Information & Cyber Security – there is a lot to think about
On Thursday 11th October, Conosco hosted an executive round table focused on the issue of Information and Cyber Security. There is no better way of truly understanding the challenges that businesses face than to listen to the people that are facing these challenges on a day to day basis.
It did not take long to see that we had chosen a hot topic as the table erupted into lively discussion and instantly identified commonality in uncertainty, concerns and action required. Here are just some of the topics discussed and key takeaways from the session:
Information Security risks are very real
A quick poll around the table showed that over half of attendees had experienced a compromise, some of which had been significant and damaging to the business. We talk a lot about security compromise being a case of ‘when’ rather than ‘if’ and this is definitely a sentiment that was shared by attendees.
No one is safe from cyber criminals
It is a common misconception that a business is too small to be a target or is not attractive to cyber criminals; attendees unanimously believe this not to be true. Even those involved with not-for-profit organisations believe they are also at risk and must take information and cyber security seriously.
People are part of the solution
It was refreshing to hear from all of the attendees that they do not solely see technology as the answer. Whereas technology can help to address certain aspects of risk, Information Security is dependent on people and ensuring that every person in the organisation appreciates the risks and owns them.
It’s about culture, not just training
Having employees attend an awareness session is valuable but does not go far enough. It may change behaviour for a week or a month, but it does not change underlying culture. It was agreed that we are all probably more security conscious at home than we are at work, so how do we bring this home culture into the office and have employees truly own information security?
Is GDPR working?
A fundamental objective of GDPR was to ensure that security was embedded in innovation; the phrase ‘Security by Design’ is what is used. It was fascinating to hear from one of the attendees who advises start-ups that security is a topic that is seldom on the agenda. Although it is early days of GDPR it would appear that our appetite to create the next new thing outweighs our desire to ensure these new things are secure.
We all have a lot to learn
It is often not what is said but the actions of people that says a lot. I was fascinated to see the number of people making copious notes during the session. When our CEO talked about how we use Darktrace as a security monitoring tool, when he asked if attendees knew the phone number of their local cyber police officer or had used ‘haveibeenpwned.com’ – notes were taken and I am sure many actions returned back to the office.
It was a privilege to be joined at the round table by Patrick Wheeler a renowned expert in the field of Information and Cyber Security. He left us with some wise words that cyber is pervasive and continually evolving. It cannot be left in the hands of someone else; it needs to be addressed and leaders cannot afford not to engage with this.
Conosco would like to thank everyone who attended, making this an extremely productive and informative session. We very much look forward to the next session we will be hosting in January.
For more about Conosco’s approach to cyber security, visit www.conosco.com/services/it-security