Insight

Strengthening cyber resilience

Comms Business looks at how the Channel can support the government’s new strategy to improve resilience against cyber threats.

At the end of 2021, the UK government published its £2.6bn National Cyber Strategy 2022, setting out plans to strengthen the UK’s authority as a ‘democratic and responsible cyber power’ by 2030 in the face of an ever-evolving threat landscape.

Based around this vision, the strategy encourages a collaborative approach through investment in people, skills and technologies, strengthened partnerships between government and industry, and the ‘promotion of a free, open, peaceful and secure cyberspace’.

David Ellis, VP security and mobility at Tech Data EMEA said that the strategy is right to recognise that broadening the base of cybersecurity skills across the UK is critical to improving the country’s cyber resilience.

“The government’s own analysis earlier this year showed that, whilst the skills gap had dropped from 2020, 47 percent of cybersecurity firms have faced problems finding the technical skills they need, whilst there was a recognition that understanding of cybersecurity issues at a board level is still lacking,” Ellis told Comms Business.

“Entering the cybersecurity market can seem daunting, owing largely to misconceptions about the need to read high-level code and be an online super sleuth. In reality, there are opportunities for partners to begin building a cybersecurity business and help broaden the UK’s cyber knowledge base in support of the cybersecurity strategy’s aims.”

Channel partners should look for trusted cybersecurity solutions that they can resell, Ellis continued, with training to support actioning of services.

“There are also enablement programmes available that will help partners transform their business around new operating models and high growth markets, such as moving to being services-led, or managed services to managed security services,” he commented.

“Such programmes can provide comprehensive training and development, such as simulated cyber-attack environments and cyber labs, to help partners expand their capabilities and grow their business. Tools such as Canalys Alys can also allow partners to benchmark themselves against the wider market and identify business opportunities, providing greater certainty for business decision making.”

Channel vendors have a key opportunity to play their part in building a more robust cyber landscape – but this will only be achieved through committed time and resources, said Chris Hurst, general manager UK and Ireland at Kaspersky.

“The government’s new strategy presents an opportunity for channel vendors to contribute to strengthening the UK cyber ecosystem and the technologies essential to digital UK, aligning their engagements to share their specialist knowledge and become more targeted in who they partner with, and which sectors they target,” Hurst said.

“As the ‘network effect’ grows to establish digital UK, such as channel vendor partnerships with resellers or distributors that engage directly with citizens and businesses, the exponential growth of data sharing is furthered – bringing with it its own risks. It is important that data sharing between businesses is secure by standards – which is something else the government must supply guidance on.”

Widened scope

One element of the government’s cybersecurity ambitions that will have particular impact for the Channel is the recently announced plans to update the Network and Information Systems (NIS) Regulations, widening the scope of the companies subjected to the measures to include managed service providers (MSPs).

This will mean that MSPs could face hefty fines if they fail to comply with the regulations’ standards including putting risk assessments in place, reporting incidents and having appropriate plans in place for fast recovery.

Vadim Solovey, chief technology officer at DoiT International, commented: “As an MSP, we regularly undertake rigorous independent audits and certify our compliance with the highest industry standards, including ISO27001, SOC 2 and SOC 3. This ensures that our systems and processes are secure and robust enough to give our colleagues and customers the confidence and trust that allows us to do our best possible work.

“With critical infrastructure seeing a marked rise in cyberattacks, it’s paramount that the organisations delivering services to that market don’t introduce additional risks and vulnerabilities. While the regulatory update may introduce additional costs and administrative burden, the net result is a more secure ecosystem and peace of mind that our critical systems are safe — which benefits everyone.”

Scott Nicholson, Co-CEO of Bridewell Consulting said that given the major acquisition and consolidation seen over the years, the changes will add to the complexity of work undertaken by MSPs and that many will be looking for support from trusted cybersecurity partners.

Often MSPs deliver complex activities that require high levels of access and this has long been a risk that is either misunderstood or under regulated,” he commented.

Fresh initiatives

The Channel will undoubtedly need to work to address the cybersecurity challenges faced by the UK and should not be complacent in continuing to provide the guidance businesses need, said Ed Baker, VP global channel sales at Trellix.

“With the strategy touching on the likes of skills, the development of new technology increased business resilience, and leadership, businesses will welcome new initiatives aimed at strengthening defences against the threats of tomorrow,” Baker commented.

“For instance, the use of threat intelligence will help organisations adapt and strengthen detection, using ML analytics to predict and detect attacks, identify root causes, and guide adaption and response through automated workflows. This approach will empower security teams by providing them with the data needed to make security-related decisions in real-time.”

This feature appeared in our March 2022 print issue. You can read the magazine in full here.