Our thoughts on Think Cyber Security for Gov 2021

Our Bid Assistants Chloe and Emma recently attended the Think Cyber Security for Government event held by friends Think Digital Partners.

We were lucky enough to attend the Think Cyber Security for Government Virtual Conference on Thursday 9^th December for a day of enlightening presentations and panel discussions. Now in it’s 9^th year of production, the event was hosted by THINK Digital Partners Limited and sponsored by the Government Digital Service, (ISC)², The Chartered Institute of Information Technology and CIFAS.

Some key themes arose from the day, most notably the importance of people and their roles in helping to prevent cybercrimes and ensure security for their organisations. In an increasingly digital world, it’s reassuring that people remain key for businesses and the various panels of industry experts highlighted the importance of diversity, role models and empowerment.

With last year’s top concerns being threats to security with more people working from home due to the Coronavirus pandemic, this year, the common topics to arise were Ransomware and supply chain concerns.

Listed below are some of our key takeaways from the day!

Power to the People

The first panel of the day, People Matter: Why People Must Be Part of the Solution, discussed how we can tackle the most common source of data breaches: human error.

People aren’t programmed like computers. Yet, hackers are more likely to target people before technology. Up to 95% of successful cyber-attacks have a human involved in the chain. Therefore, a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we still haven’t cracked the problem.

The importance of education, data driven research, behavioural science and role models were highlighted in this fascinating discussion. People can add value to technology, and security. Secure systems need to be co-designed with people, alongside a tailored approach to meet their needs. This will help support employees to then commit to the security approaches within their organisation.

When it comes to training, we need to tell relatable stories, normalising techy jargon to suit how our colleagues collaborate in day-to-day life. Most of us have been subjected to a cyberattack or know someone who has, so it’s important to share these experiences. Promote a no shame or blame culture and use the incidents to learn from.

Diversity in the public sector

With the importance of empowered and diverse people at the forefront of our attention; understanding that a diverse approach to recruitment can provide your business with new ways of thinking, it is no surprise that experts highlight that people can be the first line of defence for cyberattacks in public sector organisations.

We from a panel of speakers on how the number of female workers in the Cybersecurity sector is still too low, the barriers they face, and what could be done to alleviate these.

With 1 in 5 women saying they felt they couldn’t be themselves, the issue was raised that bringing your full self to the workplace should be promoted and appreciated.

The discussion of getting women into certain jobs in the sector also included the phrasing of job descriptions not being clear enough and an overall lack of focus on retainment and advancement.

A Tale of Two Crises

One of our own strategic advisors at Advice Cloud, Jessica Figueras, gave a presentation on behalf of the UK Cyber Security Council. As Vice-chair, she gave an engaging update on the start of the council and why it was created earlier this year.

She outlined that really the need for this new organisation was due to two key crises; the Covid-19 pandemic and the increase of threats and attacks for global cybersecurity. She detailed how medical professionals have been at the forefront of the pandemic, coming to the aid of many and making ground-breaking discoveries. With the support of countless years of knowledge and the various medical councils, they were able to make significant achievements.

But what about cybersecurity? It became clear very quickly that organisations and professionals in the tech industry did not have the same support system to tackle their own crisis. Thus the UK Cyber Security Council was born!

Now they work to support these professionals, help the field grow and diversify, be the lead on professional ethics and help influence the government to create new regulations. They are continuing to build their network with the ethos of: by the profession, for the profession. With many organisations now joining the council, they are tackling challenges to help build knowledge within the sector.

Ransomware: Building an integrated response

A hot topic throughout the day was the threat to businesses big or small of ransomware and what practices and protections you can put in place to protect yourself from attack. It was reported that the UK encountered nearly 15 million ransomware attacks during 2021 alone and is hailed as on the top threats to businesses. There has been more focus from governments around the world on the threat recently, and it was a major topic this year at G7. Bigger organisations around the world are taking action against ransomware attacks and imposing costs against the people behind the attacks.

The advice from the experts on the session from the day was that you should focus on the basics – identify and block phishing emails, review the employees in your business to ensure they have the right number of access privileges, educate your staff about reporting suspicious links, and use a Cyber Security Framework such as NIST.

This doesn’t just apply to the larger businesses either. SME’s and sole traders still need to pay attention to applying the basics. Manage risk by seeking advice from managed service providers and third party expertise before an attack happens is the best way to protect yourself.

Visit National Cyber Security Centre https://www.ncsc.gov.uk/ for more info and resources

Overall, it was a day that promoted what people can do to help protect, grow and diversify the tech industry and the public sector. We highly recommend attending the next event scheduled for 2^nd March 2022, you can register and see the full agenda here!