Protecting businesses in Leeds from the constantly evolving danger posed by cyber-criminals is vital to the city’s status as a ‘digital city’ and the Northern Powerhouse agenda, a former senior police officer warned today.
Stuart Hyde warned businesses in the region of the need to keep up-to-date on the latest online threats as he spoke at the first Yorkshire and Humber Cyber Protect Business Conference in Leeds.
Representatives from businesses around Yorkshire were warned that there is more to do in making workers aware of how they can be targeted online and having plans in place if they fall victim to a cyber-attack.
My Hyde, the ex-Chief Constable of Cumbria and a former West Yorkshire divisional commander, said not enough businesses were aware of a free government service, the Cyber-security Information Sharing Partnership (CISP), where information about the latest cyber-threats are exchanged in real time.
He was speaking as Yorkshire ambassador for CISP on behalf of telecoms firm Aql, whose founder Dr Adam Beaumont is a governor at Leeds City College and a leading expert in data security.
He said: “Adam is involved very much in the Northern Powerhouse. He is very much about trying to make Leeds a digital city, and promoting that. And this is part of that process.
“You can’t have a safe and vibrant economy unless people have got the confidence in using the internet properly. In order to make it work and keep it safe, it needs to have a safe cyber-platform.”
Today’s conference brought together experts from academia, law enforcement and industry to share insights and experiences about a phenomenon which reportedly cost Leeds businesses £57m last year.
Speakers at the event at the Leeds Bridge Conference Centre included Matthew Callaghan from the United States Secret Service.
Mr Callaghan said two of the current threats to businesses on both sides of the Atlantic were ransomware, a type of malicious software designed to block access to a computer system until a sum of money is paid, and CEO fraud, cyber-attacks involving impersonation of senior company officials.
He suggested a strategy of ‘protecting the crown jewels’, where the most important parts of a business’s IT infrastructure are separated from the areas where employees could be exposed to cyber-threats.
He said: “Cyber-security is not just the IT department’s job, it’s the entire organisation from the bottom to the top, everyone plays a role in the organisation, everyone presents a possible vulnerability, from the person who is emptying the bins at the end of the night to the CEO.”
And he warned that in cities like Leeds, which hope to boost their digital sector, businesses needed to balance their desire for growth with the need for security.
He said: “Often-times you will find an organisation which is in the development process is focused on the bottom line and increasing their profits.
“But we can’t, in our goal to make money, forget that we have got to protect that money as well. As you build that business you have to build the ability to protect that business.”
Detective Chief Inspector Vanessa Smith, of the Yorkshire and the Humber Regional Cyber Unit, said the aim of the conference was “about empowering businesses to know they are knowledgeable already, they have got the skills, and they can apply common sense to their business plans”.
She said: “You wouldn’t open an envelope if you didn’t know who it was coming from, but people open links on emails and if the email says your company has won a prize, and they have never entered that competition, these are common sense things.
“The number one vulnerability for businesses is not from outside, it is actually from staff. If they are empowered with training, it just an awareness, they could use their tools at home.
“If they are aware of phishing emails, if they haven’t won a prize, and this person isn’t a customer of ours, and they are asking you to click on a link, do I really want to do that?”
She said the best way for businesses to head of cyber threats was through training and education, but that the region had a “way to go” in ensuring knowledge was sufficiently wide-spread.
She said: “There are some improvements needed, with some businesses but not all, there is some complacency that it will never happen to them, and there is a misunderstanding that they have got to invest lots of money, or its only relevant to businesses.”
Det Chief Insp Smith said not as many businesses as she would like had cyber-incident response plans setting on what they would do if they fell victim to cyber-attackers.
To join CISP visit www.ncsc.gov.uk/cisp.