In the interview, Major General Shaw – head of the Ministry of Defence’s cyber security programme, and who is a veteran of the Falklands and Iraq battle campaigns – said that British firms are routinely having valuable commercial information stolen from them by overseas rivals. In a recent case, he told the paper, a business in Warrington, Cheshire, that designed a revolutionary blade for wind turbines went bust after hackers stole the blueprint and produced a cheaper version.
“The biggest threat to this country by cyber is not military, it is economic”, he said, adding that the cyberthreat could affect anyone, and we all need to take measures to protect ourselves against the threat it poses.
To protect itself against future cyber attacks, Britain needs to have “an effective national response where everybody has to be involved”, he told the Daily Telegraph.
Undertaking simple tasks, such as regularly changing passwords and making checks of computer software, could help to prevent attacks, he said, adding that 80% of the UK's cyber-problems are caused by poor cyber hygiene, caused – in part – by the fact that the UK has embraced the opportunities provided by new technology, such as computers and mobile phones, without giving proper consideration to the downsides.
Interestingly, Shaw said that the UK needs to be more like China, where the government introduced a program of training schools to educate businesses on protecting themselves from cyber attacks. Anyone can take part in these courses and learn how to implement effective precautions against cyber attacks, he explained, adding that the UK should look to do the same.
Responding to his comments, Mark Darvill, a director with AEP Networks, said that data is now the lifeblood of any organization, yet fundamental cybersecurity procedures are being overlooked.
“You wouldn’t leave your office unlocked so why leave your business intelligence exposed to a cyber attack? Threats are becoming increasingly sophisticated but companies aren’t ramping up their security to match. However, good governance will protect business data in the vast majority of cases. This comes down to three things, protecting the connection, the device and data”, he said.
“Robust authentication policies that controls users' access along with encryption of the connection and data are a basic must have. Maj Gen Jonathan Shaw is right to highlight the seriousness of the issue and point to actual examples where theft of intellectual property has sent businesses to the wall. Scrimping on cybersecurity is a massive false economy and organiszations need to ensure they are rolling out the highest level of security in order to protect their business intelligence”, he added.
Frank Coggrave, EMEA general manager with Guidance Software, meanwhile, said that Shaw's comments underscore that this is an era in which businesses are as much a target as government institutions, and taking measures to protect IP is of the highest national importance.
“He has highlighted that Britain should be more like China in terms of prioritizing training schools to educate businesses. Clearly, going back to basics and ensuring that resources and budget are allocated in order to build awareness, not only of the potential threats but also the measures required to mitigate them, can go a long way”, he said.
“Organizations can’t do this alone, and this is where the Government can take on the mantle of pooling resources, information and intelligence in the national interest”, he added.
Christophe Bianco, EMEA general manager with Qualys, also agreed, noting that, over the last 18 months we have seen a significant increase in the amount of security breaches hitting companies, with many pointing fingers at competitors and foreign governments.
“Many of these are being dubbed as advanced persistent threats (APTs), implying that they are very technical, sophisticated threats for which organizations are unable to equip themselves against”, he explained.
“In fact, a large percentage of these attacks could have been prevented by taking simple measures as part of a proactive security strategy, referred to in the industry as having good software hygiene – which Maj Gen Jonathan Shaw refers to. It’s now imperative that a company, no matter its size, industry or location, put into place robust security measures to protect their expertise and data”, he said.
“Whilst we welcome the UK Government’s planned investment in the MoD and GCHQ, there is plenty that businesses can do now to protect themselves in the future”, he added.