Scroll down for images from the Westminster eForum
The weakest link in information security is the individual. This was the message coming out of this morning’s Westminster eForum covering the UK cyber security strategy.
Cybercrime is a tier 1 security threat to the UK alongside international terror and costs the UK as much as GB pound 27 billion according to BAE Systems Detica’s technical director Henry Harrison, who was among 10 speakers at a wide-ranging seminar.
The morning forum, which took place at the Royal Over-Seas League, was split into two sections and chaired by Lord West who was made the UK’s first ever cyber minister in 2009 and Lord Harris who is a member of the joint committee on national security strategy.
James Quinault, director of the Office of Cyber Security and Information Assurance, explained that as many as 80% of cyber attacks in the UK would be defeated by the use of strong passwords and keeping computers updated with the latest security patches. The software is there, people just need to make sure to use it.
Martin Smith, founder of The Security Company, echoes these sentiments saying that there is a “huge difference between cyber security and cyber trust.”
He explained that most of the cyber attacks seen in the press are a result of breaches of cyber trust rather than cyber security. This isn’t necessarily deliberate or malicious, it’s just down to people making mistakes.
And David Emm from internet security firm Kaspersky Labs gave another example where a firm’s main Linux server was hacked because the administrator used the same 8-character password for his Twitter and email account as the server.
Highlighting campaigns such as ‘clunk click, every trip’ which helped convince people in the UK to use seat belts, and the rise of drink driving as socially unacceptable, Mr Emm said we need to encourage a societal change with regards to information security.
He said, “I suspect we don’t do enough as a society offline to raise that public awareness.”
The rise of the Hacktivist
Charlie McMurdie, Head of the Police Central e-Crime Unit spoke briefly about the rise of the hacktivist – hackers who cause chaos on the internet typically through so-called denial of service attacks – such as Anonymous and Lulzsec.
She said we need to recruit young people in this country who are tempted by the hacktivists, and through gaming initiatives such as the Cyber Challenge, we are succeeding in converting many from ‘black hat’ hacking to ‘white hat’ hacking – an term used to refer to ‘ethical’ hackers who often flag securit risks to firms.
40,000 a week however still download a tool developed by Anonymous designed to hack websites, so this battle is not simple.
Finally, John Colley director of (ISC)2, the IT security certification body, said, “When a child enters a chemistry lab for the first time, we give them a safety lesson. The same should apply to a child using a computer.”
