Driving Cybersecurity conversations into a new decade

Our regular chairman, David Bicknell, welcomes all delegates, sponsors, and speakers to our conference and sets out the day’s agenda.

A leading figurehead from government cybersecurity will set out the current Cyber state of play across government, highlighting key areas of focus and the impact of the pandemic.

Our people are central to the success of any organisation.

We have known for years that hackers target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem.

Too many organisations still either ignore the ‘human factor’ in organisational resilience or apply out-dated or compliance, ’tickbox’ approaches to training their employees.

We need a fresh look.

This short panel discussion will discuss behavioural science and innovation that can transform the way organisations influence and sustain stronger security behaviours across their workforce.

This session is set aside for insight and discussion with some of the leading suppliers in cybersecurity product and services.

It’s recently been reported that the UK has encountered nearly 15 million ransomware attacks during 2021 alone. High profile ransomware attacks have highlighted how vulnerable our critical national infrastructure is and the impact that these types of attacks can have on society, business, government services and people at large.

Ransomware is as much about manipulating vulnerabilities in human psychology than it is about our adversary’s technological sophistication. It’s a fight we need to tackle together.

More can be done in reducing the likelihood of become infected by ransomware in the first instance, in reducing the spread of the ransomware malware through any organisation and in reducing the longer-term impacts of a successful attack. But we need greater collaboration and an integrated incidence response to succeed.

It’s a challenge that crosses political, geographical and technology borders. Dealing with its increasing volume and impact needs government and the private sector to collaborate in a public/private partnership to better understand and tackle the attackers.

This panel will assess the current situation and outline ideas for what an integrated response could look like and the role that government, the private sector and people should be playing to reduce both the threat and the impact of damaging ransomware attacks.

 

 We live in a time of unprecedented political, cultural, social and climatic dangers. Hostile states and criminals are using cyber-tools to make each of these current issues even more intractable. Around a 100 countries are now actively involved in “cyber operations” that include espionage, political influence, sabotage and extortion. The international community has made some progress at the UN, but it has been painfully slow. Matters are made worse because the border between state cyber operations and criminal activity is increasingly blurred. Unfortunately this means that the ‘bad guys’ will very often succeed. 

We all need to work hard to maximise our chances of keeping them out. We also need to ensure that we have adequate resilience, so that we can continue to function even if they penetrate our defences. 

Driving transformation across government demands strong executive support. The same support is required in managing the threats that government departments and agencies face from cyber-criminals. Setting the right tone from the top – i.e., displaying effective and appropriate attitudes, beliefs and practices – is essential in establishing cultures where everyone understands the role they need to play in staying safe.

If government executives demonstrate a real commitment to protecting high-value, sensitive information and in upholding citizen trust then middle and lower ranking employees will naturally be inclined to display the same virtues.

Executives have a vital role to play in protecting their organisation. This involves communicating positive messages about how everyone can remain vigilant in the face of growing and varied attack techniques that target employees, understanding where the greatest cyber vulnerabilities lie, overseeing effective security technology investment, leading and being actively involved in incident response exercises, collaborating with all employees and the security team to manage people-centred security policies and designing and managing an integrated cyber resilience plan that balances technology, processes and people factors.

This session will illustrate what the government executive roles and responsibilities are and give practical examples of what can be done to ensure cyber security becomes an instrumental part of executive leadership and risk management.

Jessica Figueras gives an update on projects and activities of the UK Cyber Security Council since it was launched earlier in 2021.

A presentation from one of the team at the National Cyber Security Centre on activity in 2021

Constantly evolving attacks mean organisations should ensure that they also evolve defences. A large part of this evolution is predicated on understanding risk; how it presents and where it presents threats to your organisation. Historically there has been comfort in maintaining air gapped systems, on-premise walled gardens and staying away from the cloud. Practicality and economics make this more and more difficult to maintain and in any case, your supply chain will already be more cloudy than you think! Cloud based or not, what if the real threat to your organisation resided in software that you deemed as legitimate?   In this talk we will explore the concept of code reuse and how a genetic understanding of the software you want, as well as the malware that you don’t, can help turn your weakest links into your strongest asset in the fight against cyber threat.

It is 2021 and cybersecurity has never been more of an issue for organisations, including government bodies. Social engineering and phishing continue to be  the weapons of choice by criminals intent on data theft, ransomware infection and general harm. Cybercriminals are naturally diverse in their scams, they do not differentiate by ethnic background, sex, gender, or sexuality. Conversely, the industry and the people devoted to mitigating the activities of fraudsters do not represent the make-up of society. A National Cyber Security Center paper “Decrypting Diversity” still show numbers of females in the sector are too low and members of the LGB community are under-represented. This panel will look at the blocks to minorities and women entering cybersecurity and how these blocks can be removed.

This session explores insight from the supplier community on lessons that have learned in their cybersecurity battles away from the public sector.

A look at all of the various aspects of modern cybercrime and government. What parts of government are most at risk? As we build better and more omni-channel government services does the risk profile change? How can government use resources best to fit the ever-changing needs of the cybersecurity landscape?

Our chair, David Bicknell, summarises some of the of the sessions that you have heard throughout the event.