Dr Catherine Mulligan, Research Fellow in the Innovation and Entrepreneurship department with a joint appointment to the Department of Computing, highlights effective and manageable cybersecurity in an age of cyber attacks.
As the world reaches new levels of digitalisation, the need for effective and manageable cybersecurity becomes evermore apparent. Cyber attacks have been listed as one of the top four threats to UK National Security since 2010, and given recent events – such as a series of company hackings and possible interference with the US election – such activity seems set to intensify. While digital disruption has provided great opportunity for new business models to emerge, it has simultaneously created new means by which companies, cities and nations can be attacked.
Importantly, it is not only malicious threats – such as criminals, ‘hacktivists’ and hostile nation states – that create issues from a security perspective. Ensuring that code operates as intended is a critical aspect of ensuring systems’ safety. Improperly written code can lead to bugs in smart city systems with the potential to cause industrial accidents – or even loss of human life.
We urgently need means by which to ensure citizens, companies and governments can trust the data and information they receive. People have an increasing understanding of the privacy and security implications associated with digital technologies and without effective security assurances, consumers may reject or reduce their use of certain products and services.
Cybersecurity is a cornerstone of the digital economy. Without it, some of the most basic foundations of our economic system will be brought into question – like the ability to trust the data and information that our banks and companies give us, and the reliability of our news sources.
Moreover, as technologies such as sensors, mobile, cloud and big data become more embedded within industries, a reliable approach to cybersecurity will be required at all levels of a corporation. Business leaders need to understand not just the potential of digital technologies, but also how to effectively protect both their own and their customers’ data. This will require a shift in strategic thinking for many.
Traditionally, most companies approach cybersecurity with the aim of preventing attacks. In today’s sensor and data-intensive market places, we need to take a deeper inspection of how to track, trace and secure data, both within corporate boundaries and when externally transmitting between companies and to customers. This is not only to protect the reputations of the companies in question, but also to effectively work within an emerging risk environment – the legal liabilities of data loss will become increasingly complex as data sharing, big data, artificial intelligence and machine learning begin to form the basis for our economy.
This will not only require stakeholders to become more involved across a business – and sometimes even across an industry – but also the education of employees on how data can be secured and protected in these new digital environments. In addition, all business leaders need a sound understanding of cybersecurity engineering basics, and the impact of potential breaches to their business and the surrounding industrial ecosystem.
We are therefore at a critical juncture in our use of technology: it can be used to create further digital disruption and new business models, or it can become so risk-filled that we cannot trust it. Within my research team at the Centre for Cryptocurrency Research and Engineering, we have been actively investigating how incentives can be used to create more effective cybersecurity insurance markets, and how blockchain (distributed ledgers) can be used as an early warning system against hacking of critical infrastructure such as energy networks and smart city installations.
By developing digital disruption frameworks and looking at how to deliver robust cybersecurity recommendations to companies, we are hopefully going some way to reduce the inherent risk of an increasingly digitalised society.