On the 16th December, Chloe Smith MP hosted The Henry Jackson Society’s event, ‘Rethinking Cybersecurity: Threats and Challenges in 2016’ featuring Mark Brown, the Executive Director of Cyber Security and Resilience at Ernst & Young LLP, Daniel Selman, Cyber Industry Deputy Head at the Ministry of Defence and Dr Lydia Kostopoulos, Assistant Professor at the Institute of International and Civil Security.
Daniel Selman opened the talk by discussing the Defence Cyber Protection Partnership, which seeks to improve cyber security throughout supply chains. Selman highlighted the importance of supply chain security, as breaches can occur at any point in the chain, which could then result in further more serious breaches. He finished off by emphasising that we must always work with our partners to improve our security, as the threat from cyberattacks is constantly evolving.
Mark Brown argued that after 25 years’ experience in the profession, he firmly believes it is the security profession itself which is to blame for the current problem with cyber-attacks. Brown pointed to the fact that 88% of company’s surveyed said they were not sure how effective their cyber security is. He stated that while businesses make profit by taking risks, they cannot take the same approach in regards to cyber security. Instead, security has to become an internal consultancy to business, which will then enable safe innovation and development. Brown concluded his talk by saying ‘information is now the true lifeblood of an organisation, it has tangible value that must be grasped through information risk management’.
Finally, Dr Kostopoulos closed the talk by focusing on human beings, arguing that humans are the weakest link in the digital security chain. Human beings are especially vulnerable to phishing tactics, with sites such as LinkedIn containing many malicious links. She pointed out that this problem will only get worse, as more and more everyday items are being connected to the internet. Dr Kostopoulos concluded by saying human beings should not be overlooked in regards to cyber security, but that they should instead be part of the solution.