It’s official: new laws to protect consumers from cybercriminals are finally in force in Britain.
This measure has been hailed by the UK government as ‘leading’ legislation that puts businesses and consumers first in the fight against cybercriminals. The move has been welcomed by the industry as an important step towards increasing the UK’s resilience to cybercrime.
But the UK’s journey towards total cyber resilience is far from over. The daily advances of bad actors, now further fueled by AI, mean that new and innovative ways to deceive consumers and penetrate corporate networks are coming to the fore.
What exactly does this new legislation do and solve? And what more do we need to do to protect UK businesses and consumers from cybercriminals?
Chief Global Strategy Officer of ISACA.
What’s new?
The security vulnerabilities in internet-connected devices provide great opportunities for cybercriminals. And with 99% of British adults owning at least one smart device, and British households owning an average of nine connected devices each, this problem is bigger than ever.
To address this, the new legislation requires internet-connected smart devices to meet minimum security standards, and requires manufacturers to take steps to protect consumers from hackers who gain access to internet- or network-connected devices – from smartphones to gaming consoles and connected refrigerators. In addition, manufacturers will have to be transparent about security updates and publish contact information so that problems can be reported.
Under the new regime, passwords will also be overhauled, making weak, easy-to-guess default passwords a thing of the past.
What does this mean in practice? From the start, products are built, sold, set up and monitored with cybersecurity in mind. There is no doubt that this is an important step forward in protecting individuals, businesses and the wider economy from cybercrime.
AI changes the game again
It’s great to see the government turning cybersecurity issues into action. But does this legislation go far enough? The simple answer is no. Protecting yourself from cybercriminals requires more than just having secure passwords, updating your phone regularly, or strengthening data protection policies on the internet.
This is even more important in the age of AI. We have yet to witness the full power of artificial intelligence, but we know it is advancing rapidly – and so are the threats it poses. In fact, recent ISACA research shows that 61% of cyber professionals are extremely or very concerned about the use of AI by bad actors.
For example, AI has the power to quickly synthesize large amounts of data and mimic people and messages, meaning common signs of hacking, such as spelling mistakes or lack of personal greetings, will be eradicated. Ultimately, this makes cybercriminals’ attacks more convincing than ever before – and makes consumers, businesses and supply chains more vulnerable than ever.
The bottom line is that cybercriminals are making rapid progress, and if we want to win the cyber arms race, we must.
Building a culture of cyber awareness and expertise
While welcomed as a great first step, government cybersecurity legislation does not go far enough or fast enough. And we can’t just focus on robust cyber protection for consumers in their daily lives; we must take stronger action to ensure that companies, and the structures that support them, are also protected.
To keep pace, we must create a culture and society that prioritizes cyber awareness and prevention among consumers – and empowers companies to create the skilled workforce needed to tackle cybercrime head-on.
However, it is widely recognized that the technology and cyber industry is facing a skills shortage, with companies often struggling to find cyber talent to protect their businesses from bad actors. In fact, a recent report from the Ministry of Science, Innovation and Technology shows that around 739,000 companies (50%) have a shortage of basic cyber skills.
Only if we have the people with the right skills and training can we adequately detect cyber threats and attacks, protect organizations and their data, and recover and recover quickly. We must support legislative changes with a culture of cyber training and upskilling – otherwise regulations and legislation will not have the desired effect.
There is hope on the horizon
Steps can be taken to create the skills culture we need in Britain and beyond.
Government programs such as the Cyber Explorers program help encourage young people to enter the industry and build their cyber skills. Such arrangements will be crucial in the quest for greater cyber awareness and protection.
But companies also have a major role to play here. Currently, companies recruiting for cyber positions require years of relevant experience from potential talent. Instead, they need to provide accessible routes to cybersecurity and open their minds to diverse talent pools. Employers need to recognize transferable skills, take a leap of faith and recognize that it is worth training someone at an entry level, or even retraining someone from another industry.
Britain is taking steps to address the need for better cyber security through new legislation. But these steps won’t go far enough without a culture of skills and cyber expertise to back this up. Cyber skills must take center stage, otherwise we risk losing the cyber arms race forever.
We have offered the best endpoint security software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro