The UK is set to become a world leader in the race to eradicate some of the most damaging cyber security threats facing businesses and better protect consumers, business secretary Greg Clark announced last week.
Businesses and consumers will benefit from increased security and protections built into digital devices and online services we use every day. This will be aided by £70m in government investment through the Industrial Strategy Challenge Fund and backed by further investment from industry.
This investment will support research into the design and development of hardware so that they will be more secure and resilient from the outset. The aim is to “design out” many forms of cyber threats by “designing in” security and protection technology/solutions into hardware and chip designs, ultimately helping to eradicate a significant proportion of the current cyber risks for businesses and services in future connected smart products.
Greg Clark: ‘Step change for security’ (Flickr.com)
Malicious attacks on company systems running Microsoft’s Internet Information Services (IIS) rose from 2,000 in the first quarter of 2018 to 1.7 million in the second, with the construction industry one of the five sectors most targeted, a report claimed
The analysis from eSentire, a cyber security consultant based in Ontario, Canada, looked at attacks on servers running IIS, as well as Oracle WebLogic and the Drupal open-source platform. It found that the attacks mostly originated from servers with Chinese IP addresses.
Sectors most affected were construction, accounting, biotechnology, marketing and real estate, which eSentire said was caused by the prevalence of vulnerable, outdated IT systems.
Hackers gained control of systems to create mayhem by accessing confidential information, unleashing ransomware, or planting “cryptominers” on servers to force them to use their central processing units to create digital currency.
A common attack uses an advanced, modular banking “Trojan” (malware employed by cyber-criminals) called Emotet to obtain enough financial information to access a company’s bank account.
The programs are often found in malicious documents or URL links inside the body of an email, sometimes disguised as an invoice or PDF attachment. About half of Emotet attacks used files with “invoice”, “payment”, or “account” in their name
With cyber threats constantly evolving, the best defence in the future is seen as developing solutions that can work independently and protect against threats even during attacks. The government says it wants to ensure that every UK organisation is as cyber secure and resilient as possible.
A further £30m of government investment will aim to ensure smart systems are safe and secure. Smart internet connected devices can include anything from operating a central heating thermostat via a smart phone, to pressing a button to unlock the front door. There are expected to be more than 420 million such devices in use across the UK within the next three years.
Clark said: “This could be a real step-change in computer and online security, better protecting businesses, services and consumers from cyber-attacks and bringing benefits to all sectors of the economy. With businesses having to invest more and more in cyber security, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut cybersecurity costs to businesses.”
Digital minister Margot James said: “We want the UK to be a safer place to live and work online. We’re moving the burden away from consumers to manufacturers, so strong cyber security is built into the design of products. This funding will help us work with industry to do just that, improving the strength and resilience of hardware to better protect consumers from cyber attacks."
Dr Ian Levy, National Cyber Security Centre’s technical director, said: “The National Cyber Security Centre is committed to improving security from the ground up, and we have been working closely with Government to promote adoption of technology and practices to protect the UK.
“We hope this additional investment will drive fundamental changes to products we use every day. This is vital work, because improving hardware can eradicate a wide range of vulnerabilities that cause significant harm.”
The government is aiming for R&D investment to reach 2.4% of GDP by 2027 – the biggest increase in public investment in R&D in UK history.