Cybersecurity was the hot topic on a cold night in Sunderland. Sphere Network was delighted to co-host this event with BCS North East, bringing a group of Masters students together with businesses to examine the challenges and opportunities of the increasingly fraught arena of cybercrime.
The cybersecurity landscape is complex, and while the threats have been with us since the first floppy disks began to circulate, there is always something new on the horizon. Cybercriminals keep pace with new technology developments, and it is up to security professionals to rise to every challenge. Unfortunately, there are too few information security (Infosec) professionals. Universities have a crucial role in training new entrants to the industry, and continuing professional development for existing IT practitioners will strengthen the thin line of defence between our systems and data, and the criminals who target them.
There was a 63% increase year-on-year in cybercrime between 2106 and 2017, and over £70 billion was spent on cybersecurity last year. However, as consumers we demand increasingly easy, accessible systems, seeking the smoothest user experience. As the habits of social media become more ingrained, people become more complacent about personal security, and society is generally unaware of the dangers that this shift in behaviour might pose. For businesses, too, there are problems to overcome. The General Data Protection Regulations (GDPR) which come into force in May this year require a turnaround of 72 hours between a security breach and notification of that breach to the authorities. As one in four organisations are reported to have had an advanced persistent threat (APT) attack, where the breach may remain undetected for a long period of time, this is a considerable problem. By training new cybersecurity professionals to enter the workforce, we can raise the standards of detection and prevention.
Masters students from the University of Sunderland presented posters of their current work for the attendees. Among the familiar warnings of phishing and social engineering risks, several key messages stood out.
- There is an urgent need for senior management – the C-suite – to buy in to threat modelling and prevention. Biting the bullet and sanctioning upfront costs will minimise future liabilities. After all, it is no longer a matter of if, but when an attack will hit the majority of companies.
- While some businesses have had the tendency to rely on young staff members to manage things like social media strategy “because they know about Facebook”, this is an increasingly dangerous option. 16-24 year olds are saturated by tech and have a tendency to forget the security lessons they learned as primary children. Practices such as jailbreaking devices to gain access to pirated games and other software are common and fraught with risk. Harness the skills by all means, but make sure there is full awareness of the hazards.
- Be proactive in managing your own personal security.Ensure that your home and work networks are secure – reset that default password in the router! – and distinguish carefully between social media ‘friend or foe?’ requests. We all have a part to play in defending against a broad range of continually evolving threats.
Thanks to BCS North East and Professor Alastair Irons for hosting the event at St Peter’s Campus. Subscribe our newsletter to stay in touch with the latest Sphere Network news and events, or contact us to explore solutions to your own business challenges.