Latest news with #digitaldefense
Telegraph
6 days ago
- Politics
- Telegraph
Britain's building a £1bn ‘army of hackers' – but they have already been outpaced by Russia
'The keyboard has become a weapon of war,' Defence Secretary John Healey announced at MoD Corsham, the UK's military cyber HQ, on Wednesday. Britain's digital defences are facing daily attacks from hostile states, he warned, and the time has come to fight back with a £1 billion injection to fund new artificial intelligence capabilities and an army of hackers. Yet while the money is certainly a welcome boost, the language used has raised a few eyebrows. It's 'talking about cyber operations as if they're new,' scoffed Matthew Savill, director of military science at the Royal United Services Institute (RUSI) on the BBC's Today programme on Wednesday. 'It's been 15 years since Stuxnet.' Savill, who it's fair to say has the inside scoop after several years as a senior civil servant in the Ministry of Defence (MoD), was referring to the highly sophisticated computer virus discovered in 2010 that had been used to sabotage Iran's nuclear facilities, widely attributed to a joint operation between the US and Israel. It was a watershed moment in cyber warfare – proving how nation states could now cause vast damage from behind a computer screen, without a shot being fired. Not only that, but it also revealed – to the concern of many – the impressive cyber operations several countries now had in their locker. Indeed, the US had made dominance in cyber a strategic goal as far back as the mid-1990s. China and Russia had quickly followed in the early 2000s, with Moscow investing heavily in technology to boost its intelligence units and Beijing openly integrating 'information warfare' into its military strategy. Britain, however, was slower off the mark. Despite first being hit by state-sponsored cyber espionage in 2003, when malware designed to steal sensitive data was found on a government employee's device, it wasn't until 2010 that the National Security Strategy officially ranked cyber attacks as a 'Tier 1' threat – on par with terrorism. Some 15 years on, as Savill told the BBC's Jonny Dymond, defence chiefs appear yet again to be 'catching up'. Government systems outpaced by cyber criminals The danger this lack of action and investment has put the UK in was laid bare earlier this month in a report by the House of Commons' Public Accounts Committee (PAC). Crumbling Government computer systems have been outpaced by cyber criminals, MPs warned, with more than a quarter of all public sector IT systems using vulnerable, older 'legacy' technology. Britain's critical infrastructure has already felt the impact of these weaknesses – from the devastating WannaCry ransomware attack on the NHS in 2017 to the recent hits experienced by retailers such as Marks & Spencer, the Co-op and Harrods. Each attack only reaffirms the need to improve resilience. Indeed, the UK Government is in no doubt of the need for – and effectiveness of – a world-leading cyber operation. Just keeping at bay the 90,000 cyber attacks the country has faced from hostile states in the past two years is difficult enough (double the previous number in the same time period up to 2023), less actually going on the offensive. 'One of the reasons you might be seeing a pivot to spending more money on cyber in our armed forces, rather than bombs and bullets, is because it can level the playing field,' says Prof Alan Woodward, cybersecurity expert from the University of Surrey. 'It acts as a force multiplier. 'Smaller countries can get a bigger bang for their buck – there's no longer as much need for an overwhelming physical superiority over the enemy, you can instead just turn off their lights and gas. We are a much smaller military nation than we once were – the armed forces can't even fill Wembley Stadium. So cyber is a way of punching above our weight. 'If you spend the money wisely and you can develop the capability, then there is the possibility you can be ready for some of the threats in what is an increasingly volatile world. It's what allowed Ukraine to make a damn good fist of fighting what on paper should be an overwhelming physical force from Russia.' Why Britain is still behind The UK's armed forces and intelligence agencies do in fact possess significant cyber expertise – Britain's GCHQ being the jewel in its crown, helped by its close allegiance with its counterpart in the US, the National Security Agency. Its offensive cyber unit once conducted a hugely successful cyber campaign against Islamic State in 2017 that made it 'almost impossible' for the terror group to 'spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications,' according to Jeremy Fleming, then-head of GCHQ. A major problem, however, lies in its size. The scale of its cyber teams is modest – numbering in the low thousands – and often relying on contractors or partner support for advanced operations. In contrast, adversaries like China or Russia deploy vast numbers of keyboard warriors. This was spelt out in the recent PAC report, which warned of a shortage of cyber skills experts, particularly in the public sector. Woodward points to two main reasons behind this: firstly, the lack of students opting to study engineering, and secondly, the poor pay on offer for those who opt for the civil service. In China, between 30 to 40 per cent of graduates have a STEM (science, technology, engineering or mathematics) qualification – compared to around 5 per cent 'if you're lucky' in the UK, he says. 'They're hard, complicated subjects and people don't want to do them, even though if you do computer science your chances of getting a job are practically guaranteed, and you'll be earning one of the highest salaries.' Yet the big-money jobs are generally only available in the private sector – where the pay on offer can often be nearly twice as much as their public sector counterparts. 'How do you compete against banks and people like that paying large salaries?' says Woodward. In contrast, other nation states like China are going 'hell for leather' in attracting the best talent to the military and government agencies. Industry insiders have certainly noted the skills shortage. 'Police, security services and government departments need to recruit and accelerate cyber skills and capabilities to stay one step ahead of the bad actors,' says Ed Dolman, head of Europe, Middle East, and Africa at digital forensics firm Cellebrite, which provides the MoD and other government agencies with the technology to carry out cyber investigations. 'Britain cannot afford to play catch up any more and sleepwalk into this increasingly dangerous world. 'Growing volumes of increasingly sophisticated cyber-attacks perpetuated by rogue states and organised criminal groups mean that ramping up the UK's security capabilities should be at the very top of the Government agenda.' A £1bn boost to UK cyber defences The Government has at least been looking to bolster its defences with cyber personnel. In 2020, the Government established a specialist unit called the National Cyber Force to carry out the UK's offensive cyber activity to protect the UK. Its aim is to reach 3,000 cyber experts by the end of the decade. To give a sense of scale of the fight Britain is up against however, estimates for China's own 'hacker army' range between 50,000 to 100,000. The latest £1 billion injection to the UK's cyber defences will fund a new Cyber and Electromagnetic Command, which will upgrade targeting systems using an artificial intelligence 'kill web' that connects military systems. Experts suggest it hints that the UK may start to go on the offensive with its cyber operations, similar to its allies and enemies. 'The UK has been very cagey about talking about its offensive cyber capability,' Savill told the BBC. 'It's only a very slight cracking open of what remains a pretty secretive world. But it sounds like they want to talk a little bit more about their ability to take on hostile states.' Woodward suggests the UK may in fact have far more capability than has been publicly acknowledged. 'The UK has definitely been building its offensive cyber capabilities,' he says. 'Indeed, just because we haven't yet used it, doesn't mean we don't have the technology. It's a bit like saying: 'I've got a nuclear weapon, you've got a nuclear weapon, but I'm behind because I've never used it.'' Instead, unlike Moscow, the UK has to be far more careful – and often it's better not to show your hand until you need to, he says. 'Moscow has been far more aggressive and brazen about it. They like the disruption. Putin's regime is very happy to play fast and loose with these things and takes a lot more risk than the British government is willing to. 'We would never admit to it [offensive cyber operations], because if we did it would be an act of war.' An 'ethical dilemma' For several years, Russia has carried out cyberattacks on Western critical infrastructure through criminal groups – allowing them to deny any involvement. Yet on the battlefield, particularly in Ukraine, they have been far more gung-ho with trying out autonomous AI weapons, such as drones that can recognise targets and fire. In its fight for survival, Ukraine has also tried such technology out. For the UK however, this presents an 'ethical dilemma'. 'Britain finds it hard enough with driverless cars,' jokes Woodward. Neither can it use criminal groups as a proxy for its dirty work. Yet, he suggests the UK has already carried out extensive digital espionage and may well be ready to unleash its own cyber weapons in the near future. 'If you're going for real disruption, like taking energy grids down, you don't want to play your hand,' he says, suggesting that it may have already started the process. Stuxnet, for example, was only discovered years after it had been lying in place. 'We may have already planted the seeds in various places. But actually triggering them is a different proposition – you don't want to use it until you really have to.' So while it might seem like we're late to the party, Woodward believes we may in fact be better prepared than some fear. 'It's not a sudden revolution in thinking, it's an evolution,' he says. 'I just think it's accelerated.'
Forbes
22-05-2025
- Business
- Forbes
Building The Future Of Cybersecurity—One Student At A Time
A cybersecurity intern represents the future of digital defense—growing real-world skills through ... More year-round, paid experience that helps close the talent gap from the inside out. Cybersecurity is a discipline built on trust, precision, and adaptability. As threats evolve, so must the people tasked with defending our systems and data. Yet for all the investment in tools and platforms, one area often remains underdeveloped: the human side of security. Developing strong, skilled professionals isn't just a workforce issue—it's a business imperative. Effective cybersecurity depends on people who understand your environment, your priorities, and your risk tolerance. But growing that kind of talent doesn't happen overnight, and it doesn't happen in a vacuum. It takes strategy, patience, and often, a shift in mindset. That's where a reimagined approach to internships comes into play. As Den Jones, founder and CEO of 909Cyber, puts it, 'When you onboard an employee, it's a couple of months ramp-up. I'd rather pay 35 bucks an hour to ramp them up than 200 bucks an hour.' Traditional internship programs follow a predictable, often inefficient format: a few weeks in the summer, a steep learning curve, and a handshake goodbye just when the intern is hitting their stride. What Jones and others in the space are pushing for is a fundamental shift—treat interns as part-time employees throughout the year. This allows students to grow with the company and hit the ground running during peak periods. It's a model born out of necessity and refined through experience. At Adobe, where Jones once led a robust internship program, he saw firsthand how effective this approach could be. Rather than saying goodbye at the end of summer, he'd invite standout interns to stay on part-time during the school year. That continuity paid off. 'Our hypothesis is: twist this round a bit. You grab a student at any time of the year, then they ramp up in summer, scale back to part-time during the semester, and ramp up again in winter,' Jones explains. 'That rhythm makes them far more valuable and reduces the cost and time of onboarding.' Jones is now putting that philosophy into practice with Intern Connect, a platform from 909Cyber designed to connect employers with valuable cybersecurity interns across the U.S. It's built to make internships easier, more flexible, and more aligned with the real-world needs of both students and businesses. Students benefit by gaining meaningful, paid experience in their field—often with better pay and more flexibility than typical part-time jobs. For employers, it's a cost-effective way to build a pipeline of junior talent who can evolve into full-time contributors. This isn't hypothetical. At a previous startup, Jones had interns conduct research and draft an article on AI and security. 'These are projects you might not have time for,' he said, 'but the interns did the legwork, and the content had real impact.' In other cases, he leveraged interns to cover overnight SOC shifts that full-time analysts didn't want. Hiring is expensive—and risky. Recruiters screen hundreds of candidates. Teams run through multiple rounds of interviews. Onboarding eats up weeks. And after all that, the new hire might still be a poor fit. Intern Connect flips that dynamic. With students working part-time and being paid less during onboarding, the stakes are lower—and the upside is higher. Plus, companies can evaluate talent in real time, with real projects, and decide whether to extend full-time offers based on actual performance—not just résumés and interviews. That makes internships a powerful filtering mechanism in a high-stakes hiring market. Jones isn't stopping at matching employers and students. He envisions a future where Intern Connect becomes a talent ecosystem—integrated with bootcamps, colleges, student chapters, and corporate partners. Discussions are already underway with recruiters, universities, and training platforms to build out this vision. There are even plans to offer short bootcamps to accelerate onboarding and help students ramp up faster. For employers, the cost to join the platform is minimal—$10 a month per user or $100 per year. That low price point reflects a key belief: building the next generation of cybersecurity professionals shouldn't break the budget. The cybersecurity industry doesn't have the luxury of waiting for perfect candidates. It needs to build them. And platforms like Intern Connect provide the tools to do just that. Instead of throwing money at job boards and crossing fingers, companies can nurture talent in-house, grow loyalty, and reduce hiring risk. As the demand for cyber skills continues to surge, the most resilient organizations will be those that learn to invest in the future—one intern at a time.
Daily Mail
07-05-2025
- Business
- Daily Mail
Memorising complex passwords and clunky text message 2-factor ID to be replaced by 'passkeys' in effort to beat hackers and boost web security
Memorising complex passwords and using clunky text message-based login systems are set to be a thing of the past as government departments begin a rollout of smart 'passkeys'. 'Passkeys' – already being used in the NHS - are now being rolled out by the government and promoted to the private sector. IT experts estimate they will save users one minute each time they sign in and be more secure. When a user first logs in, the system sends a digital key to specific devices. This allows a user to log in safely on future occasions without needing a password, text message or other code. The key remains stored on the device and cannot be easily intercepted or stolen – with third parties unable to access accounts using other devices. Feryal Clark, minister responsible for AI and Digital Government, announced the move at the National Cyber Security conference in Manchester today. He said: 'The rollout of passkeys marks another major step forward in strengthening the UK's digital defences while improving user experience for millions. 'Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages. 'This shift will not only save users valuable but it will reduce fraud and phishing risks that damage our economic growth.' The move is backed by the National Cyber Security Centre, part of GCHQ, which views passkeys as the 'future of online authentication'. NCSC Chief Technical Officer Ollie Whitehouse said: 'We strongly advise all organisations to implement passkeys wherever possible to enhance security… and save significant costs on SMS authentication.' It comes as hackers have ramped up attacks on Britain with 'nationally significant' incidents doubling in recent months, the UK's cyber security agency has revealed. 'Hostile nation states' led by China, Russia, Iran and North Korea are believed to be at the forefront of malign online activity, along with groups using ransomware to extort money. Speaking in the wake of the attacks on Marks and Spencer, the Co-op and Harrods, Dr Richard Horne, chief executive of the National Cyber Security Centre told how Britain faces a 'diverse and dramatic' threat. Dr Horne said: 'We've managed more than 200 incidents since September last year (until the end of March). And that includes twice as many nationally significant incidents as the same period a year ago.' In the year to last September, the NCSC managed 430 incidents including 90 significant and 12 hacks .at the 'top end of severity'. It means Britain is on course for as many as 180 'significant' or 24 of the most severe incidents in the 12 months to the end of August. Dr Horne highlighted the risk from organisations and businesses contracting out IT services. The cyber security expert urged 'every organisation' to plan IT infrastructure 'that seeks to minimise the scale of any attack's impact' and 'to be able to continue and rebuild when an attack gets through'. Dr Horne added hostile nations 'have weaponised their cyber capabilities' and are 'operating daily'. China 'remains the pacing threat in the cyber realm', while he warned of 'acts of sabotage' directed by Russia. The cyber security boss also pointed to an ongoing threat from Iran and revealed how British firms 'are being targeted' by North Korean operatives 'disguising themselves as freelance third-country IT workers'. In order to defeat hackers using ransomware, Dr Horne said organisations must build 'the resilience that's needed to ensure recovery can happen without payment'. Cabinet office minister Pat McFadden told the conference cyber attacks such as those on major retailers were 'serious organised crime' and should be a 'wake-up call for the public sector, for businesses up and down the country'. Mr McFadden also said that while 'critical infrastructure is more interconnected than ever', this 'creates risks and vulnerabilities' as the technology can be 'weaponised'. But as well as the threat, the minister said British IT firms – the third-largest exporter of online security products and services - could turn the situation to their advantage. A survey found cyber attacks may cost UK businesses as much as £64bn a year – with 53 per cent of firms having suffered at least one incident in the last three years. The research published yesterday by cyber security provider ESET also found 43% of affected businesses reported a long-term impact on growth – but 15% of businesses had no cybersecurity budget. Jake Moore, Global Cybersecurity Advisor at ESET, warned: 'Cyber resilience is no longer optional – it's essential.'
