BUZZWORD
ANNE DUNCAN Chair, digital and technology leadership initiative, IoD France executive committee
‘Cyber security and data privacy are matters of governance’
The number-one point to make about cyber security is that it’s not the preserve of the IT department or a particular individual in your organisation. It’s everybody’s business. At the IoD we have a strong focus on training our members in effective corporate governance, which is extremely important. Cyber security and data privacy have become matters of governance – directors are now responsible for these issues and for how their management feeds down through the organisation. As part of the digital and technology leadership initiative I run for IoD France, we invite business leaders to discuss issues of cyber security. These forums operate under Chatham House rules, so participants can say “this is what happened in my company” safe in the knowledge that their identity and that of their organisation will not be disclosed.
There are still certain details you wouldn’t want to share, of course, but the forum enables important conversations to start. Because you are surrounded by experts at these events, you can also improve your knowledge, which will equip you better to make key improvements when you return to your organisation.
CODY BROCIOUS Security researcher and head of hacker education, HackerOne
White-hat hackers are folk who hack in an ethical way, generally at the behest of fi rms wishing to protect themselves. Bug bounty hunters are white- hat hackers who specialise in fi nding vulnerabilities in an effort to make the internet a more secure place while developing their own skills and, possibly, earning money. My fi rm, HackerOne, helps to improve companies’ cyber security in three ways. We work with them to manage vulnerability disclosure programmes, where hackers and security researchers can
‘Password reuse is a huge risk, but one of the easiest to solve’
report bugs without fear of any legal repercussions. We run bug bounty challenges that pay hackers to fi nd and report vulnerabilities. And we hold courses that help both hackers to hone their skills and developers to secure their code. All of these efforts improve cyber security for our corporate partners and also for fi rms that we don’t work with directly. Password reuse is a huge risk, but one of the easiest to solve. My advice to anyone running a small business is to use a password manager with a long passphrase and apply a different, randomly generated, password for every website.
hackerone.com
ANDY TILLMAN Director of intelligence, Tillmana Group
‘SMEs ought to be off ered a certain level of free assistance’
GDPR has probably either forced smaller businesses to push cyber security higher up their agendas than ever before or made them bury their heads deeper in the sand. Yes, there is now a requirement to report a breach, but I think this will still come down to an assessment of the pros and cons of doing so. Smaller businesses are often treated as poor relations, especially when it comes to cyber security. The services available to them in this fi eld aren’t as good as they should be. In fact, SMEs ought to be offered a certain level of free assistance – it’s a question of whether we want a utopian society where large businesses help smaller fi rms and so protect their supply chains. Whenever I do a talk on “compromise by coercion”, which is a fancy way of saying “blackmail”, I highlight how easy it is to identify and profi le key individuals in a company. This always shocks business leaders in the audience. You need to understand that such threats exist, but also remember that the world is not as scary as some people make out.
cyber.tillmana.com
Andrew Tillman is an education and skills ambassador for IoD Suff olk
PETER MATTHEWS Chief executive,
Metro Communications
There are lots of people who play on the fear that exists about being hacked. They say to businesses: “Hackers will break into your systems, steal your data and sell it on the black market, so you need to buy this product of ours.” We need to shift that narrative. People say that tech moves quickly, but human error is still the easiest way for someone to infi ltrate your systems. You have to be aware that many cyber criminals focus on social engineering. They can fi nd enough information about you on social media to enable
‘Many cyber criminals focus on social engineering’
them to send an email that looks credible enough for you to open. Online, I tend to deal only with people whom I already know.
If you do one thing
tomorrow, I recommend that you visit the NCSC’s website and download 10 Steps to Cyber Security. You don’t need to buy anything and there doesn’t have to be a huge plan. It’s simply about applying common sense. If you take the basic precautions, you’ll start to put some clear water between your fi rm and the cyber criminals.
metrocomms.co.uk
Peter Matthews is a member of IoD London
director.co.uk 15
COMPILED BY RYAN HERMAN
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68
