"The majority of the most popular vulnerabilities used by hackers to gain access to key data have been well understood and avoidable for ten years."
Elliot Rose, PA cyber security expert
Letter to the editor
Sir, The National Audit Office’s review of the government’s cyber security strategy reports that it will take 20 years to develop the sophisticated cyber skills needed to improve cyber security (“Cyber defence skills lacking, says report”, February 12).
Our focus should, however, be on improving basic cyber “hygiene”, which the report notes can prevent about 80 per cent of cyber attacks today.
Cyber security basics are things we can do today, but often don’t. The majority of the most popular vulnerabilities used by hackers to gain access to key data have been well understood and avoidable for ten years.
To make a real difference, business leaders should therefore consider cyber-risk prevention as part of their corporate risk management process. They should mobilise the basic skills – such as regularly applying updates, setting appropriate passwords and acting responsibly online – that they already have at their disposal.
We could wait two decades for an information assurance panacea, but we would have nothing meaningful to apply it to after 20 years of neglect and, in any case, these skills would be wrong for the very different challenges we will be facing in 2033.
Elliot Rose is a cyber security expert at PA Consulting Group