Since the voters of the UK decided to renounce their place in the EU last June much of the discussion around Brexit has centred on immigration, the economy and the influence of Brussels. However the topic of information security has remained rather elusive. Many of our readers want to know how Britain’s potential exit from the EU will affect their company from a security perspective. This Q&A post will clear up some of the burning questions.
Q: Should you bolster your security because of Brexit?
A: You should monitor activity on your networks more closely to see if there are any attempted attacks. Due to the increased media coverage of the EU referendum and opportunists attempting to attack you whilst your attentions are focused on the challenges of Brexit to your business.
Q: Am I more susceptible to phishing attacks?
A: In the short term, potentially! Any big news event (such as the EU referendum) will create opportunity for criminals to exploit and take advantage of the current situation. For example, you may get an e-mail saying “As the UK is leaving the EU, you will be moved to another office in Europe, click on this link to opt out!”. The best way to combat these types of attacks is to make sure your users are aware that they could be the victim of some opportunist attack.
In the long term, you will always be affected by these types of attacks. Make sure you have a good security plan in place to deal with them.
Q: Will I still be affected by the EU GDPR?
A: Not yet, because the EU GDPR is due to make an appearance in 2018. Elle Todd (Partner and Head of Digital and Data) at Olswang states that:
“Whilst the GDPR would not directly apply to the UK [if the UK exists the EU], the ICO has already made clear that it will lobby for reform of our data laws to ensure equivalence. Businesses therefore shouldn’t cancel their GDPR readiness programmes because of BREXIT!”
Thus, The Security Bureau recommends that you keep compliant and still prepare for it.
Q: What happens if I have EU data?
A: The Security Bureau recommends that if you have EU data you may want to potentially think about data segregation. Data stored in a foreign country is subject to the laws of that country. Make sure you know where exactly your data is kept and the level of security that surrounds it. This includes knowing where your data is when using any cloud services.
Q: Will my security technology still operate as effectively given the assumption that we won’t be sharing threat intelligence?
A: In the short term, we haven’t left yet so everything should be operating as normal.
In the long term, we’re not sure if this is the case (that UK businesses will be less secure due to the fact that they aren’t intelligence sharing with the EU anymore). However we don’t think your security devices (SIEM and the like) will be affected. If you have a multinational company operating the security service, you would expect the same service to run effectively whether you are in the EU or not!
Q: Will there be a shortage of Cyber skills?
A: Cyber security recruitment agency Adeptis Group say that it’s to early to say, but given the current shortage of cyber security talent, the UK may suffer in the long term. Jonathan Palling a Managing Partner at Adeptis Group says:
“It’s simply too early to tell what the real impact of Brexit will be on the UK Cyber Security staffing market over the short, medium and long term.
It’s reasonable to assume that the acute skills shortage in the UK market could be exacerbated by a weaker pound and lead to a ‘brain drain’ as UK professionals look to take higher paid jobs in overseas markets such as the US for example.
Overall Brexit may mean that the UK is simply less competitive globally in it’s ability to attract, develop and retain Cyber Security talent in a global market where the skills shortage is widely estimated to grow to 2 million people plus by the end of 2017. A shrinking talent pool will make it harder for employers to recruit. This in turn will weaken the UK’s ability to protect itself from the ever growing threat of Cyber Crime.”
As of today, nothing has changed. But it’s clear that you need to have contingency plans for new regulations in 2 to 5 years.
We hope that this has clarified some of the main questions our readers had regarding security and its relationship to Brexit. However if there is anything we haven’t addressed that you would like to know…feel free to ask us on twitter @TheSecBureau or contact us directly.