Last Tuesday and Wednesday in Newport Wales, the UK hosted the fifth annual National Cyber Security Center (NCSC). The event went under the title CYBERUK 2022. Building on the success of previous events, keynote speakers divulged several important trends in the UK and the rest of the world.
Plenary speakers during the CYBERUK 2022 conference included:
- Hon. Damian Hinds
- Simon Hepburn
- Amie Alenka
- Jen Easterly
- Sami Khoury
- Erika Lewis
- Juliette Wilcox
- Hon. Steve Barclay MP
- Kevin Brown
- John Edwards
The two-day conference comprised seven sessions in total. Each forum touched on different aspects of the changing cybersecurity landscape worldwide. Aside from the difficulties presented to those already in the industry, one of the key takeaways was the lack of talent entering the field.
Among the discussed topics were online scams, ransomware, and vulnerabilities that could threaten systems in the future. CYBERUK 2022 also focused on the influence of political factors on the growing cybersecurity issues. These factors included international conflicts, sanctions, and differences in legislation.
The Rise in Digital Fraud
The NCSC provided new tools to the Kingdom’s internet service providers (ISPs). These tools should combat the steep rise in digital fraud, including fraudulent sales, scams, as well as other types of malicious activity targeting British netizens.
The deputy director for economy and society at the NCSC, Sarah Lyons, explained that cybercriminals deploy methods aimed at tricking the consumers into sharing private personal and financial details. She also stressed how important it is for consumers, companies, and institutions to stay ahead of these crooks.
Kevin Brown also emphasized the importance of trust in these situations. In fact, these attacks erode trust, and in turn, damage the digital landscape. After all, losses can be recovered, but trust is hard to build back. If customers and consumers don’t believe that online shopping and services are safe, the industry as a whole will be damaged beyond repair.
Brown proposed that the only solution for tackling such an issue is greater cooperation and information sharing between the subjects fighting against cybercrime, including both institutions and companies.
Brown has also welcomed the initiative by the NCSC to form an information-sharing platform to assist the creation of new empowering tools for cybersecurity experts.
New Tools for Cybersecurity
The CYBERUK 2022 conference began an initiative to fight online scams. Accordingly, the NCSC introduced a new tool to unlock real-time data that would block customers’ access to fraudulent websites.
This new service will be a part of the Active Cyber Defense program organized by the NCSC. Reportedly, this program has already taken down almost three million scams last year alone. These scams ranged from issues such as fake Covid passports, phishing websites that mimic government institutions, and false celebrity endorsements. In one case, cybercriminals pretended to be the CEO of NCSC, Lindy Cameron.
These attacks prompted the GCHQ director Jeremy Fleming to comment on the need for offensive capabilities for countries that wish to have cybersecurity protection. In fact, a more direct approach would allow institutions to actively hunt for cybersecurity threats, even outside the country. That means companies will move away from defensive positioning alone.
A Rise in Threats Is Expected
The CYBERUK 2022 conference also pointed out that cyber threats are ever-evolving. Even though new technologies are now creating new opportunities, they are also creating very real threats.
During the conference, the NCSC disclosed renewed guidelines for cloud-based operations and security. These new guidelines would circumvent the biggest risks to operational cybersecurity, such as credential theft and email phishing.
Although the security of cloud-based services is adequate on the provider’s side, the system could still lead to issues. In fact, inadequacies in protection, security, and secrecy on the user’s side could create large leaks.
Email scam campaigns and spoofing attacks are now more prevalent in companies. Consequently, the NCSC has also disclosed a new tool to check emails and enable adequate protection.
The adoption of the newly recommended standards depends heavily on the sector it applies to. In some cases, the coverage reportedly drops to only 7% and the NCSC hopes to fix that in the future.
Paul Maddison, an NCSC director, stressed the importance of protecting against the abuse of email systems. Indeed, emails are key to communication across different organizations, so it’s critical to protect them.
Political Conflicts Balkanizing Cybersecurity Tech
One of the most interesting points discussed during the conference is the emergence of splinternet. It is also often referred to as cyber-balkanization, drawing multiple parallels with the breakup of Yugoslavia. That’s because worldwide tech and even usage are virtually identical, but the divide between different actors is still getting larger.
As it stands now, the camps divide as follows:
- The West on one side, including most of Europe, the United States, and countries like Australia, New Zealand, and Canada
- Russia, China, and neighboring states focusing on centralized control over the internet
- Emerging markets in Africa, South America, and Southeast Asia, representing the global South. These countries are also assisting each other since they lack access to media from the northern hemisphere.
Due to the increased distrust, this divide is making issues for cybersecurity in all three camps. During the plenary discussions, Ian Levy reported partly in jest that they are not good at cybersecurity and not rigorous about measurements.
