A year in cybersecurity: the view from industry

After hearing the NCSC’s insights into trends in cybersecurity over the past year, we asked cybersecurity experts for their observations on how cybersecurity threats are evolving.


Over the past 12 months or so we have seen the privatisation of nation-state capability in two separate ways.

Firstly, the release into the criminal sector of, albeit now relatively old, nation-state tools. Shadow Broker is the best example, releasing onto the internet tools which have their antecedents in the US National Security Agency. These are capable and are being seen in criminal activity; Wannacry and other well-known examples.

Secondly, certain nation states are outsourcing their offensive cyber capability; Russia and Fancy Bears and Olympic doping [Wada hacked emails], for example. The GRU attack on the chemical weapons facility in the Netherlands is another example. Also, the recent GandCrab ransomware is slowly being linked – tangentially but increasingly strongly - with a nation-state which is assessed to be hostile to the West. In other words, it looks like an outsourced nation state attack capability.

The other observation is ‘back to the future’: we are seeing an increasing number of attacks targeting end points. As companies begin to build security strategies which deliver strength in depth, so attackers are being forced to the edge. This is entirely logical, but it does mean that endpoint protection, both endpoint detection and response but also more generically, which were fashionable once, are now increasingly important.

Malcolm Taylor, head of cybersecurity at ITC Secure


Although this and other UN initiatives could take years to come to fruition, the balance of risks vs rewards is steadily tipping towards a system of rules for at least some nations, especially if this had geopolitical advantages mirrored in other economic and military ties.

A formal cybersecurity treaty of this kind would rest as much on its political and symbolic capital as its technical detail.

States need to advocate the need for cyber cooperation instead of cyber warfare. Indeed, states have an obligation to work towards such a treaty to make this happen to prevent harmful cyberattack. 2019 could be the year for such an agreement for neighbouring countries.

Ray Walsh, digital privacy expert at ProPrivacy


A key security issue organisations are increasingly facing is not only ensuring their own network is secure, but also the networks of suppliers and third-parties that plug into it. Cybercriminals are invariably after one thing – data. The richest and most lucrative stores of data are found in the largest organisations.

Naturally, due to the complexities of running a multinational organisation, these businesses have the broadest and complex supply chains. From third-party suppliers to white label clients, each connection with another business is a potential point of weakness, and it's something cybercriminals are increasingly willing to exploit. The Best Buy, Sears, Kmart and Delta breaches of last year were engineered through vulnerabilities within a third-party chat app, for instance.

As supply chain attacks become increasingly commonplace, it’s almost inevitable that a breach will occur. It’s a tough pill to swallow, but businesses need to recognise this and therefore ensure they have the capability to rapidly detect and respond to threats in order to mitigate any damage. 

Focusing on mean time to detect and mean time to respond as key security metrics is a good first step. That is, detecting a threat – whether it comes from a compromise on its own or a partner’s network – and subsequently shutting it down early in the cyberattack lifecycle. To achieve this, technologies like security information and event management or user and entity behaviour analytics, coupled with security orchestration, automation and response, should be key components of any firm’s security suite.

Ross Brewer, VP & MD EMEA at LogRhythm