On 2 June at the University of Manchester, ICSA’s Northwest branch held an event to highlight the risks in the cyber environment and what we can do to protect ourselves and our organisations.
Matthew Parker, Senior Manager at Grant Thornton and specialist in cyber security and data forensics had us all fascinated, not to mention somewhat concerned, by the ease with which passwords can be broken:
He gave many examples of companies whose systems have been hacked and sensitive client or customer data stolen. Matthew explained that there need not be a specific motive behind the attacks and that organisations should not rely on one single method of protection, but use a multi-layered approach. Despite encrypting their customers’ passwords, eHarmony – the dating website, did not use strong enough methods and once the information had been obtained by hackers, the encryption was reversed in seconds using a readily available online tool.
It is clear that hackers are becoming more sophisticated, using methods such as ’spear phishing’ – targeting individuals based on information they can find readily available on the internet. We should all take care about personal details we make available on Facebook and LinkedIn as this can be used to pressure you into clicking or sharing something you shouldn’t.
Richard Bach, Assistant Director of Cyber Security at the Department of Business, Innovation and Skills described how the UK Government continues to take the lead and invest in cyber security developments. Some quality guidance has been produced which will help boards and businesses to understand the risks. Two key resources are:
The Cyber Essentials scheme in particular provides information about the basic actions which organisations can take. If you do nothing else, do this. If all businesses in the country follow this advice, UK cyber space will be a much safer place.
Both speakers today clearly knew their subjects and offered us a real insight into what can be a complex and frightening risk – for businesses and individuals.
One thing is clear – we all have a responsibility for keeping ourselves and our organisations safe. Often the simplest actions, when layered together, are the most effective protection.
ICSA is running a new one-day ‘Understanding Cyber Security’ training course in London on 26 June. This has been designed to help attendees protect their businesses against today’s cyber threats. Information and booking details can be found here.
Read ICSA's guidance on cyber security. You can also view a podcast from the event.
|Vicky Parr is Governance & Compliance Manager at Trafford Housing Trust and a member of ICSA North West Branch.|