There is a growing gap between our exposure to cyber-attacks and threats, and our ability to defend and be resilient when attacks are successful.

Opening the SANS Cyber Threat conference in London, NCSC CEO Richard Horne said we're “revolutionising our society, we’re replatforming, we're changing the way we work, live and interact, we’re driving better public services, we're driving economic growth all based on technology and it's fantastic.”

However, this means there is a growing dependency on technology, and a growing exposure to cyber-attacks when they are successful, Horne said. He said the impact of cyber-attacks is much greater than it was eight years ago when the NCSC was formed, or even just a few years ago because of that growing dependency.

Proliferation

Horne said the threat landscape is changing and it's growing, and there is a “proliferation of tooling” and in the breadth of attacks that are being used. 

He also said an “ability to hide” was key to attackers’ actions, and said there is no better example currently than Salt Typhoon, where attackers have been able to hide in plain sight. 

“We fortunately discovered them with our allies, but it just demonstrates that growing complexity and ability to hide,” he said. 

Two-Sides Contest

“So the fact is we're in a contest. It's a contest between those of us on the one hand that are using technology to improve our lives to drive better public services through our economies, and to better our societies,” he said. “On the other hand, those who will use that dependency on technology to undermine us: and it's happening every minute.”

Horne concluded by saying that delegates at the conference and the UK cybersecurity community are “key to that contest.”

“Those of you who are involved in researching and understanding the threat and communicating that and disseminating the information that will help people find the threat, and those of you who take that learning, take that understanding and apply it to defending your networks and your systems, you’re key to that contest,” he said.

Visibility and Reach

Horne said there is a “visibility and reach” amongst the UK cybersecurity community that no government organization could ever have on its own in any society. He said there is a collective scale that is the only thing that he believed would really make the difference in this context.

“I know that you share the same mission and that is to protect our society and make the UK the safest place to live and work online,” he said.

“So, you're key to closing that gap. So I guess my one ask of you is that you continue: continue to grow, to develop, to deepen your understanding, to research the attackers, and to apply that and innovate how we continue to work together across organizations and critically even across competitive boundaries.

“I think that's one thing that just makes our community stand out amongst all others is the ability to come together, even across competition, to work together.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.