Sergey Nivens - Fotolia

BT Security chief predicts big challenges ahead, despite progress

Cyber security is a big opportunity, not just a threat and by systematically applying security controls defenders are raising the bar, according to BT Security chief

Cyber security is not all doom and gloom because there is some “good stuff” going on and progress is being made, according to BT Security president Mark Hughes.

“Cyber security is a big opportunity, not just a threat and although it’s an arms race with constantly increasing capabilities on both sides, by systematically applying security controls we are raising the bar,” he told attendees of a Digital Security BT Tower Talk in London.

Hughes added that it is “nonsense” to say that cyber attacks are an “insurmountable problem” because there is a lot that businesses can and should do to protect themselves.

However, he said businesses should be aware of the potential security threats that are on the horizon, such as those posed by coming 5G mobile networks.

“Early deployments of 5G networks are delivering gigabit throughputs with just milliseconds of latency bringing them very close to the performance of fixed line networks,” said Hughes.

“This opens the door to the internet of things (IoT) and will make things like driverless cars a reality, but it also means we will have to rethink cyber security to ensure the integrity of connections and transactions on networks that are likely to piggy-back off domestic broadband connections,” he said.

Huawei, a major player in the Chinese mobile market, believes 5G will provide speeds 100 times faster than 4G and will increase network expandability up to hundreds of thousands of connections.

Hughes predicts that 5G will bring big disruptive changes, and with those changes will come big challenges for information security.

Cloud computing also presents a security conundrum, he said, because a lot the applications that are being used in the cloud are already 10 to 15 years old and architected for systems that ran in a different way to how they run now.

“We are also facing a long period of transition in which organisations are still going to be running mainframe systems as well as cloud systems, where some systems are on-premise while others are off-premise and maybe even running in different jurisdictions, which is going to be challenging from an information security point of view,” said Hughes.

Another challenge, he said, is finding people who know the right questions to ask when it comes to deriving benefit from big data: “We are only just beginning to understand what we can get out of big datasets, which makes data science probably one of the biggest challenges.”

Read more about security monitoring

BT’s experience as the telecommunications provider for the London Olympic and Paralympic Games 2012, said Hughes, demonstrated the importance of harvesting information in real time and correlating that into a form that data analysts can use to identify malicious activity.

“This is something that needs to be done in addition to all the traditional means we have used to protect networks and we are seeing organisations currently working to attain this capability,” he said.

Despite the progress that has been made in cyber security, Hughes said many organisations are still not clear about what are their most important data assets and where they are stored and protected, and consequently are still trying to protect everything rather than focusing on what is crucial.

“This is a common mistake that many businesses make, but instead they should be looking to understand and value their assets, and to understand the risk appetite of the organisation to ensure the right assets are protected properly,” he said.

Another common mistake, said Hughes, is that there is some “big hand of government” that can fix this, while in reality, most of what needs to be done and the improvements that need to be made are vastly distributed across industry and different jurisdictions.

“Organisations need to have a way of sharing information about threats, and there is a common purpose in ensuring that we can collectively understand how those things are coming down the line to attack us so we can defend against them, which is fundamentally different to the way we have done things in the past,” he said. 

At the same time, Hughes said, many organisations need to get busy doing basic stuff like ensuring that all their software systems are patched up to date.

“If we do that and if we raise the bar systematically, then we will collectively get to a point where we will be able to benefit from all the great things the digital world can deliver,” he said.

Read more on Hackers and cybercrime prevention