The war in Ukraine has brought to the fore challenges of cyber readiness within government agencies and stakeholders or suppliers of critical national infrastructure (CNI). However, in particular, such bodies in the UK face significant dilemmas such as knowledge and expertise, which are obstructing progress.
According to a survey released in late 2021 by Trellix – previously McAfee – and pollsters Vanson Bourne, which gathered the opinions of hundreds of security specialists from government entities and CNI organisations in France, Germany, and the United Kingdom. Despite the fieldwork being done months before Russia's invasion of Ukraine, the questions it highlights are incredibly relevant in the current conflict.
According to Trellix, the most significant hurdle to deploying new cyber solutions is a lack of personnel resources for 41 per cent of UK responders, followed by a lack of trustworthy partner providers for 39 per cent and a lack of implementation knowledge for 35 per cent. Tender and bidding processes were more of a problem for security professionals in France. Still, they also highlighted a lack of trusted partner organisations, a lack of funding, and organisational leadership's inexperience with cyber as obstacles. Tendering was an issue for German respondents, as it was for both the British and the French.
Endpoint detection and response (EDR), extended detection and response (XDR), and cloud security modernisation was rated as the most sophisticated defensive solutions by UK responders, with 37 per cent indicating they were "completely deployed" in this area. Zero trust was mentioned by 32 per cent of respondents, while multi-factor authentication (MFA) was cited by 31 per cent. MFA was also seen to be more challenging to execute in the UK.
On the other hand, the French are faring significantly better when it comes to MFA, with 47 per cent claiming full deployment, 35 per cent claiming full deployment of EDR-XDR, 33 per cent claiming full adoption of cloud computing security modernisation and 30 per cent claiming implementation of zero trust, correspondingly. In contrast, the Germans performed better in terms of cloud security modernisation, with 40 per cent claiming to have completed it, followed by zero trust (32 per cent), MFA (30 per cent), and EDR-XDR (27 per cent).
Respondents from all three nations agreed that software-supply-chain-risk management and policies were challenging to execute, especially in light of high-profile incidents like the SolarWinds hack, and that there was too little governance over how and where security solutions are developed.
According to the majority of respondents from each country, governments should recommend better standards in software cyber security. However, this was restrained by concerns that, among other things, government recommendations and timeframes would be challenging to meet and that too much surveillance would hinder their ability to think for themselves. However, survey respondents were unanimous in their support for institutionalised, state cybersecurity initiatives, believing that such measures would increase security.
Pluralities in each nation also called for better collaboration and interaction between the public and private sectors on security vulnerabilities – the British, in particular, were enthusiastic about mandating incident notification and liability safeguards, and respondents from all three countries favoured more specified commitment and support during continuing threats.