leowolfert - Fotolia

Cyber security complacency puts UK at risk, says NCSC head

National Cyber Security Centre CEO Lindy Cameron, in her maiden speech in the role, warns of challenges ahead for the UK and sets out the future agenda for cyber

The UK has made good progress on overall cyber security, but a sense of complacency risks upsetting the apple cart and too many people are still not taking cyber security issues as seriously as they should, according to Lindy Cameron, recently appointed CEO of the UK’s National Cyber Security Centre (NCSC).

In her first speech in the role, to be delivered later today (26 March) to a virtual audience at Queen’s University Belfast, home to one of the UK’s leading cyber research units, Cameron will pay tribute to the “bold” decision to create a public-facing security unit within GCHQ, while warning against complacency in today’s dangerous and challenging threat landscape.

Cameron will outline why she has come to believe that everyone in the UK has a role to play, saying that basic cyber hygiene is now an important life skill, and digital and cyber literacy should be non-negotiable in the business world.

“The cyber security landscape we see now in the UK reflects huge progress and relative strength – but it is not a position we can be complacent about,” Cameron will say. “Cyber security is still not taken as seriously as it should be, and simply is not embedded into the UK’s boardroom thinking.

“The pace of change is no excuse – in boardrooms, digital literacy is as non-negotiable as financial or legal literacy. Our CEOs should be as close to their CISO as their finance director and general counsel.

“And we want to help them to develop this knowledge, as we’re all too aware that cyber skills are not yet fundamental to our education – even though these are life skills like wiring a plug or changing a tyre, as well as skills for the future digital economy.”

Citing recent examples such as the Microsoft Exchange ProxyLogon attacks, the SolarWinds breaches, and an epidemic of ransomware attacks, Cameron will set out how she envisions the NCSC as helping to increase the country’s security resilience – ushering in a new era of “technological ambition, agility and internationalism” in line with the government’s goal of making the UK one of the safest countries in the world to live and work online.

“The National Cyber Security Centre – launched five years ago – is now a firmly embedded part of the UK cyber security landscape,” Cameron will say. “We no longer need to prove the concept – but in what will be a challenging period of economic recovery, we need to change the dial on the outcomes we seek, and look much further ahead to the generational change that is needed.

“We need to ensure that the fantastic science and technology envisioned in the Integrated Review is protected from theft or acquisition by hostile states.

“We need to ensure that our critical infrastructure, which keeps the country working through thick and thin, is a hard target for those that would seek to disrupt it.

“We need to ensure that the ever-increasing amounts of data generated and processed by the internet services we use every day are properly protected and our privacy appropriately managed.

“We need to ensure that the next generation of commodity technologies don’t repeat the security mistakes of the past.

“We need to ensure that our adversaries – be they state or criminal, traditional or new – think twice before attacking UK targets. And we need to ensure that future generations are better equipped to deal with this complexity than any of their predecessors.”

Cameron, who was ranked seventh on Computer Weekly’s recent UKtech50 2021 power list of the UK’s most influential people in IT, was named as the new head of the NCSC in July 2020 after her predecessor, Ciaran Martin, announced his intention to step down after nearly seven years leading on UK cyber policy.

A longstanding civil servant with two decades of experience in national security issues, Cameron is the second person, and the first woman, to lead the NCSC since its inception in 2016.

Read more on Security policy and user awareness