Data and securityCyber SecurityCyber matters – now not later

Cyber matters – now not later

Sean Green, IT Director for the City of London Corporation and City of London Police, shares his thoughts from the recent London and South Regional Conference where the focus was on cyber security

I was recently in the Chair for the Socitm London and South Regional Conference, where our main theme was cyber security. It was well attended by local government IT teams and industry suppliers; so cyber clearly matters.

However, most UK Boards will spend less than one to two per cent of agenda time covering the subject and only when a risk item is mentioned or when its too late and they have suffered the consequences of a breach or ransomware attack. This is despite the fact that IBM’s 2017 12th annual Cost of Data Breach Study, the industry’s gold-standard benchmark research, independently conducted by the Ponemon Institute, reported that the global average cost of a data breach is $3.62 million.

In 2016, the UK Chancellor of the Exchequer, Philip Hammond, stated that cyber attacks could bring down our national infrastructure. In 2017, at the opening of the National Cyber Security Centre, he reiterated his concerns:

  • The Office of National Statistics estimate that there were two million cyber incidents in the past year
  • If these numbers were included in our crime figures, the UK’s crime rate would double
  • The average British home has eight devices connected to the internet with over 85% of businesses online. With the growth of Bots and Internet of Things in the home and office this provides enormous potential for day to day attacks from electronic data theft
  • 65% of large businesses reported a cyber breach or attack in the past 12 months
  • Yet nine out of ten businesses don’t even have an incident management plan in the event of a cyber breach. Business must sharpen its approach as the scale of the threat from cyber increases and intensifies.

These are just a few of the headlines and in spite of the hardening of legislation with GDPR that came into effect on 25th May and the widespread publicity last year of the Wannacry Denial of Service attack on many public and private sector organisations, it has to be argued that not enough money and resource is being devoted to IT Security. Organisations are only spending 1-13% (Gartner, 2016) of their IT budget on IT security prevention solutions and training. In these days of austerity most public sector organisations will still be in the lower quartile and yet, with the volumes of personal and sensitive data held in the public sector, we are amongst the most attractive to be targeted by sophisticated organised crime and rogue states.

Although we had many knowledgeable speakers at the London and South 2018 SOCITM conference, what stands out are the insights from the keynote speaker – Commissioner Ian Dyson from the City of London Police. Commissioner Dyson leads a force with national responsibilities for action fraud and white-collar crime, which is increasingly cyber created crime. In addition, he is the national police SIRO and had played a leading role for representing national policing with the transition to GDPR compliance.

Commissioner Dyson spoke about the scale and types of cyber crime in the UK today and what we can do to prevent and resolve these crimes. He gave examples of some of the growth areas fraudulent secondary ticket sites for ticket resales illustrating how easy it is to get the public to part with their money when the City of London Police set something up as an education exercise that, within 14 hours, could have taken £75,000 from members of the public who unwittingly had signed up to the dummy site.

He also emphasised the benefits of private and public partnerships with the need for private sector organisations to share intelligence with the police of attacks or attempted attacks. He outlined how viruses are like an organism and the more intelligence made available as early as possible enables patches to be rapidly to be developed to protect the public and organisations from new cyber threats.

As a leader – nationally and internationally – the City of London Police is rolling out cyber education with its Cyber Griffin training. After all, often the most overlooked and greatest threat to the security of an organisation is the carbon based one – people who through ignorance click on that website link that allows an infection to get through the organisation defences.

We all need to take action now to boost our cyber defences because, as Robert Muller, the former director of the FBI once said: “‘There are two types of company – those who have been hacked and those who will be.”

All the opinions and views expressed in this article are those of the author and are not associated with those of the City of London Corporation or City of London Police.

Related Articles

Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

1w Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

2w Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

3w Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

4w Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

1m Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

1m Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2m Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

2m Austin Clark