Cybersecurity Industry Falls Short on Collaboration, Says Former GCHQ Director

In a world where economies are increasingly protectionist and nation-states emphasize their own sovereignty, cybersecurity organizations must strengthen their collaboration, according to Sir Jeremy Fleming, former director of the UK's Government Communications Headquarters (GCHQ). Speaking at Palo Alto Networks' Ignite event in London on March 13, Fleming emphasized the need for cybersecurity organizations to work together to address the growing threat of cyber-attacks and nation-state-sponsored activity.

The impact of geopolitics on the development of technologies has never been more profound, with escalating tensions and nation-state-sponsored cyber-attacks posing an unprecedented threat to global security and stability. Fleming noted that these domains are so interconnected today that it should not only concern technologists but also companies' boards and members of the C-suites.

Fleming, who was GCHQ's director between 2017 and 2023, said he had never seen such a level of volatility in the cyber threat landscape. He explained that ransomware – and cybercrime generally – continues to be the crime organizations are most likely to suffer from in the UK, the US, and many other countries. "There is no sign that it is dying down," he added. "Law enforcement is unable to go after the ransomware groups in a significant way to stop the trend."

However, Fleming said that organizations can protect themselves against these threats. "Getting the basics right is still pretty good for most threats, including those involving AI," he said. However, he argued that threats posed by nation-states or state-sponsored activity are almost impossible to stop.

State-Sponsored Cyber Offensive Behavior

Fleming observed three main trends in state-sponsored cyber offensive behavior: "While I am extremely wary of militarizing cyber and avoid terms like 'cyber warfare,' I think in the context of war like in Ukraine, cyber intrusion and information operations have been used on both sides, even though always as a part an overall military strategy, not a silver bullet," Fleming explained.

The Need for Collaboration

Fleming argued that this new geopolitical context brings increased volatility in cyber threats and motivations from states to deploy more effort to gain greater sovereignty, which requires the private sector to adapt. He provided two recommendations for business leaders, cybersecurity practitioners, and cybersecurity providers.

Recommendations

First, he highlighted that geopolitics must be understood across the board. "Companies need to have geopolitical threat intelligence alongside cyber threat intelligence," Fleming said. Second, he said the cybersecurity industry must do better at sharing its understanding of the threats.

"No companies, including the big security companies on the West Coast of the US, can provide enough insight on their own," he added. "Sharing information at a broader scale and a more rapid pace will enable the cybersecurity industry to spot important nation-state activity before it causes too much damage," Fleming concluded.