12 November 2013
Whatever your preference on the Brexit decision, there’s no doubting that the United Kingdom’s ongoing exit from the European Union will have a profound effect on businesses all over the world. From impacting how UK businesses do trade with their European counterparts to changes to import taxes and uncertainty around corporation tax, a range of issues are up in the air come 31 October.
But the implications of Brexit on cybersecurity are as uncertain as the actual effects of Brexit on the UK itself. Industry experts remain none the wiser what the situation will be when Britain finally leaves the EU. And that in itself is reason for concern.
Blurring the Boundaries
Until now, the EU’s strategy on cybersecurity initiatives has been largely focused on interconnected, interdependent, cross-border digital infrastructure and cooperation between national intelligence teams. While the chances of cyber incidents causing disruption across EU countries and the UK are high, so the UK’s collaboration in such events will be vital to the security of citizens across Europe. However, as yet, no decision has been voiced on whether the UK can remain a part of the EU’s cybersecurity framework.
This uncertainty comes at a time when the UK and the EU need to work together on cybersecurity more than ever before. Not only does the landscape of growing emerging threats demand they work together, there’s also the fact that up to 30% of the EU’s military capabilities are owned by the UK. That’s too much for the EU to do without and too little for the UK to stand alone.
Thinking back to the WannaCry attack in 2017, when ransomware infected over 230,000 systems in more than 150 countries, the UK was instrumental in supporting investigations and enabling hundreds of arrests as part of the Joint Cybercrime Action Taskforce. This, on top of the UK’s 20-year membership of Europol, is indicative of how important the UK is to the EU in its ongoing fight against cybercrime.
EU and UK cooperation on cybersecurity is vital beyond Brexit as cyber-threats from hostile states intensify and increase on sophistication. Putting up barriers to keep the UK out of intelligence and information sharing will be detrimental to both parties.
Brexit demonstrates the simple fact that government policy matters are more important to security than most people realise.
The strength of UK cybersecurity has been reliant on collaborating across national borders. A post-Brexit UK may struggle to defend itself from cyber-attacks if it loses that cooperation with European agencies and data security authorities. It may also lose the vital sharing of information and knowledge around cyber-attacks, while losing membership of Europol could significantly affect the country’s ability to defend against cross-border cybercrime.
Then there’s the issue of data protection. While our data protection should be covered by GDPR, which was written into UK law by the Data Protection Act 2018, we may encounter problems if and when the EU updates the regulation.
Cyber Skills Depletion
The cybersecurity industry is already in the midst of a global skills shortage and Brexit will only make the talent pool shallower. For example, Europe is likely to face a skill gap of 350,000 by 2022, while between 20 to 30% of cybercrime vacancies in the UK currently remain unfilled.
There is currently plenty of opportunity for talented cyber professionals to take their ability anywhere in the world. But Brexit promises to not only prevent this but also restrict their skill development and thwart their opportunity to become assets for businesses and their countries alike. That restricts their careers but also inhibits organisations from getting access to the best cyber talent.
Furthermore, UK universities, which are essential to blooding the next generation of cybersecurity talent, will lose access to huge amounts of EU funding post-Brexit. This therefore raises further questions about our ability to produce the future talent we need to fill the cybersecurity skills gap.
A Shift in Government Attitude
Until recently, anyone entering the United States Marine Corp regardless of their specific skillset and capability was, first and foremost, a rifleman and every recruit began with a boot camp. However, discussions are ongoing to soften this attitude, including allowing skilled technical people to join under the Marines umbrella without necessarily having to fire a gun.
This is indicative of shift in Governmental attitudes towards cybersecurity and IT generally. They realise the need to be more pragmatic towards protecting themselves from the specific security threats they face.
Cybersecurity is more important than ever, with the FBI estimating that more than 4,000 ransomware attacks occur every day and the sophistication of the cybercriminal only increasing. It’s therefore imperative that we don’t allow Brexit to become an obstacle to the vital work we do.
While we’re still in the dark about what will happen to cybersecurity post-Brexit, we are right to be concerned and demand government involvement in assuring our industry on its future.
If you are concerned about the online security of your business, Orange Cyberdefense offers advanced security operation centres based in the UK. We work hard to truly understand your business, not only by monitoring your infrastructure, but also acting as an early warning system to detect and resolve threats before they have any impact.
Contact one of our local office today if you are interested in our services.