Cyber security – A personnel issue
All businesses collect and store data.
However despite the impact technology now has on our everyday lives, most of us until very recently have been blissfully unaware of the genuine threats we now face in this everchanging digital landscape.
There is an undeniable a growing sophistication coming from within the cyber-crime community that shows a clear demand for more robust methods of defence.
Ransomware now eclipses most other digital threats and indiscriminately affects victims across multiple industries in both the public and private sectors.
The tipping point for the UK business community came in May 2017, when over 200,000 computers in over 150 countries were affected with the WannaCry
ransomware. This had a significant impact on the operational capacity of thousands of businesses most notably, the National Health Service, whose digital records were severely affected.
For companies that rely on big data to operate, a data breach resulting in the partial or full loss of data or a significant alteration of files would almost certainly
result in closure.
Unsurprisingly, the demand for cyber-security has never been higher. Yorkshire’s push for a strong digital economy means several companies are providing solutions to keep the region’s businesses secure. One such company is Bradford-based ECSC whose Director, Ian Mann, is leading the charge by providing companies with the tools to prevent and deal with cyber-threats.
“A cyber-security breach is a loss of confidential data which can occur in a number of ways. Some of the more common ones are systems that are connected to the internet, such as websites, where they may be collecting data. Those get hacked, but there are other routes to data breaches as well, for example users get targeted with fake email and visiting websites which can hack their computer and give the attacker access to the organisation.”
However, as Ian points out, a breach can come in many forms and not always with the most obvious entry point.
“Even simple things like plugging in a memory stick into a computer at work that you might have plugged into your home computer can get infected and cause a breach at
work. There are a variety of ways breaches can happen, and organisations need to understand each of those and what they are doing to protect themselves against them.”
The cyber-threats we all face are ever evolving, and we are all vulnerable in ways we may not expect. One such area of cyber-security is ‘social engineering,’ a subject ECSC pays close attention to.
“What we are talking about here is essentially the ‘hacking’ of people. Targeting people to cause a security breach is far easier than you may think and can be achieved in any number of ways. Attack vectors include deceiving someone to gain access to a building and tricking people to give you information face to face.
Another increasingly common method is to convince a person to allow access either over the telephone or email which mimics some of the techniques that hackers use where they will use a combination of social engineering and technical attacks.”
With issues of not only cyber-security but data protection as a whole at the fore, legislative action was taken by the EU Parliament on 14 April 2017 with the
aim of re-vamping its current data protection laws. The European Union’s General Data Protection Regulation (GDPR) will come into force on 25 May 2018 and early preparation for this could help ease the pressure on companies before the roll out.
“Without a doubt one of the biggest challenges in 2017 is preparing for the new data protection regulation. There are two significant changes for all organisations; the first
is that currently when you have a data security breach you have no legal obligation to report it, following may 2018 you will have to report breaches within 72 hours.
“Secondly, the level of fines has been significantly increased; currently in the UK the maximum penalty for a data breach is half a million pounds, however after May 25
2018 under GDPR that will rise to 4% of turnover.
“One of the things we are doing to help companies boost their cyber-security is running quarterly events up and down the country. What we find is essential to the success of these training sessions is that the events are run from our security operations centre here in Bradford, and that is helping people understand the legislation and what their obligations to create a safer digital workspace for both
businesses and customers.”