New laws have been implemented in the United Kingdom to safeguard consumers from cyber criminals. The UK Government has hailed this legislation as “world-leading,” positioning businesses and individuals at the forefront of the fight against cybercrime. Industry experts have welcomed this move as a significant step towards enhancing the country’s resilience against cyber threats. However, it is important to note that the journey towards complete cyber resilience is far from over.
The proliferation of internet-connected devices has created ample opportunities for cyber criminals. With nearly all UK adults owning at least one smart device and households possessing an average of nine connected devices, the scale of the problem has reached unprecedented levels. In response, the new legislation mandates that internet-connected smart devices meet minimum-security standards. Manufacturers are required to take measures to protect consumers from hackers gaining access to devices with internet or network connectivity, ranging from smartphones to games consoles to connected fridges. Additionally, manufacturers must be transparent about security updates and provide contact details for issue reporting.
The legislation also addresses the issue of weak default passwords, which are easily guessable. Such passwords will no longer be acceptable, as products will be designed, sold, set up, and monitored with cybersecurity in mind. Undoubtedly, this represents a significant leap in protecting individuals, businesses, and the wider economy from cybercrime. The government’s proactive approach in converting cybersecurity concerns into action is commendable. However, it is crucial to acknowledge that this legislation alone does not go far enough.
The rapid advancement of artificial intelligence (AI) poses new challenges in the fight against cybercrime. AI’s ability to synthesize vast amounts of data and mimic human behavior enables cyber criminals to launch more convincing attacks, eliminating traditional signs of hacking. Recent research by ISACA reveals that 61% of cyber professionals are extremely or very concerned about AI being exploited by malicious actors.
To effectively combat cyber threats, it is imperative to create a culture and society that prioritize consumer cyber awareness and prevention. This approach should extend beyond protecting consumers in their daily lives and encompass robust measures to safeguard businesses and their supporting structures. However, the technology and cyber industry is currently facing a skills shortage, with approximately 50% of businesses experiencing a basic cyber skills gap. Without a skilled workforce, it becomes challenging to detect and respond to cyber threats promptly.
To bridge this gap, legislative changes must be complemented by a culture of cyber training and upskilling. Initiatives like the Cyber Explorers program, supported by the government, play a crucial role in encouraging young people to enter the industry and develop their cyber skills. However, businesses also need to adapt their recruitment practices by recognizing transferable skills and considering candidates from diverse talent pools. Employers should be open to training individuals from entry-level positions or retraining those from other industries.