UK Pushing For Better Supply Chain Security | Eight Predictions for 2022 and Beyond | UK and US join forces in Cyber Space
Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group
UK Pushing For Better Supply Chain Security
To begin this week, we look at an article published by Tripwire. Here in the UK, The Department for Digital, Culture, Media and Sport has been discussing plans which would make compliance mandatory to abide by the National Cyber Security Centre’s Cyber Assessment Framework – This provides guidance for organisations that are responsible for important services and activities.
The Department said in a press release that though cybersecurity is indeed a priority, action is “lagging behind”. This comes at a time where newly published research shows that most of Britain’s top business bosses see cyber threats as a “high or very high risk to their business” (91% in 2021 compared to 84% in 2020). Almost a third of leading firms admitted that they are not acting on supply chain cyber security (69% say their organisations manages cyber-related supply chain risks).
Last week, the Government responded to these findings. The Digital Infrastructure Minister, Julia Lopez, said:
“As more and more organisations do business online and use a range of IT services to power their services, we must make sure their networks and technology are security. We are taking the next steps in our mission to help firms strengthen their cyber security and encouraging firms across the UK to follow the advice and guidance from the NCSC to secure their businesses’ digital footprint and protect their sensitive data”.
A review of current legislation is underway with a new cybersecurity strategy due to be launched before the end of this year. If the UK Government does get its way, it means that IT service vendors and other cloud-based service providers may be required to adopt new measures to protect against these supply chain risks.
Source - UK Supply Chain Security - Tripwire
Eight Predictions for 2022 and Beyond
Next up is an article published by IT World Canada which examines eight strategic cybersecurity predictions from Gartner analysts for 2022 and beyond.
- By the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population.
- By 2024, organisations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
- By 2024, 30% of enterprises will adopt cloud-delivered Secure Web Gateway, Cloud Access Security Brokers, Zero Trust Network Access, and Firewall as a Service capabilities from the same vendor. (SWG, CASB, ZTNA, and FWaas).
- By 2025, 60% of organisations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.
- The percentage of nation states passing legislation to regulate ransomware payments, fines, and negotiations will rise to 30% by the end of 2025. This is compared to less than 1% in 2021.
- By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member.
- By 2025, 70% of CEO’s will mandate a culture of organizational resilience to survive coincident threats from cybercrime, severe weather events, civil unrest, and political instabilities.
- By 2025, threat actors will have weaponised operational technology environments successfully enough to cause human casualties.
Full context for each of these eight predictions can be read by checking out the full article linked below.
UK and US join forces in Cyber Space
For the first time in two years, the United Kingdom and United States militaries have met face-to-face to conduct an in-person headquarters-level forum to discuss combined cyberspace campaigns and capabilities, called the Cyber Management Review.
The Cyber Management Review is a collaborative forum between leadership figures from UK Strategic Command, GCHQ, the US National Security Agency, and the US Cyber Command. At this forum, the US and the UK announced that they are joining forces to “impose consequences” on their shared adversaries who conduct malicious cyber-activities.
The combined action is aimed to address the “evolving threats with a full range of capabilities”. Though these ‘shared adversaries’ were not named, the announcement comes after increasing concern over Russia-based ransomware. The full statement issued following the meeting is below:
"As like-minded allies for two centuries, the United Kingdom and the United States share a close and enduring relationship. Our two nations today face strategic threats in an interconnected, digital world that seek to undermine our shared principles, norms, and values. We agree that strategic engagement in cyberspace is crucial to defending our way of life, by addressing these evolving threats with a full range of capabilities. To carry this out, we will continue to adapt, innovate, partner and succeed against evolving threats in cyberspace. We will achieve this by planning enduring combined cyberspace operations that enable a collective defence and deterrence and impose consequences on our common adversaries who conduct malicious cyber activity. As democratic cyber nations, the UK and US are committed to doing so in a responsible way in line with international law and norms, setting the example for responsible state behaviour in cyberspace."