In all the great technological innovation the world is seeing, security is still an afterthought, says Jarno Limnell, director of cyber security, Stonesoft, a McAfee Group Company.
“Security by design will have to happen eventually, but will come little by little unless there is some catastrophic event that will move things along a bit quicker,” he told Computer Weekly.
“Revelations about surveillance by the US National Security Agency (NSA) and UK counterpart GCHQ have raised awareness of the importance of security in everyday activity,” he said.However, Limnell, a former advisor to the military and government in Finland, believes the revelations of internet surveillance by whistleblower Edward Snowden have had a positive effect.
“Consciousness of information security is increasing all the time, especially among governments, and in this regard, the UK is one of the clear front-runners.”
Limnell praised the UK government’s initiative to set up cyber security research institutesthat bring together academics in cyber security, mathematics and computer scientists across the UK
“I like the multi-party approach that enables specialists with different backgrounds to work on the same information security challenges,” he said.
Apart from research, Limnell sees security training as a key element to tackling threats. “Companies spend millions on technological controls, but few spend anything on education, which is stupid,” he said.The initiative forms part of the government’s plan to increase the UK’s academic capability in all fields of cyber security.
There also has to be a shift to a new security paradigm that aims at achieving cyber resilience. “This approaches starts with the assumption that a network can and will be breached,” said Limnell.
“It cannot only be about keeping the bad guys out, you have got to have a plan for dealing with attackers when they breach your defences; identifying the intrusion and containing it,” he said.
Cyber defence strategies can also never be static, he said. “The bad guys are constantly innovating, so security professionals need to do the same. Cyber security has to be a continually evolving process.”
This is also true of security technologies, but Limnell believes that the consolidation in the security industry will continue and that eventually will be made of relatively few big players.