Our Vital Topics debate on Cyber Security made for sobering reflection as our panel warned of the ever-increasing dangers of attacks.
As panellist Katherine Kearns, Principal Consultant at the NCC Group, warned: “Companies have done a lot of things right, but it is not a matter of if but when they will come under attack. Attacks are becoming larger and more scalable, and because of the success of ransomware attacks that trend is likely to continue.”
Carolyn Harrison, Marketing Director at BeCyberSure, said a lot of breaches were down to human error and one of the issues for the industry was that people were getting away with not declaring breaches. “The media stories we see on virtually a daily basis are just the tip of the iceberg. Criminals will ultimately go after things that are easy to get. They just want to get money as quickly as possible.”
Harrison said forthcoming EU General Data Protection Regulations, which aim to strengthen and unify data protection, will represent a “seismic” change when they come into force next year. “Under the regulations companies will have to declare breaches within 72 hours. This really elevates the issue and puts it in the boardroom.”
Aaron Miller, Senior Technologist at Palo-Alto Networks, said many of the problems around cyber security came down to web developers not making systems sufficiently robust. “Quality of software is still an issue and there is tremendous confusion. A lot of the legacy technology simply cannot keep up.”
He said two huge trends had changed the nature of cyber security threats. Firstly the evolution of the ‘darknet’, a computer network that is used chiefly for illegal peer-to-peer file sharing. And secondly, the emergence of bitcoin and blockchain technology which has created the means of anonymous payment networks.
Martin Tyley, partner at accountancy KPMG, echoed the view that this was now a major boardroom issue with non-executive directors also having personal liability for security breaches. “This stems right from the top of the organisation.”
He added that one of the issues for the industry was standards. “When CEOs talk to cyber experts they are not sure whether they can trust the person they are speaking to. It is a real problem. It is not like professions like medicine or teaching where there are clear career and training paths.”
Noel Hannan, Cyber and Digital Innovation Lead at GoSecure UK, said we should not forget that many people still use handwritten notes to record potentially sensitive information which is then open to breaches too. “We are missing a huge trick if we ignore the way people access communication more widely. We mustn’t forget that it is both information and people we are trying to protect.”
Dr Daniel Dresner, academic co-ordinator for Cyber Security at the University of Manchester, was keen to counter the downbeat mood. “There are little things we can all do. Everyone can start to make ripples and know who to call when there is a problem.”
But he conceded that there were wider threats which were only just hitting the radar. “This isn’t just about identify theft, it’s also about threats to devices linked through the Internet of Things, and threats to our utility network.”
During our debate Lorenzo Grespan from Pentest did a mock ‘live hack’ demonstration to show just how easy it can be to gain entry into a website.
He added that the development of machine learning could be the answer to countering cyber security threats. “Machine learning has a big role to play in the future learning because it has the ability to aggregate and learn from the data it receives.”