This page contains a Flash digital edition of a book.
defence & cyber security roundtable 29


Do businesses have real solutions to their virtual world threats?


Law firm Pitmans and The Business Magazine gathered sector experts to discover if businesses, organisations, and enterprises are seriously underestimating the scale and seriousness of the cyber risks they face today. It is estimated that cyber crime costs the UK economy £1,000 per second – or £27 billion per year. It’s largely invisible, definitely invasive, and deeply invidious, but is it invincible? John Burbedge reports the roundtable highlights


Participants


Jason Hope: Business development, Prolinx


Eryl Smith:


Managing director, Lanthorn Consulting


Terry Pudwell: Executive chairman, Assuria


Adam Piper: Associate director, Griffiths & Armour Insurance Brokers


Steve Smith: Managing director, Pentura


Mike Williams: Director, Overtis Group


Andrew Peddie:


Partner, (head of corporate finance, M&A) Pitmans


Philip James: Partner (digital media, technology & data) Pitmans


Jonathan Durrant:


Director, (regulatory and contentious law) Pitmans


Rustam Roy: Senior solicitor (commercial technology) Pitmans


Sandy McKenzie:


Partner – Aerospace, Defence and Security, The McLean Partnership


David Murray: Managing director of The Business Magazine chaired the discussion


THE BUSINESS MAGAZINE – THAMES VALLEY – APRIL 2012


Are we aware? Can we afford not to deal with these risks?


Terry Pudwell said there was lack of awareness, but this was rapidly changing. He mentioned recent media coverage on the hacking of IT systems in BAe Systems and Sony. “In this country 2-3 years ago you never saw anything in the public domain about cyber threats, although it’s been US front page news for 10 years.”


“The problem is companies don’t understand the threats, don’t know what they can do, and if it can be done for a reasonable cost.”


Jason Hope: “Businesses read about the potential threats that exist, both internal and external, but they don’t spend appropriately on their security technology because they have not associated a cost point with their data. They don’t always understand the value of the data at risk, or what it may mean to their business if lost.


Pudwell: “If boards think it takes huge amounts of money to do anything, they just sit on their hands. We are moving to a stage of inactivity because of financial fears. Yet there are so many UK technology companies that could help.”


Adam Piper agreed, saying that the £27b UK annual cost of cyber crime needed to be explained. “Let’s personalise that risk, break it down so that businesses can understand it better.”


Philip James: “You have to treat your IP and data as money. What is the point in investing millions of pounds in R&D if you are then going to put it into a paper piggy- bank that someone can get into very easily?”


Steve Smith suggested there was a divide. “Those businesses who will do something based on box-ticking compliance, and other camps (notably finance and legal) who recognise at board and business levels that they need to secure it.”


Some business sectors still didn’t have a proactive attitude to data and cyber security. Internal IT departments and providers understood the threats, but had problems evaluating the true risks, finding solutions, and presenting a sound business case to gain board support. “Businesses need help as to where to start.”


Admitting cyber threats are a major issue, Steve Smith suggested companies should adopt a bite-sized phased approach. “Understand the most critical areas first. Then address the 10% most critical, and you will probably bring down your overall business risk by 60-70%. Otherwise, you won’t get beyond the overwhelming nature of the perceived problems.”


James: “There’s no exact science on how much to invest in security but there are critical areas of risk than can be improved simply by increasing awareness.” Accepting that ‘Rome was not built in a day’, he said the priority objective


should be to develop a Cyber Security Policy, with a co-ordinated implementation plan.


What does a hacker look like?


Steve Smith highlighted that there was now no stereotypical hacker. Age, lifestyle, sex, and social demographics gave no guide. “Only recently we had news of a junior pupil sent home for hacking his school’s computer system.”


The worrying aspect, said Pudwell, was the technology and downloadable software now available to potential hackers.


Piper: “The message is that it is getting easier to do, and we should expect it to become more prevalent.”


Pudwell: “In times of austerity disaffected people outside the organisation with the right technology and knowledge only need to find an unhappy friend inside."


Andrew Peddie asked whether the common belief that some national governments might be involved in cyber espionage was a reality, in the experience of those around the table.


Eryl Smith said the recent Strategic Defence & Security Review had


Continued overleaf... www.businessmag.co.uk


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52