Brexit: Cybersecurity enters unchartered territory

Brexit confusion exists in almost every realm, cybersecurity included. It may not be top of mind but addressing it should be a top priority.

By Bill Clark

Fri 26 Apr 2019 @ 17:12

What Brexit means for the UK and organisations on both sides of the Channel is unclear. What is clear, however, is that it doesn’t make the already difficult job of cybersecurity any easier.

Over the decades, the British economy and that of the Continent have become closely interconnected. Furthermore, the digital transformation of the global economy has increased the connections between countries and companies.

EU membership has already transformed the cybersecurity and IT landscape in the UK in many ways. Cutting the connections could prove difficult and have long-lasting and persistent effects.

Pack your bags

One of the most dramatic and visible effects Brexit would have on cybersecurity is diminishing the pool of IT talent, both general and cybersecurity. Britain is the primary destination for tech professionals in the EU, with one-third of those migrating within the Union heading in that direction.

There is already a severe cybersecurity skills gap, with an estimated shortfall of 2.9 million staff globally. UK firms already struggling to fill positions may find experienced staff having to return to their home countries. Even if it is possible to hire staff from abroad, the more complex immigration requirements may make it harder to attract talent to the UK.

Cutting communication

Communication is crucial in dealing with cybersecurity. An isolated computer, connected to no other machines and with no connection to the outside world is not very useful, but it is very secure. But the usefulness of IT, IoT and cloud computing come from connectivity. Maintaining security across networks, whether intranets or the internet, requires communication between cybersecurity experts.

Cybercriminals share information, software and techniques. They operate across national borders. The UK participates in many organisations that monitor threats and share intelligence on such matters, including NATO and the Five Eyes network. These relationships would persist post-Brexit, but the relation of the UK to other monitoring, policy-making and strategy bodies, such as Europol, and the European Cybercrime Centre would change.

The government understands the need to participate in such policy making, but it may be excluded as threats and policies change. Even if it is included, as an outsider, it will have reduced influence in creating policy.

Policy drift

The provisions of the EU’s GDPR are now embedded in UK policy via the Data Protection Act 2018, which brings UK law into alignment with GDPR requirements. The UK has also adopted the Network and Information Systems (NIS) Directive, which is intended to achieve a high standard of network and information security throughout EU member countries. However, in addition to setting standards and penalties, the NIS Directive also sets up cross-border cooperative bodies and it is unclear how the UK would participate in these cases.

Given that the UK has aligned with much of the EU’s standards, things may seem well set. However, if the UK is not an EU member, it will not have a say in the European Parliament and in any new directives or amendments to existing standards.

While the Data Protection Act may mesh with GDPR today, in five years the acts may have diverged sufficiently that companies wishing to do business in both jurisdictions may find themselves having to follow two sets of compliance standards, tracking and documenting their adherence to both.

What course to follow?

Brexit presents a great deal of uncertainty for organisations and their ability to enact a strong cybersecurity strategy. However, there are steps you can take to maintain cybersecurity whatever happens.

Overcoming the cybersecurity skills gap has been a persistent challenge pre-Brexit and, as mentioned, will likely become more difficult. The application of technology, in the form of automation, UEBA and SIEM can reduce the amount of manual intervention required in the SOC. Furthermore, the staff you do have will be more effective when they have tools that help them get a clear, system-wide view.

Security tools that work across the organisation also make it easier to both communicate threats to security teams in satellite facilities, as well as with partners, suppliers and customers. Furthermore, cloud-based subscription services ensure that systems are always up to date, regardless of your organisation’s jurisdiction.

Integrated cybersecurity capabilities allow an organisation to track activity to ensure compliance with regulatory and financial requirements. Centralised record keeping, meanwhile, ensures that reports for specific regions or jurisdictions can be produced quickly and with minimal effort.

Learn more

Learn how LogRhythm helps you maintain cybersecurity best practice in a changing environment.