The UK Government is warning British businesses to bolster their cyber security to “help defend the nation from actors with malign intent.”
Addressing the recent NATO Cyber Defence Conference in London, the Chancellor of the Duchy of Lancaster, Pat McFadden, warned that adversaries malign – including Russia – were already engaged in cyber warfare that extended beyond the battlefield and onto the home front.
He explained how the Russian military and its “unofficial army of cyber criminals and hacktivists” were using artificial intelligence (AI) in a hidden war to target the UK’s infrastructure and institutions. “Russia won’t think twice about targeting British businesses in pursuit of its goals. It is happy to exploit any gap in our physical or cyber defences,” said McFadden. “And so I urge them to do everything in their power to strengthen their own security and protect themselves, the country and our allies from this threat,” he said.
The speech is yet another chilling reminder of the threats facing all businesses and organisations and underlines the importance of constant vigilance and ongoing investment to maintain defences. While the intervention of government ministers – supported by senior national security officials – is an escalation of the rhetoric, the task of ensuring the safety and security of businesses and organisations is shouldered by a sector committed to keeping people safe.
As an industry, we’re constantly playing a game of cat and mouse, not only to ensure defences are sufficiently robust, but also to predict what might happen next so that organisations can stay one step ahead of those who wish them harm. In recent years – and spurred on by the threat posed by artificial intelligence (AI) – the industry has turned increasingly to cloud technologies and automation to enhance efficiency, scalability, and responsiveness so that it can be better prepared for any eventuality.
The rise of automation in cybersecurity
As a result of the constant bombardment of cyber threats, automation has become a cornerstone of modern cybersecurity. By automating repetitive and time-consuming security tasks – such as vulnerability assessments, patch management, and compliance monitoring – IT and security teams can reallocate their resources to more pressing issues elsewhere.
For instance, implementing automated vulnerability scanning tools enables continuous monitoring of systems for known vulnerabilities. When combined with automated remediation processes, this ensures that identified issues are promptly addressed, freeing up valuable team resources and accelerating compliance with regulatory standards. Similarly, automation in compliance management goes beyond mere alerts, actively driving corrective actions to reduce the risk of non-compliance penalties. This shift not only accelerates response times to potential threats but also minimises the likelihood of human error by removing manual interventions from the remediation process. Or to put it another way, if cyber criminals are leveraging AI to enable attacks, it makes sense to use similar technology to blunt their assaults. In a sense, it’s part of a cyber arms race. But it’s only effective if we can keep pace – or get ahead – of the threat.
Leveraging cloud-driven insights for proactive risk management
For many organisations looking to make their systems more robust, the rise in automation has gone hand-in-hand with the adoption of cloud technologies. While such platforms offer unparalleled scalability and flexibility, they also provide advanced analytics that deliver real-time insights into potential security risks.
By harnessing these cloud-driven insights, organisations are now better able to anticipate and mitigate risks before they escalate into significant incidents.
For example, cloud-based security information and event management (SIEM) systems can aggregate and analyse data from various sources at scale and at pace. By identifying anomalous patterns that might point to a potential threat, this proactive approach gives security teams an early warning of any threat enabling them to take immediate action across any size of digital estate.
Securing containerised workloads in cloud-native environments
This is important, not least because the digital landscape is becoming ever more complex. Take containerised workloads, for example. These have grown in popularity not only because they are more efficient, they also offer improved application portability. However, the downside is that they also expand the attack surface. And that means introducing robust security measures to tackle these issues head-on.
Integrating security within container orchestration platforms like Kubernetes is essential to protect containerised applications. It involves implementing security controls such as image vulnerability scanning, runtime monitoring, and policy enforcement directly within the orchestration framework.
Best practices for enhancing security across hybrid environments
All of which point to one thing. If businesses and organisations are to protect themselves from the constant barrage of threats – if they are to heed the most recent warning from senior government and security officials – then they need to take a strategic approach to their security.
It is no good taking a piecemeal approach. Instead, organisations need a comprehensive approach – one that combines automation, real-time insights and scalable cloud technologies.
Key best practices include:
- Comprehensive visibility to maintain real-time visibility into all assets, including endpoints, servers, and containers, is crucial.
- Automated threat detection and response to minimise the window of opportunity for attackers.
- Policy enforcement and compliance monitoring to ensure enterprise-wide consistency.
- Integration of security tools for seamless data sharing and coordinated responses to threats.
- Regular security assessments to identify and address potential weaknesses in the infrastructure.
- Ownership and continuous governance at board-level for accountability for driving operational efficiencies in parallel to reducing and managing cyber threats to the entire organisation.
None of this is new. But the recent warning to the NATO Cyber Defence Conference acts as yet another reminder of the challenge all businesses and organisations face.
Concluding his speech to NATO, Pat McFadden said that “every day, we need to do this unspectacular work of plugging away at our cyber defences” which includes “identifying weaknesses, shoring up our national barriers, and continuing to work together”.
He has a point. With AI being weaponised to exploit vulnerabilities – and cyber criminals becoming more organised – it’s up to businesses and organisations to get their houses in order and be prepared. Cybersecurity is no longer just an IT challenge – it’s a shared responsibility to protect infrastructure, institutions, and national security.
About the Author
Dan Jones is Senior Security Advisor EMEA at Tanium. Tanium AEM delivers autonomous management of endpoints across the industry’s most comprehensive platform, providing solutions for asset discovery and inventory, vulnerability management, endpoint management, incident response, risk and compliance, and digital employee experience. Tanium AEM offers a set of distinctive features that transform how IT and Security organizations execute change safely and reliably in their environment — at scale, with confidence, and in real-time.
