Cyber Security Is A Board-Level Responsibility

A recent webinar hosted by Make UK sparked interest on social media, and it was well worth the time to tune in. Presented in three sections, the talk began with an introduction from Make UK’s CEO, Stephen Phipson. Dialling in from home, Phipson spoke in detail about the issues all attendants were there to hear about; namely, COVID-19 and the effect it has had on the manufacturing industry. His speech was simple, but informative, reinforcing the idea of community and stressing that Make UK wished to provide aid during difficult times. A major component of this was acknowledging the financial difficulties caused by the coronavirus. This, however, was overshadowed by the main topic of the day: cyber security. With some statistics to back his points, including a 400% increase in cyber attacks over the month of February, Phipson stressed the concerns he and Make UK had around the cyber infrastructure of the manufacturers listening to the webinar.

Phipson’s argument was that cyber security provisioning was generally underdeveloped in most organisations but was now required more than ever. Realistically, he stressed, the subject must become a Board-level responsibility. This is to say that cyber security decisions must be made by top management, C-suite executives. In many businesses, cyber defences are handled by an IT management position, and there is no dedicated cyber professional in place. In order to assay the drastic increase in cyber crime during the COVID-19 pandemic, cyber security must increase as well.

Here, the stage was passed over to cyber security expert, Drew Perry. The talk he provided was around half an hour long, and full of fascinating information. From a CEO’s perspective, Perry’s anecdotes may have been worrying, or perhaps eye-opening, as he explained in great detail some of the heists he had pulled in the name of ‘ethical’ hacking. The notable example he provided to the audience was walking into a New York city office block, unplugging a C-suite executive’s personal computer ‘for inspection’, and walking out again with the device under his arm. This highlighted the real crux of the cyber security industry: human error. Perry’s point throughout was that cyber attacks are generally aimed at exploiting the gullibility of employees, and that this human error would be exacerbated by the mass move to remote working.

Due to the rapid and mostly unexpected move towards remote work, many businesses have been left exposed to cyber crime. Home networks are generally less well-protected than business networks, which are usually defended through VPN and enterprise-wide endpoint protection systems. Home devices usually lack these services and are connected to networks alongside other unprotected devices such as games consoles or smart appliances. Perry stressed the risk of attack through these avenues, as well as identifying that attacks could be both un-targeted – for example via mass phishing campaigns – and targeted. These more specific attacks are rarer but may come from ‘advanced persistent threats:’ hacking teams that are sponsored by state actors, including Russia and China. Of course, most businesses will not be targeted by these organisations, but it is a threat which affects the cyber world in serious ways, and certainly cause for more concern from business owners.

Because of the focus on the COVID-19 pandemic and the resulting surge in cyber attack, the webinar provided a somewhat bleak outlook on affairs. To counter this, and to provide a resolution to the issues that Phipson and Perry had eloquently explained, the third part of the talk was provided by Mitchell Scherr, CEO of Assured Cyber Protection, who are partners with Make UK.

Scherr’s take on the subject came from his own admirable experience on the matter, suggesting the concept that employees have been working in a ‘sanitised’ environment within corporate offices. From home, they are protecting themselves from COVID-19 but are exposed to the threat of a cyber breach, a digital virus. Assured Cyber Protection’s partnership with Make UK has been agreed to help reduce the risk of cyber attack for Make UK partners by developing a ‘Remote Cyber Protection’ solution. This is intended to counter the three main issues imposed by remote working: endpoint protection, cyber awareness and network management. In conjunction with this, and perhaps most impressively, ACP are offering the service on a delayed payment scheme, allowing businesses to purchase the plan and pay in six months.

The webinar was interesting and surely helpful to business owners because of the problem, explanation and solution provided. Within the space of an hour, Make UK had laid out exactly where businesses are vulnerable, provided examples of exactly how this vulnerability had manifested via an industry expert, and then begun steps to create a solution for everyone listening. The message that was taken from the talk was not necessarily one of hope, but certainly was a demonstration of necessary steps being taken to restore business continuity during unprecedented times. The real message, alongside Assured Cyber Protection’s remote offering, is to focus on the employees affected by remote working. As so many breaches are a result of human error, providing cyber awareness training may well be the first step in defending businesses.