Data and securityCyber SecurityCyber matters – now not later

Cyber matters – now not later

Sean Green, IT Director for the City of London Corporation and City of London Police, shares his thoughts from the recent London and South Regional Conference where the focus was on cyber security

I was recently in the Chair for the Socitm London and South Regional Conference, where our main theme was cyber security. It was well attended by local government IT teams and industry suppliers; so cyber clearly matters.

However, most UK Boards will spend less than one to two per cent of agenda time covering the subject and only when a risk item is mentioned or when its too late and they have suffered the consequences of a breach or ransomware attack. This is despite the fact that IBM’s 2017 12th annual Cost of Data Breach Study, the industry’s gold-standard benchmark research, independently conducted by the Ponemon Institute, reported that the global average cost of a data breach is $3.62 million.

In 2016, the UK Chancellor of the Exchequer, Philip Hammond, stated that cyber attacks could bring down our national infrastructure. In 2017, at the opening of the National Cyber Security Centre, he reiterated his concerns:

  • The Office of National Statistics estimate that there were two million cyber incidents in the past year
  • If these numbers were included in our crime figures, the UK’s crime rate would double
  • The average British home has eight devices connected to the internet with over 85% of businesses online. With the growth of Bots and Internet of Things in the home and office this provides enormous potential for day to day attacks from electronic data theft
  • 65% of large businesses reported a cyber breach or attack in the past 12 months
  • Yet nine out of ten businesses don’t even have an incident management plan in the event of a cyber breach. Business must sharpen its approach as the scale of the threat from cyber increases and intensifies.

These are just a few of the headlines and in spite of the hardening of legislation with GDPR that came into effect on 25th May and the widespread publicity last year of the Wannacry Denial of Service attack on many public and private sector organisations, it has to be argued that not enough money and resource is being devoted to IT Security. Organisations are only spending 1-13% (Gartner, 2016) of their IT budget on IT security prevention solutions and training. In these days of austerity most public sector organisations will still be in the lower quartile and yet, with the volumes of personal and sensitive data held in the public sector, we are amongst the most attractive to be targeted by sophisticated organised crime and rogue states.

Although we had many knowledgeable speakers at the London and South 2018 SOCITM conference, what stands out are the insights from the keynote speaker – Commissioner Ian Dyson from the City of London Police. Commissioner Dyson leads a force with national responsibilities for action fraud and white-collar crime, which is increasingly cyber created crime. In addition, he is the national police SIRO and had played a leading role for representing national policing with the transition to GDPR compliance.

Commissioner Dyson spoke about the scale and types of cyber crime in the UK today and what we can do to prevent and resolve these crimes. He gave examples of some of the growth areas fraudulent secondary ticket sites for ticket resales illustrating how easy it is to get the public to part with their money when the City of London Police set something up as an education exercise that, within 14 hours, could have taken £75,000 from members of the public who unwittingly had signed up to the dummy site.

He also emphasised the benefits of private and public partnerships with the need for private sector organisations to share intelligence with the police of attacks or attempted attacks. He outlined how viruses are like an organism and the more intelligence made available as early as possible enables patches to be rapidly to be developed to protect the public and organisations from new cyber threats.

As a leader – nationally and internationally – the City of London Police is rolling out cyber education with its Cyber Griffin training. After all, often the most overlooked and greatest threat to the security of an organisation is the carbon based one – people who through ignorance click on that website link that allows an infection to get through the organisation defences.

We all need to take action now to boost our cyber defences because, as Robert Muller, the former director of the FBI once said: “‘There are two types of company – those who have been hacked and those who will be.”

All the opinions and views expressed in this article are those of the author and are not associated with those of the City of London Corporation or City of London Police.

Related Articles

Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

3d Austin Clark
Three-quarters of government organisations not DMARC compliant

Cyber Security Three-quarters of government organisations not DMARC compliant

4d Jay Ashar
MoD invites applications for the design phase of Cyber Risk Tooling

Cyber Security MoD invites applications for the design phase of Cyber Risk Tooling

4w Jay Ashar
How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

Cyber Security How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

1m Chris Huggett
Government announces projects to boost diversity in cyber security

Cyber Security Government announces projects to boost diversity in cyber security

2m Austin Clark
Learning, development and diversity will help close the cyber skills gap in 2019

Cyber Security Learning, development and diversity will help close the cyber skills gap in 2019

2m Simon Hember
Top public sector tech trends in 2019

Change Management Top public sector tech trends in 2019

2m Gary Flood
Microsoft aims to boost public sector cloud security through new guidance

Cloud Computing Microsoft aims to boost public sector cloud security through new guidance

2m Austin Clark