Cyber security briefing: security liberates organisations
THE SEVERITY and frequency of cyber attacks is the most pressing issue facing the information profession, according to CILIP’s first Cyber Security Briefing.
Sarah, a senior representative of the National Cyber Security Centre (NCSC), gave the keynote speech saying the NCSC had dealt with 1,300 cyber attacks in its first year. Of these 590 were classed as significant, 30 required cross-government action, and one – Wannacry – was the first Cobra-level cyber attack. She discussed NCSC’s role and its concerns about the potential impact of cyber crime on consumer confidence, pointing out an Office for National Statistics claim that people are 20 times more likely to be held up on their computers than on the street.
She said that while there were issues about preparation for GDPR, its introduction will improve our understanding of the cyber security landscape as firms face much harsher fines for late or inaccurate reporting of breaches. She said that fines issued last year by ICO that came to £1m would be around £69m under GDPR.
Her information specialist colleague described internal practices the NCSC had implemented to protect itself and how it had negotiated its way between security concerns and the ability to operate effectively in the digital universe.
She also mentioned issues around using online tools like Trello, Jira and Conference, with security-minded institutions questioning where data ends up.
The cultural disconnect between security and information professions was also discussed with Jonathan Lloyd White, Chief Information Security Officer at Sumitomo Mitsui Banking Corporation Europe Ltd. He said: “The security world has a tendency to use technical, law enforcement and military terms such as ‘threat actors’, ‘kill-chain’, ‘weaponization’ and ‘obfuscation’ – a good thing in the security lexicon!
“To non-security professions these no doubt seem aggressive, violent and off-putting.” He added that security professionals may be slow to balance the pros and cons of new technology before allowing a move. He said his own experience had been a voyage of discovery, learning how the risks of new technology were often balanced with strong security and business upsides, including increased visibility on how information was created, used and stored.
On the same topic, Daniel Selman, Acting Group Data Protection Officer at Informa, said that security should be seen as an enabler, not as an impediment. He shared an analogy from cyber security expert Martin Smith, likening information security to the brakes on a car. Without brakes it cannot travel safely, the better its brakes the faster it can go. Daniel said that seeing security as the enabler for more dynamic activity, rather than its preventer, will help change how it is approached.
Karen McFarlane, Chair of the CILIP Board and former Government Head of Profession for Knowledge and Information Management, said more cyber security briefings were being planned in the future.