Last month the United States and United Kingdom commemorated the 75th anniversary of D-Day, a pivotal historical moment in which the two countries set an unprecedented standard of bilateral cooperation. Churchill and Roosevelt met on numerous occasions during World War II to discuss and deliberate strategy, and their hard work came to fruition on June 6, 1944 when Allied troops landed on the beaches of Normandy to liberate France from Nazi control. Now 75 years later, we come together to remember that an alliance between our nations can have an extraordinary impact.
These days the front lines have changed, modern threats to national and international security make the special relationship even more important.
We are now facing a world where cyber threat and the reputation-damaging consequences, dominate headlines worldwide. Only this week we are told that North Korea is employing thousands of hackers to commit cybercrime on a massive scale. The distinction between state-based cyberattacks and malicious criminal activity is now completely blurred and businesses worldwide are looking to the cyber “good guys” to meet the challenge.
This comes into stark focus when headlines tell us that a recent data hack and breach at the American Medical Collection Agency (AMCA) has now topped 20 million patient payment details lost, with these records now for sale online. With law suits already filed and the Attorney Generals in two states opening investigations, it isn’t just its tarnished reputation that will be dominating AMCA board meets this week.
Today, the United States and the United Kingdom are working together to fight this entirely new kind of adversary. The DPRK, Russia, and Iran employ criminal groups to launch cyberattacks in support of their national interests, but these attacks are equally driven by financial gain. Case in point: Shadow Brokers, the group who leaked ETERNALBLUE onto Wikileaks, forged a path for WannaCry and NotPetya ransomware attacks which impacted individuals, businesses, and governments on either side of the Atlantic. Protecting the U.S. and the U.K. against today’s dynamic cyber threat demands governmental and private sector cooperation, in the construction of a collective defense framework to address cyber risks across all sectors.
For this reason, the future of U.S. and U.K. national security depend on strong network security practices in business and in government. Many businesses today are unable to recognize or react proportionately to the risks they face from state-led cyberattacks. Individual entities are facing coordinated and highly sophisticated adversaries, yet they lack the financial or relational resources to keep pace. We can consider it asymmetrical cyberwarfare between offensive adversarial states and a set of defensive, globally-dispersed public and private sector targets.
To combat this threat, both the U.S. and the U.K. have established specialist National Cyber Security Centers (NCSCs). The American and British NCSCs collaborate with the explicit mission of mitigating state-sponsored cyber threats now targeting global economies.
However, state-based threats are only one strand of this transatlantic alliance, both these agencies agree that cyber risks are not simply the domain of rogue nations and cyber criminals.
It is seen as equally critical that businesses of all sizes recognize the growing threat of cyber breaches caused through poor internal processes, malicious or incompetent insiders and badly configured IT. Many of today’s most high-profile data breaches are simply tracked back to human error or exploited third parties in an organization’s supply chain.
To help businesses improve their cyber security posture, they advise the following procedures:
- Make cyber a boardroom agenda item
- Get your cyber basics right
- Have a plan for raising staff cyber awareness
- Have a plan for “if the worst case happens”
- Don’t just secure your own network, consider your supply chain
- Be compliant with data regulations
American and British NCSCs both agree that strong cyber defense begins with strategic partnerships. For most companies across professional services, agriculture or heavy industries, this means bringing in a team of unbiased cyber experts for help. ITC Secure wholeheartedly supports this approach and seeks to build broader awareness for the NCSCs’ approach, by advising companies to build data security governance before investing in new tools; to seek out solution providers who can deliver value according to needs and priorities; to invest in cyber training—because people ought to be companies’ first line of defense; and to outsource security operations’ needs when it makes sense.
About ITC Secure
ITC has over two decades of experience delivering cyber security solutions to organizations in over 180 countries. At the heart of ITC’s cyber services is a London-based, 24-hour, manned security operations center. From this center of excellence, ITC’s teams deliver high quality managed security services to help organizations manage the growing complexity of cyber threats and securely support their digital transformation.
ITC embodies the spirit of alliance toward a transatlantic collective defense. Between our U.S. and U.K. offices we are perfectly placed to deliver the critical capabilities that businesses need to meet today’s cyber challenges. Our services range from ground-level cyber assessments and reviews to give organizations a clear understanding of the risks they carry and provide strategic response support, right through to a fully-managed cyber solutions.
ITC Secure, both in London and in Washington, is committed to making the digital world a safer place to do business.