With over 950 member companies, ranging from the UK interests of Apple, Facebook and Google down to the SMEs which represent the backbone of the organisation, techUK is the voice of UK’s tech industry, providing support in accessing developing markets and building vital networks to foster growth. Ahead of his talk at the Cyber Security Summit and Expo this November, we sat down with Head of Programme for Cyber and National Security at techUK, Talal Rajab, to talk about sector trends and to find out more about the work in which Talal and his team engaged to support the UK’s bourgeoning tech sector.
techUK’s cyber program currently consists of around 150 companies, including a range of innovative Cyber start-ups which the UK Government are keen to showcase internationally. Through techUK’s work as part of the Cyber Growth Partnership, in conjunction with Government and Academic representatives, Talal and his team possess a unique insight into the national cyber security strategy which is ultimately fed back to their clients.
techUK supports its membership In three distinct ways:
- Thought leadership events and workshops, looking at key topics that effect the cyber security Sector such as ransomware and ethical hacking;
- Market engagements workshops that help members with accessing buyers for cyber security products;
- Export related activities, encouraging and promoting exportation of cyber security across the world, stressing the UK’s reputation as a leading nation in the industry
In this intermediary position, techUK provides a vital service in facilitating the growth of the cyber security market, both domestically and through exports internationally. Talal spoke about the work techUK are currently pioneering in connecting Government strategy to its industry client base; referencing the difficulty experienced often by SMEs in navigating the robust catalogue of Cyber Security initiatives. Talal pointed to techUK’s work in creating a so called “Tech Map” for such companies, designed to facilitate the process of finding funding, collaboration or government schemes. techUK also run a second online initiative, the Cyber Exchange, again mapping out best practice, this time for buyers of Cyber Security products, helping clients find providers of the right product in the right geographical area – another example of techUK’s work in enabling growth within the Cyber sector.
Not surprisingly there are several key, foreign markets which techUK have helped its client exploit. Working in tandem with UK Export Finance and the Department for International trade, member organisations are now entering the US, Middle-East/Gulf States, Brazil and emerging African markets with Kenya, Tanzania and South Africa experiencing rapid growth in technology consumption. These countries he says, open up opportunities for UK companies to provide their expertise and products in Cyber Security to fulfil a need in the market that are not available domestically at present.
“I have heard of companies who questioned why the cyber budget is so high when they hadn’t been breached”
While of course, this geo-specific growth opens up new doors, the Cyber Security Industry is also growing in size domestically as Talal posits that “not a day goes by without a story on Cyber Security”. Discussing the reasons for this growth, as well as the challenges faced by the sector looking forward, Talal noted the trends that he has spotted, as well as some of the issues in terms of mind-set that he has encountered. “What we usually see is a peak in interest after a serious breach like Talktalk etc, then it quietens down again, companies understand that cyber security is an issue but palm it off to their IT departments, which makes it an issue”. The upcoming General Data Protection Regulation, coming into force on 25th May 2018, Talal thinks will likely be the furthest the Government will go to regulate this area, so future growth and developing interest in the Cyber Security market will have to be self-driven, which both is and isn’t currently the case: While interest in the field is growing as Talal says, mindsets are providing resistance to growth, “Companies are beginning to understand more why Cyber Security is important – the only problem is they don’t understand what they need to do about it. I have heard of companies who questioned why the cyber budget is so high when they hadn’t been breached – that mentality is a challenge”.
Talking on the nature of the threat facing businesses itself, Talal spoke of the ease of ransomware for the would-be cybercriminal. While, he said, hacking a companies’ network and stealing information to sell on the dark web is complex and demanding, ransomware attacks, the most prominent example being the Wannacry ransomware attack, are relatively simple to carry out; it is difficult to trace where the ransomed money leads, and then the criminal is away. Talal also drew attention to the attitudes of some companies towards these attacks, in paying the ransoms and avoiding public scrutiny without any fuss, which again makes these attacks ever more attractive in their simplicity for the culprit. Speaking on methods of mitigation, Talal preached simplicity and sensibility: user privileges throughout the organisation, compartmentalisation of files, and correctly prepared backups as the main methods of reducing the effects of these attacks. Referring to his experiences with industry on the subject of backups, Talal was keen to emphasise the need to keep them in a separate place so that both the primary system and the backup are not easily vulnerable to attack in order to maintain its efficiency as a defence mechanism.
Finally, Talal offered his thoughts on other prominent threats he has encountered, or predicts will become more widespread in the future. Firstly, the ever-increasing role of social engineering via online sources and the growing volume of personal data being placed into the online realm Talal warned as a potential vulnerability, enabling cybercriminals to more accurately target their phishing and spearphishing attacks in the future. Secondly, another main area for concern was surrounding the Internet of Things, and the threats associated with the ever growing range of items being connected to the internet. While he was keen to point out that IoT carries with it tremendous potential benefits to the user, for example the use of AI and machine learning to defend from Cyber Attacks, he also caveated that benefit with the increasing exposure to risks that IoT and IoT Botnet systems can provide if not correctly managed. “The benefits of IoT are huge, but there are significant worrying trends also”. The third area of interest for Talal was Cloud Storage, and Cloud Security. In ensuring Cloud systems are used safely, Talal suggested that the burden of protecting from the associated dangers lies in both Cloud providers and users – while Cloud providers should ensure effective security is at the forefront of their product offering to best protect their consumers, the user him/herself should know when selecting their cloud provider what they are offered in terms of security, “where is your data going to go? Will it be leaving the UK? If so, the manner in which that data is treated will differ, so you need to be aware of that”. If this co-operative approach between provider and user is maintained, then the risk exposure for the end user is greatly reduced, Talal suggested.
Talal will talk as part of the “Shared Lessons: Preparing for Ransomware Attacks and Disaster Recovery” panel at the Cyber Security Summit and Expo on the 16th November.