On 17th October IoD Hertfordshire met at the Aubrey Park Hotel in St Albans for a Cyber Security Forum. The event was run in association with the Luton & St Albans Insurance Institute.
After a full English breakfast we heard from a panel of speakers including Nick Ross from Sophos, Rebecca Tinsley from the Eastern Region Special Operations Unit, Matt Sumpter from CNA Hardy and Richard McBarnet from Lumina Technologies.
Firstly Rebecca presented on what the police are doing to tackle cyber crime. They are working in partnership with other agencies such as the National Cyber Security Centre, Action Fraud and the National Crime Agency along with businesses to help mitigate cyber crime. The Cyber Security Information Sharing Partnership (CiSP), a joint industry and government initiative, has been set up to exchange cyber threat information in real time.
Next Nick Ross from Sophos talked about the emerging threat landscape. He gave alarming figures – with the current figure of 600,000,000 total Malware compared to a total of 1,500 in 1992, with 75% of malicious files being targeted to individual organisations. He spoke about the different types of cyber crime and antivirus and the fact that traditional antivirus software only protects 5% of cyber crime (generic malware) and 38% of malware never been seen before (advanced malware). The median cost of a ransomware attack to businesses is estimated at £100,000 with cyber crime now being an organised business with increasingly sophisticated methods.
Next we heard from Matt Sumpter who spoke about cyber insurance. Most insurance plans do not cover cyber crime with coverage triggers differing from traditional fire & theft policies. He also mentioned that the greatest risk to organisations is from humans with 7 out of 10 cyber crime arrests are by employees. He went on to discuss different types of coverage: First Party Sections, Liability Sections and Expense/Services. He also went on to discuss the merits of a Cyber Breach Partner.
Lastly we heard from Richard McBarnet who discussed the need for boards to take cyber crime more seriously, we have a duty of care. The average cost of a breach is £36,500 and the largest breach costing £15.5 million, with an average 6 months time to discover. The main focus of Richard’s presentation was on what businesses can do to protect themselves: He spoke about the need for training (currently only 12% of companies undertake training) and educating staff on the need for strong passwords. For instance the password 123456 would take less than a second to crack, whereas the password GreyGoose12 would take 16.82 years to crack and simply adding an asterisk at the end would increase it to 1.74 thousand centuries. Richard spoke about the importance of implementing Cyber Essentials into your organisation and locking your desktops to stop employees downloading software. By implementing the above strategies this will block 80% of attacks which should be enough to keep your company safe. Richard went on to give key tips and a summary.
The event finished with a Q&A session to the panel.