The privacy-security trade-off
Ordinary citizens normally value their privacy and may not like it when governments or security services have too much access. Governments and security services often argue that they cannot keep their citizens safe from
terrorism and other attacks unless they have access to private data.
One instance where this is being played out is in the argument over end to end encryption which encrypts messages and phone conversations using VOIP from when they leave the sending device to when they reach the receiving
device. This means they can't be understood if they are intercepted. Firms providing messaging services argue this is essential for secure messaging.
The government maintains that end to end encryption empowers child sex abusers and hampers the ability of the police and National Crime Agency to bring offenders to justice. They suggest that messages should be scanned first,
however, technology that could bypass encryption yet preserve privacy doesn't currently exist. Some legal experts argue the recently passed Online Safety Act invests Ofcom with powers to order companies to break encryption over
child safety concerns. Some major companies have threatened to leave the UK rather than weaken encryption.
Cyber security breaches
32% of businesses and 24% of charities overall recall any breaches or attacks from the last 12 months. This is much higher for medium businesses (59%), large businesses (69%) and high-income charities with £500,000 or
more in annual income (56%). The most common type of attacks experienced were phishing attacks with these being the only types of attacks seen by many small businesses. Larger businesses were more likely to experience other cyber
incidents such as impersonation, malware and unauthorized access by people within and outside their organisations.
The cost of cybercrime to the UK in 2023 was $320 billion US. It is estimated to be more than 5 times that amount by 2028. Predicted spending on cyber security varies with some small and medium firms more focused on the
economic environment.
Nation based threats
Recently the UK has accused Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The recent war in Ukraine has led to large scale hacking from both sides
by both state based actors and hacktivists. In the UK the National Cyber Security Centre(NCSC) as part of GCHQ helps protect the UK's critical services from cyber attacks and issues guidance to firms and citizens.
AI and cyber security
There are significant concerns around AI making cyber security threats worse. A recent investigation showed that ChatGPT could be used to create an AI powered app to generate more realistic text for phishing messages in
multiple languages within seconds. Deepfakes and other AI techniques could also be employed to create more convincing scams. There is also the potential for AI to improve cyber security through its ability to analyse vast amounts
of data.
Positive steps in cyber security
It is increasingly recognised that to help keep systems secure it is essential to train people to recognize the methods used by hackers and to practice good password management. Commonly it is people and protocols that prove
the weakest part of a network.
Firms should have plans in place to recover from an attack and systems such as backup to support that. More and more firms are recognising the importance of being prepared for cyber attack.
Firewalls and anti-malware software should be used to prevent unwanted malicious files affecting computer systems. It is common for both firms and individuals to have anti-malware software installed.