Maksim Kabakou - Fotolia
Public education on security must be a top priority for Labour
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government
Since 4 July 2024, a new Labour administration has been in place in the UK, but the last time Labour were in power was 14 years ago in 2010, and a lot has changed on the cyber security front since that time.
More virtualisation, more outsourcing of part or all of a company’s IT to the cloud, and considerably more powerful computing chips and associated computer memory, to name but a few significant changes.
This all means that the firepower that a an adversary can bring to bear on an organisation, or an individual, is vastly superior today to what was at their disposal in 2010.
Social media has also gained in popularity and, in the process, has not only become a power for good but also a tool for the bad and mischievous in the world.
Looking back over the UK Home Office cyber study, published back in April 2024 and reviewing the security breach landscape for the previous 12 months, is sober reading. By far the biggest threat was email-based phishing, occurring in 84 % of breaches, with email impersonation of a company next at 35%, and viruses and malware a factor in 17% of breaches. Figures given are for businesses, charities were broadly in line with business.
The main issues highlighted in the Home Office report indicate that one of the first actions the new administration must do is to set up a sustained mass media campaign to raise awareness of email born attacks. I’m old enough to remember the heyday of British public information films (PIFs) such as the ‘Clunk click, every trip’ campaign when car seat belts became mandatory. Such a cyber-focused campaign should also cover the potential for viruses and malware being carried over social media channels and other vectors.
My second recommended action would be to have the Home Office, the National Cyber Security Centre (NCSC) and business groups including the Institute of Directors (IoD) and the Federation of Small Businesses (FSB), together with the Charities Commission, work together on an awareness campaign to businesses and charities to address other shortcomings including cyber hygiene as identified in the Home Office cyber security breaches survey. This should include security risk assessment and mitigation and security monitoring tools and processes.
The Computer Weekly Security Think Tank on cyber policy
- Paul Lewis of Nominet: From manifesto to material: What No. 10 needs to make reality.
- Dhairya Mehta and Cate Pye of PA Consulting: How might the UK's cyber landscape change under Labour?
- Adam Button of Elastic: Labour's first cyber priority must be the NHS.
- Ameet Jugnauth and Mark Pearce of ISACA: Cyber lessons and policies for the UK's new government.
- Elliott Wilkes of ACDS: Labour should focus on talent to improve UK's cyber posture.
- Jon Carpenter of Advent IM: Is it time to refresh the UK's cyber strategy?
