Central Government updates
Sign-up to get the latest updates and opportunities from our Central Government programme.
To make the most of your techUK website experience, please login or register for your free account here.
Technology is evolving like never before bringing with it so called artificial intelligence (AI) and huge increases in computing power that are set to deliver all manner of improvements for the human race, for example, new breakthroughs in healthcare and fighting disease. However, powerful new technology can equally be used for malign purposes, bringing increased threats. From fraudulent financial transactions to misinformation that puts soldiers’ lives at risk, AI is fuelling the latest attack vectors against nation states, government departments, and enterprises alike.
A growing number of FTSE companies have been subjected to convincing impersonation-based attacks attempting fraud, with five attacks on FTSE 100 companies and one on a FTSE 250 reported so far this year, and this is probably just the tip of the iceberg. AI has been used to generate deepfake clones of CEOs that then instruct employees to transfer money for a deal that requires speed and secrecy – a takeover for example. The attacks, which typically use a mix of unmonitored and insecure instant messaging (e.g. WhatsApp) and voice calls using the cloned voice, are now so prevalent they have been dubbed the ‘CEO scam’.
While the reporting of these cases focuses on the financial fraud aspects of impersonation-based attacks, it is not difficult to see how this technology could be put to even more nefarious purposes. For example, nation states looking to subvert the democratic political process, disrupt critical national infrastructure, or gain military intelligence. Indeed, only a few weeks ago the then Foreign Secretary, David Cameron, was the victim on of a hoax video call from someone pretending to be the former Ukrainian President Petro Proshenko with whom he’d had numerous face-to-face meetings. Fortunately Mr Cameron thought something was amiss when sensitive information was requested and so finished the call.
With the growth of AI, impersonation-based attacks using deepfakes will become more commonplace and even more believable. This is reinforced by an assessment from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) https://www.ncsc.gov.uk/news/global-ransomware-threat-expected-to-rise-with-ai which reports that the growth and accessibility of AI will rapidly increase the number and believability of ransomware and other attacks. As AI gathers momentum so the barrier to entry is lowered meaning that relatively unskilled threat actors such as novice cyber criminals, hackers-for-hire and hacktivists are able to carry out more effective attacks.
So what can organisations do to protect themselves from what is fast becoming a new attack vector?
Tackling Deepfakes and other Impersonation-based attacks
Eventually people will become better able to spot deepfakes, in the same way that most of us don’t believe every photo we see, knowing that it is all too easy to manipulate images using software. However, there is an immediate need for organisations to do everything they can to protect themselves and their employees from becoming victims of this newest threat.
Increasingly, authenticating the source of news, content, and all manner of communications is critical. Being able to trust that you are communicating with the genuine person (and not an impostor) will be a key to safety online, and for any type of transaction, whether that is taking financial or legal instructions from colleagues or customers, sharing commercially sensitive information with third-parties in the supply chain, or discussing matters of state with trusted advisors and co-workers.
Identity-based Encryption will help to mitigate the risk
Technology is already available to protect sensitive business communications via voice, instant messaging and video conferencing. Secure communication solutions that use identity-based encryption, such as the NCSC’s MIKEY-SAKKE protocol https://www.ncsc.gov.uk/information/the-development-of-mikey-sakke, help organisations to verify that only approved participants can join a group call or chat group, meaning that everyone on a video conference call (for example) has been authenticated. This type of security feature is NOT provided by mass-adoption communication platforms, where very often all that it needed to set up an account is a mobile phone number or email address, and those are very easily spoofed, hacked or compromised (e.g. by SIM-swapping).
For protecting the most sensitive of conversations, such as state secrets, military movements, or government negotiations, there are highly secure, on-premises communications solutions that can be used. By running an on-premises solution organisations significantly reduce the potential attack vectors, as well as keeping total control of every aspect of their sensitive communications,
However, every organisation has important information that they would not like to fall into the wrong hands, for example, price lists, customer details, product formulae, legal or financial instructions from clients, clinical or pharmaceutical research findings, patient records, amongst many other things. All organisations can benefit from using a secure communications platform to protect corporate assets and intellectual property.
Whether deployed on-premises (on in-house servers), or as a secure hosted solution, an enterprise-grade secure comms platform that covers voice calls, instant messaging and video conferencing ensures UK data sovereignty, i.e. organisational data stays on sovereign soil (something that Microsoft has recently admitted it can’t guarantee, even for UK Government users) and data separation (no mixing of data, be that of different classifications of data, or business and personal).
As this recent proliferation of impersonation-based attacks demonstrates all too vividly, organisations of every shape and size in both public and commercial sectors need to start taking the cyber security of their communications seriously. This means banning the use of unsanctioned shadow IT for business purposes. When a built-for-purpose, Secure by Design secure comms platform can provide a slick user experience to rival any consumer app, plus the ability to manage and control organisational data, there is really no need to use consumer-grade apps.
Building the Smarter State is techUK’s flagship public services conference for public sector digital leaders. 2024 marks the tenth anniversary of this hugely influential conference, where we will focus on the most pressing and important topics for public sector digital transformation.
Head of Central Government Programme, techUK
Heather is Head of Central Government Programme at techUK, working to represent the supplier community of tech products and services to Central Government.
Prior to joining techUK in April 2022, Heather worked in the Economic Policy and Small States Section at the Commonwealth Secretariat. She led the organisation’s FinTech programme and worked to create an enabling environment for developing countries to take advantage of the socio-economic benefits of FinTech.
Before moving to the UK, Heather worked at the Office of the Prime Minister of The Bahamas and the Central Bank of The Bahamas.
Heather holds a Graduate Diploma in Law from BPP, a Masters in Public Administration (MPA) from LSE, and a BA in Economics and Sociology from Macalester College.
Programme Manager, Central Government, techUK
Ellie joined techUK in March 2018 as a Programme Assistant to the Public Sector team and now works as a Programme Manager for the Central Government Programme.
The programme represents the supplier community of technology products and services in Central Government – in summary working to make Government a more informed buyer, increasing supplier visibility in order to improve their chances of supplying to Government Departments, and fostering better engagement between the public sector and industry. To find out more about what we do, how we do this and how you can get involved – make sure to get in touch!
Prior to joining techUK, Ellie completed Sixth Form in June 2015 and went on to work in Waitrose, moved on swiftly to walking dogs and finally, got an office job working for a small local business in North London, where she lives with her family and their two Bengal cats Kai and Nova.
When she isn’t working Ellie likes to spend time with her family and friends, her cats, and enjoys volunteering for diabetes charities. She has a keen interest in writing, escaping with a good book and expanding her knowledge watching far too many quiz shows!
Programme Manager, Central Government, techUK
Austin joined techUK’s Central Government team in March 2024 to launch a workstream within Education and EdTech.
With a career spanning technology, policy, media, events and comms, Austin has worked with technology communities, as well as policy leaders and practitioners in Education, Central and Local Government and the NHS.
Cutting his teeth working for Skills Matter, London’s developer community hub, Austin then moved to GovNet Communications where he launched Blockchain Live and the Cyber Security and Data Protection Summit. For the last 3 years he has worked with leaders in Education across the state and independent schools sectors, from primary up to higher education, with a strong research interest in technology and education management.
Team Assistant, Markets, techUK
Ella joined techUK in November 2023 as a Markets Team Assistant, supporting the Justice and Emergency Services, Central Government and Financial Services Programmes.
Before joining the team, she was working at the Magistrates' Courts in legal administration and graduated from the University of Liverpool in 2022. Ella attained an undergraduate degree in History and Politics, and a master's degree in International Relations and Security Studies, with a particular interest in studying asylum rights and gendered violence.
In her spare time she enjoys going to the gym, watching true crime documentaries, travelling, and making her best attempts to become a better cook.
Programme Manager, Cyber Resilience, techUK
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Sign-up to get the latest updates and opportunities from our Central Government programme.
Director, Armour Comms