• Brian Lord Obe, Managing Director at PGI Cyber


• 19.04.2017 12:30 pm
undisclosed , Brian joined PGI in September 2013, after 21 years with GCHQ. Brian left GCHQ as their Deputy Director for Intelligence and Cyber Operations. Brian served in a wide range of roles for GCHQ, at home and abroad, and has deep experience drawn from many years’ experience across the breadth of Intelligence and Cyber operations. He is a leading thinker in the area of Cyber Warfare.

A ‘cyber mythology’ has been created by the industry to sell unnecessarily expensive solutions through fear. All recent high profile cyber-attack incidents could and should have been prevented with relatively low cost solutions. It is necessary to simplify everyone’s understanding of the threat.

In the last week alone I have dealt with major clients from the Banking, energy, telecoms and retail sectors as well as many small businesses.  The threats are very different but the common denominator is one of confusion of what exactly they need to do to protect themselves and their horror at what they had been quoted elsewhere to help resolve a problem they didn't understand. 

The reason breaches are growing is because companies aren’t protecting themselves properly, because they are being made confused by the cyber security vendors. A ‘cyber mythology’ has been created by the industry, to sell unnecessarily expensive solutions through fear. All recent high profile cyber-attack incidents could and should have been prevented with relatively low cost solutions.

It is necessary to simplify everyone’s understanding of the threat.  Whenever I give advice to clients on this subject to business or at a national level to formulate national security policies, the client emphasis is always around finding expensive technical solutions.  The unfortunately more boring but more realistic (however considerably more effective and cheaper) solutions reflect a blend of technology, human education and procedural measures.  And that blend depends entirely upon the type of threat a company faces. 

I hope on the back of the breach Report, the new National Cyber Security Centre continues to make information easy for public and businesses to digest so they can become smart demandeurs of solutions, and works more robustly and innovatively with the Security Industry to remove some of the artificial expense for wider business to achieve certification and accreditations.

It isn’t either expensive or complicated to understand and manage these risks.  But while it is still made so - the figures in these reports will continue to grow and we will be no safer.