A
The changing nature of work has given online criminals an opportunity, says David Prosser, which is why it’s more important than ever for businesses to shore up their cyber security
On youR
guard
Basic cyber hygiene goes a long way towards achieving this end. Keeping software updated and installing patches as they are released can limit organisations’ vulnerabilities; virus protection and firewalls offer respite; threat detection systems mean breaches are swiftly identified so they can be mitigated; and good back-up and disaster recovery systems leave organisations less vulnerable to attacks such
as ransomware.
The key is to build a culture of cyber security that encompasses
the entire organisation, Pratt argues, while also recognising that not every threat will be repelled. That will require a balance between helping employees to protect the company and ensuring they are not hindered in their work. HP Wolf Security’s research suggests
that while 91 per cent of IT teams have updated security policies
to reflect increased numbers of remote workers, 80 per cent are experiencing some sort of pushback from users who do not like having controls put on them at home.
Other speakers at the Tech Summit underlined this argument. “During Covid, our employees’ stress levels have been at an all-time high, and it would be unreasonable to expect the same level of awareness,”
said Dawn-Marie Hutchinson, chief information security officer at the international tobacco company BAT. “That means we need to find
new ways to protect them at the door.”
“The cyber threat is evolving, so we need to be evolving too,” added Bronwyn Boyle, chief information security officer at the fintech company Mambu, who warns that senior leaders have to confront
cyber security issues, just as the rest of the workforce must be vigilant.
“My job is more and more about risk management, and explaining those risks in a way that enables the board to make informed decisions.”
The bottom line is that the parts of an organisation’s network that cyber criminals are likely to target are expanding as new ways of working and evolving business models give them more to aim at. But companies that are alert to the challenge can do much more to stop these attacks in their tracks, and to mitigate the impact when their defences are breached.
‘Most breaches start with a user
– that’s the easiest way in’
Be prepared
Firms must have tools in place to deal with cyber mistakes, says Ian Pratt
Photography: Hannah Taylor
“I met a person with cancer, in the middle of chemotherapy treatment, and here she was, at a food bank. She was living on sick pay, and had lost her house because she couldn’t pay the mortgage. Another lady recently had to make the choice between buying shoes for her daughter or food. Men cry because they can’t provide for their families. So we’re compassionate. After all, this could happen to any of us.”
People obtain vouchers, entitling them to parcels containing enough food for three days from a range of sources, including health visitors, social services and churches. As well as providing emergency food to people in crisis, the Trussell Trust offers vital practical support and financial advice – and campaigns for change to end the need for food banks.
When people arrive at the food bank, a volunteer greets them and sits down to have a chat over a cup of tea about their situation, if they have any special dietary requirements, and what their cooking facilities are. (One person tells me he had slept in his car for a fortnight and only had access to a kettle. “Good thing I like noodles,” he smiles wryly.)
People’s information is passed to John, a retired IT consultant, who packs the food parcels in the stockroom, while visitors sit at one of the tables dotted around the church hall, and chat with another volunteer who can suggest organisations to help with, for example, debt problems and mental health issues.
“People often get emotional so we have large boxes of tissues,” says Clare Williams, 57, a food bank volunteer for seven years. She was a Norland nanny in her twenties. “My first job was in a country manor house,” Clare recalls, “so it was very different to working in a food bank.”
“Did any of your families have cooks?” I ask. “One did,” Clare nods. Such luxury contrasts starkly with the experience of the mothers arriving to use the food bank at 3.30pm, having picked up their kids from school.
“A mother came in recently and all she’d had left in the cupboard that morning was two Weetabix
– one for each of her children,” Clare says. “The kids asked, ‘Mummy, why aren’t you having any?’ and she said she wasn’t hungry. As a volunteer, listening to people’s stories is humbling.”
And it’s for the sake of such families that Cadbury, for the second year in a row, has partnered with the Trussell Trust on its Secret Santa campaign, to offer some magic to people who need it most. For every anonymous gift of chocolate sent to a loved one
via the Cadbury Secret Santa Postal Service, the company will donate a second bar to a food bank in the Trussell Trust network.
PROMOTED CONTENT
especially true in the wake of the Covid-19 crisis, as criminals grab the opportunities created by the pandemic to launch a wave of attacks,
the summit was told.
“Businesses are dealing with numerous challenges following the
shift towards remote working and accelerated cloud adoption to support distributed teams,” said Ian Pratt, global head of security
for personal systems at HP. “Staying on top of the evolving threat landscape is imperative.”
Organisations cannot say they were not warned. Just months into
the crisis, in April 2020, the UK’s National Cyber Security Centre issued
a stark alert that “malicious cyber actors” were seeking to exploit opportunities opening up because of Covid-19. That would prove prescient: earlier this year, the government’s Cyber Security Breaches Survey 2021 concluded that Covid-19 had “stretched many organisations’ cyber security teams to their limits”.
Sweet charity
Volunteers talk shop
On the front line
Joanne Kondabeka,
CEO of Chichester District Foodbank, above
Find out more about cyber security solutions aT hp.com/wolf
Illustration: Harriet Noble/Studio PI for Bridge Studio
Back to the table
The Trussell Trust helps people to rebuild their
lives, says Sandi Webb
Reaching out
Clare Williams has been a volunteer for seven years
Making a difference
Chichester District Foodbank has fed
more than 3,000
people in six months
Be a Secret Santa to your friends and loved ones. Find out how to get involved at secretsanta.cadbury.co.uk
Cadbury has run its Secret Santa campaign since 2018,
and it returns this month. The confectioner believes that gestures don’t have to be grand to be heartwarming, and gifts are better given without the need for thanks. Last year, Cadbury partnered with the Trussell Trust, donating a bar
of chocolate to a food bank in the Trussell Trust network for every Secret Santa gift sent anonymously to a loved one
via Cadbury Secret Santa. This year, the partnership returns to help make Christmas special for everyone. It also aims to shine
a spotlight on the incredible work done by the Trussell Trust network and the charity’s mission to ensure everyone
can afford the essentials.
How to share the magic
Businesses focused on protecting the multiple entry points that cyber attackers seek to exploit now have yet another threat to worry about. Earlier this year, organisations all around the world using software bought from the IT company SolarWinds discovered their products included a backdoor that offered attackers a route into their systems. Cyber criminals had evaded SolarWinds’ own security to target one of its software applications, inserting code that would give them a way to target anyone who installed the product. Organisations ranging from Microsoft to Nasa fell victim.
HP’s Ian Pratt told the Times and Sunday Times Tech Summit that the attack represented a “wake-up call” for cyber security professionals. “We have seen software supply chain attacks in the past, but this is a sophisticated type of breach that has typically been the preserve of nation state attackers,” he warned. “This has changed: we are now seeing this sort of attack method being exploited by criminals using ransomware.”
Pratt’s advice is that firms now need to regard their software packages as a potential point of entry: “Do you know what software your business is running and which vendors it comes from? Have you looked at the security credentials and records of those vendors?”
Is your software
your biggest risk?
PHOTOGRAPHY: TheLensBox.com
ILLUSTRATION: ANA YAEL/STUDIO PI FOR BRIDGE STUDIO
Research by HP Wolf Security, a cyber security specialist, reveals some of the impacts of this pressure. The widespread move to home working has become a “ticking time bomb” for a network breach, according to 83 per cent of the IT teams surveyed by the company. Staff working at home are worried too: just 36 per cent of office workers said they had been given training on how to protect their home network from breaches.
In an emergency, basic controls and procedures often go out of the window and the arrival of Covid-19 was no exception. HP Wolf Security found that 76 per cent of IT teams felt security had taken a back seat to continuity during the pandemic; 91 per cent of IT teams said they had felt pressured to compromise cyber security for business security.
Ian Pratt believes that all businesses now need to get back to basics with their cyber security in the wake of the disruption caused by
Covid-19. “The vast majority of breaches start with a user, because that is the easiest way in,” he told the Tech Summit. “Attackers target the intersection of the user and the organisation’s technology; having compromised that endpoint, they can then move laterally in order to launch their attack.”
So, for example, while there has been an explosion in ransomware attacks over the past year, where attackers break into a company’s IT system, lock out administrators, and then demand a ransom to give back control with no damage done, these attacks often start with an old-fashioned phishing approach. The attacker’s first port of entry
into the organisation’s IT system is via a malicious link or attachment embedded in an email.
Attacks such as these are increasing at an exponential rate because attackers have become more sophisticated about the breadth of their work, earning extra money by selling hacking software and tools to other criminals. But the starting point of many of the breaches has
not changed – because businesses are still falling victim to them.
“Part of the solution is more education for users,” said Pratt. As he points out, businesses that work hard to ensure everyone in their organisation is kept vigilant about the potential threat – and knows what to avoid – are less likely to be breached by a phishing attack
or a similar threat.
Equally, however, Pratt warned the Tech Summit that mistakes will be made – and attacks will get through. “That means we also need to have tools in place so that when, say, a user does click a malicious link, the problem does not spread through the organisation.”
At a time when every business is embracing technology, cyber security has never been more vital, warned delegates to the Times and Sunday Times Tech Summit 2021. This is especially true in the wake of the Covid-19 crisis, as criminals grab the opportunities created by the pandemic to launch a wave of attacks, the summit was told.
“Businesses are dealing with numerous challenges following the shift towards remote working and accelerated cloud adoption to support distributed teams,” said Ian Pratt, global head of security for personal systems at cyber security specialist HP Wolf Security. “Staying on top of the evolving threat landscape is imperative.”
Organisations cannot say they were not warned. Just months into the crisis, in April 2020, the UK’s National Cyber Security Centre issued a stark alert that “malicious cyber actors” were seeking to exploit opportunities opening up because of Covid-19. That would prove prescient: earlier this year, the government’s Cyber Security Breaches Survey 2021 concluded that Covid-19 had “stretched many organisations’ cyber security teams to their limits”.
t a time when every business is embracing technology,
cyber security has never been more vital, warned delegates to the Times and Sunday Times Tech Summit 2021. This is
In the know
Bronwyn Boyle helps Mambu’s board to make informed security decisions
Here to help
Dawn-Marie Hutchinson says staff need protecting during stressful times
SHARE
‘Most breaches start with a user – that’s the easiest way in’
Taking to the stage
Ian Pratt, centre right, speaks at the Tech Summit
IAN PRATT
