WIREDGOV

Blog posted by: CBI, 20 November 2018.

As part of the CBI Cyber Security Conference 2018, experts hosted a future looking session to “examine the latest threat intelligence and emerging risks for businesses in the cyber security landscape”. The panel considered what threat and risk issues boards need to be addressing and planning for, the impact of new technologies and key lessons learnt from 2018. 

What are the biggest issues in cyber security today?

James Hatch, Director of Cyber Services – BAE Systems Applied Intelligence: Why are cyber-attacks so attractive [to criminals]? The more the world runs on digital technology the more achieving their aims becomes ever greater. Digital technologies are as available to attackers as much as they are there to help the economy – and it’s much cheaper to attack than defend. Today, most organizations are still struggling with the basics.

Andrew Try, Managing Director – ComXo: Vast money is being put into prevention but less into preparation for when [a cyber-attack] occurs and some companies don’t realize what a worst case scenario could be.

Les Anderson, Global Chief Security Officer – BT: For me the top three worries are: Insider threat – we are large oranization with over 100,000 employees who can inadvertently cause risk and so need education. Second, supply chain risk: we’re only as strong as our weakest link but working in partnership they understand what our standards are. Third, attack: this comes at BT in many forms – nation states, terrorists. So, ensuring we have a layer of defence measures and intelligence about what’s happening is important.

Professor Angela Sasse, Professor of Human-Centred Technology, UCL: Staff are the biggest asset and the last line of defence [in cyber security]. The biggest thing is for organizations to stop fighting on the inside; blaming staff and doing security in an adversarial way. It’s all about trust, collaboration, good communications and making it easy for people to do right thing. So, encourage staff to be vigilant and report, including when they either don’t understand or don’t know what to do. There is a big skills change that needs to happen and the sooner organizations start, the sooner they’ll be in a better position.

James Dalton, Director of General Insurance Policy – Association of British Insurers: The cyber threat is increasing and we’re seeing a larger number of claims. GDPR has increased uptake of cyber insurance and has helped understanding in the market. However, insurers are concerned about the issue of group litigation orders – consumers filing claims for loss of data without material loss. Being sued for causing distress under a group litigation order should worry businesses.

Click here for the full blog post