probably, yes – unless the topic of the conference is cyber security, or so it seems.
Congratulations are due to the UK government for understanding the gravity of the cyber threat that the UK and other countries are facing. Kudos too to all those countries which sent representatives to the debate.
But has it actually made any difference? On first impression, it appears not. One IT security expert, a leading light in the field, went so far as to describe the event as a “shambles” and “an embarrassment to this country”.
Where was the national press coverage? It was practically non-existent. An opportunity missed – but also an example of the big problem around tackling cyber threats: too much time is spent preaching to the converted.
Put a bunch of IT security experts in a room and they all agree the problem is growing fast – GCHQ director Ian Lobban recently said that cyber attacks on the UK have reached a “disturbing” level, an inflammatory phrase from a senior spook used to playing down threats in public. Politicians have now joined the ranks of those who get the scale of the challenge.
The problem is that nobody else does. And all those who don’t get it, are in themselves the root of the problem.
According to a recent Microsoft report, only 1% of all cyber attacks are from previously unknown threats – the other 99% are from things we already know about. Well, things the IT security community know about, at least.
Educating the masses is our biggest challenge, and the biggest source of opportunity for cyber attackers until we do.
Would a CEO move his or her business into a new office that didn’t have security passes, locked doors and CCTV? Of course not. Would they approve an IT system that is open to cyber criminals? Most executives wouldn’t even think to ask the question.
It’s great to see governments getting together to agree there is a problem. But until we open the eyes of those who cannot see a problem, there will be no solution.