We’re All in This Together: Why Fighting Cybercrime is Not a Question of Calling IT

Robert Hannigan, founder of the UK’s National Cyber Security Centre, explains why your digital supply chain might be both the cause and the solution for your cybersecurity worries.

Robert Hannigan, a former Director of the UK’s Government Communications Headquarters (GCHQ) is discussing the importance of connection. Connection, he believes, is both the greatest threat companies face in cybersecurity – and the best way to reduce cybercrime. By this, the man who helped create the UK’s National Cyber Security Centre, does not mean connection by technology, but something much more old-fashioned; relationships.

“Companies are now realising they’re connected to everyone else” he explains. The previous challenge was getting company boards to take the commercial and reputational risks of cybersecurity seriously – “they tended to think of it as just something for the IT department to worry about”. Now, the current challenge is harder to address.

Every company with an online presence is inexorably linked with numerous other companies – and unless their cybersecurity is up to scratch, this could be a problem.

“The supply chain ecosystem in which you exist as a company is a risk”, Hannigan explains, “Trying to get your head around that and your protections is really tough”.

Your company might, for example, partner with another company for online data analysis or to make your e-commerce site run. These are the kinds of partners we, as consumers, consent to our data being shared with when we click the ‘Accept All’ button that the General Data Protection Regulation (GDPR) introduced in 2018. But do you know the ins and outs of exactly what they do with that data? Could their protection of your sensitive data be less than you think?

Or perhaps you partner with a marketing company. Have you done full due diligence on how vulnerable their systems are to cyber attack – and whether there are security threats which need addressing?

Start to write down the full digital supply chain your company interacts with, and chances are you’ll find yourself quickly overwhelmed. Yet these are exactly the security risks and vulnerabilities Hannigan emphasises companies need to watch out for.

Not only this, but any deficiencies your company has in its defences could impact on other companies too. Pull at any thread in this ecosystem, and things start coming undone – something Hannigan knows only too well.

“We decided to set up the National Cyber Security Centre back in 2016 because we could see that this threat [cybercrime] was a massive threat to the whole economy”, he explains.

A solution could only be found by working together.

“The only way to respond to this threat was through a coalition of government and private sector. This is not a problem the government can solve alone – it’s just too big. Most of the resource, skills and networks are out there in the private sector owned by companies”.

So where does ultimate responsibility for keeping us safe online sit? With all of us, says Hannigan.

“Everybody has a responsibility”, he says emphatically. “Individuals need to be vigilant; companies need to be vigilant, and governments need to be vigilant. You need awareness at all levels. You won’t reach perfection but if everybody is aware and cautious and taking the right precautions you can reduce the risks by 80-90%”.

By way of example, Hannigan references the Internet of Things – better known to most of us as smart devices.

“These are essentially tiny processors in tiny computers and originally were built to be as cheap as possible. This meant they started out having no security at all – not even a password. Those standards are being raised by government regulation to ensure everything has a minimum standard of security”, he explains.

But responsibility cannot stop there. The companies that manufacture and sell smart devices need to ensure they are safe – and we, as users, also need to understand exactly what information we might be giving away and how, if we chose to, say, Ask Siri.

“It’s absolutely about everybody playing a part in reducing the risk” Hannigan nods, enthusiastically.

It’s a daunting task, but a thorough inspection of the companies your brand works with is a positive move for both your business, and society as a whole.