Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

UK Must Prioritize Cybersecurity Governance Amidst Rising Threat of Cybercrime

If the UK is serious about digitizing the economy, then cybersecurity is priority number one and the first step should be to take a hard look at the UK Government's recently released draft code of practice for cybersecurity governance.

Whilst governments around the globe have been kicking around the metaphorical can of AI regulation, something has been going on in the background: something tangible, incredibly dangerous, and increasingly more frequent: cybercrime.

It shouldn't be the case that in an increasingly digital economy, of which the current government is supposedly a big advocate, that businesses, tech-based or otherwise, are struggling to gather the know-how and tools needed to guarantee their safety. Instead, businesses are succumbing to an influx of AI-supported cybercrime, whether that's ransomware, deepfake scams, or traditional phishing scams; 2024 has already proven it's going to be a record-breaking year for cybercrime and not in a good way!

The UK Government's current approach to AI and cybersecurity governance has been very much hands-off. Whether that's because of growing pressure from outside of the world of technology (economy, defence, impending election) or perhaps a lack of understanding from the government itself, it's leaving businesses in a precarious position with little to no direction on what to expect in the near future.

Introducing this latest code of practice for cybersecurity offers some useful content for businesses unfamiliar with cybersecurity norms. Still, it does leave the door open for these protocols to be outrightly ignored, instead of instituting legally binding legislation that would hold businesses' feet to the fire. This freedom means businesses will likely prioritise what they want rather than what they should do regarding cybersecurity.

The risks of businesses ignoring these cybersecurity threats are substantial. You need not look any further than the story of the Hong Kong business that was duped out of $25 million last month by a deepfake scam.

So, where do we go from here? Hopefully, towards greater clarity. British businesses cannot be expected to thrive in an increasingly digital economy without clear frameworks and governance that clarify accountability for companies irrespective of their size or the industries that they work within.

For strong examples of this in action, look across the pond. Last summer the US Government's SEC implemented iron-clad legislation that requires public businesses to disclose cybersecurity incidents and maintain a high standard of cybersecurity management. Furthermore, the SEC has taken an unprecedented step to require all registrants to describe the board of directors' oversight of risks from cybersecurity threats and management's role and expertise in assessing and managing material risks from cybersecurity threats.

Legislation and rulings like this demonstrate the possibility of a more accountable cybersecurity industry from the boardroom to the factory floor.

The suggested code of practice also poses questions to the Labour Party on how it plans to address technology-related issues such as cybersecurity. A topic into which it has yet to invest much time or energy.

The closer we get to the next general election, the Conservatives and Labour should anticipate that questions on AI, cybersecurity, and technology regulation will be high on the list of priorities. This could very well decide which side of the election businesses decide to support.

From conversations in my everyday working life, I have learned that a number of businesses up and down the UK still consider cybersecurity procedures and partners a 'nice to have.' These same businesses have invested swathes of money, time, and energy into the digitization of their companies and, crucially, their supply chains.

With this digital supply chain becoming a reality, it begs questions as to why equal amounts aren't being driven into cybersecurity despite cybercriminals' clear capabilities to disable and disrupt these intrinsic aspects of companies' work. As cybercriminal gangs and ransomware groups grow ever more prevalent in the UK, it points towards a clearer need for cybersecurity legislation and standards of practice instead of a code of suggested actions. Only then can British businesses hope to stand a chance against the latest wave of cybercrime.

This legislation needs to be comprehensive, but naturally achievable for British companies irrespective of size or function. To execute this, the government should seek the industry's experts to source opinions, insights and suggestions for how modern cybersecurity legislation could look and how it can help keep businesses and their employees safe from harm.

A version of this article originally appeared on UKTechNews.

Latest Trustwave Blogs

Using Trustwave DbProtect and Offensive Security Solutions to Protect Against Nation-State Cyber Threats

The US Director of National Intelligence (DNI) earlier this month gave a stark warning to the Senate Armed Services Committee detailing the cyberthreats arrayed against the US and the world from...

Read More

Defending the Energy Sector Against Cyber Threats: Insights from Trustwave SpiderLabs

It has always been clear, even before the Colonial Pipeline attack, that the energy sector is a prime target for not only criminal threat groups, but also nation-state actors. After all, halting fuel...

Read More

Trustwave SpiderLabs Unveils the 2024 Public Sector Threat Landscape Report

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector...

Read More