The National Cyber Security Centre (NCSC) returned to the keynote stage at this year’s Infosecurity Europe to discuss ‘Defending the UK: The NCSC Vision for a more Secure UK’.
Origin Comms, the information security and technology PR specialists responsible for managing the press office, attending the speaker slot to hear what Mr Martin had to say and shared some insight below.
Whilst the speaker was kept under wraps until the session began, Ciaran Martin, CEO of the NCSC walked on stage to a full house eagerly waiting to hear what he had to say.
Opening his keynote, Martin noted ‘the biggest threat to online safety is poor cyber security and that we should ‘focus on fixes and not on fear’. This was learned from analysing 1,600 national level incidents which he noted were often relatively simple, using low level techniques and well-known malware that exploit weaknesses in out of date software. ‘Typically, these attacks are not particularly advanced, persistent or threatening’, he said.
He emphasised that, ‘the NCSC’s job is to manage incidents, to make the internet safer and easier to use, protect what we care about, and help everyone else best protect themselves, doing what only the government can do’. He went on to say that we have got to get away from fear-based cyber security to take a more pragmatic approach, eliminating fear and no longer glamourising cybersecurity, to enable people to get on top of the problem. Martin shared insight into information that is readily available from the NCSC, noting that they are publishing cybersecurity advice.
Discussing how the NCSC is working to defend UK citizens, he highlighted the success of its Automated Cyber Defence programme to check the ability of a low-sophistication, high-volume actors to achieve sustained low-level harm on the British public.
Commenting further on its achievements, Martin said that the NCSC was successful in the take down of more than 200,000 malicious phishing websites in 2017, with the average time for a phishing site in the UK to die has dropped from 27 hours to just one hour. The UK’s share of phishing incidents reduced by almost 3 percent from June 2016 to June 2018.
Martin went on to talk about threats relating to Smart Meters and the risks associated with 5G networks. Referencing the ongoing news regarding Huawei, Martin said ’we have to get 5G network security right, and that is a much bigger issue than the national identity of suppliers.’ We as experts should to be talking about the complete system architecture, looking at each aspect and what we need to do to secure them. He explained that the 5G debate could allow the fear back into cybersecurity.
Martin went on to discuss how The NCSC has formulated five key questions it believes will help boards generate constructive cybersecurity discussions between board members and their CISOs. CISOs and technical teams are one of the greatest assets any organisation has, and their role in improving your knowledge of relevant cyber security issues shouldn’t be underestimated.
- How do you manage phishing attacks?
- How do you control privileged access?
- How do you keep software patching up to date?
- What do your suppliers do?
- How do you manage authentication?
Concluding his speech, Martin said that technology is changing, and the difference between now and 20 years ago is that we can see things coming so we prepare for the next phase of the internet.
‘Let’s work out seriously, dispassionately and transparently’ he said, ‘I’m confident that with the expertise we have, we should be able to do that!’
As an agency specialising in security and technology PR, and responsible for the PR of this event, the team was on hand to attend a number of the keynotes to get additional insight into what the industry is saying and how they are advising UK organisations to address cybersecurity, now, and in the future.