Brian Sims
Editor
Brian Sims
Editor
THROUGHOUT OCTOBER, the UK is set to mark Cyber Security Awareness Month on the back of inspiration resulting from similar annual initiatives held around the globe. Cyber crime costs the national economy. Such criminality costs organisations time and money, their reputation, confidence and customers. On that basis, October will be dedicated to raising awareness of cyber resilience and how individuals and businesses across the country can best protect themselves against myriad forms of cyber crime.
Among those organisations taking part in the initiative are the City of London Police, the National Police Chiefs Council, the National Cyber Resilience Centre Group and the Cyber Resilience Centre network.
At the National Cyber Resilience Centre Group – itself a not-for-profit company, funded and supported by the Home Office, policing and national ambassador partners – each week of the month will address a different theme, championed by insights from across the Cyber Resilience Centre network and those ambassador partners. Themes will include ensuring cyber resilience across the business and third sector communities, bridging the cyber skills gap and strengthening supply chains across the country.
A particular highlight of the month’s activities will be the inaugural Cyber Resilience Centre Summit, which takes place on Monday 10 October at Microsoft’s offices in central London and is hosted by City of London Police Commissioner Angela McLaren. This landmark gathering will bring together representatives from policing, the Cyber Resilience Centres, industry and the National Cyber Resilience Centre Group’s national ambassadors to discuss how to improve the cyber resilience of small and medium-sized organisations.
Detective Superintendent Nick Bell, CEO of the National Cyber Resilience Centre Group and national policing director for the Cyber Resilience Centres, observed: “At the National Cyber Resilience Centre Group, we are very much looking forward to Cyber Security Awareness Month. It promises to highlight the vital importance of building our nation’s cyber resilience, as well as the significant work our Cyber Resilience Centre network and national ambassadors are doing to support this drive.”
Bell continued: “We hope that the initiative will showcase – both nationally and globally – how seriously those with a responsibility for tackling cyber crime in the UK are taking this issue. It’s something that’s being prioritised by the police service, the Government and, indeed, our country’s largest organisations so that, together, we can ensure the UK remains an attractive and safe place in which to work and invest.”
Focal point
Mark Moore, director of the South West Cyber Resilience Centre, commented: “We’re excited to be part of this year’s Cyber Security Awareness Month and, along with the wider Cyber Resilience Centre network and industry partners, help make it an annual focal point of our national calendar. Small businesses and charities have so much going on at the moment. We hope that our collective activities over the coming weeks will help to draw the attention of even more businesses and charities to the affordable and high-quality support our Cyber Resilience Centre network offers to them.”
Moore went on to state: “Our existing members see a real value in the work we do because we are both non-partisan and not-for-profit. We’re looking forward to growing our membership still further and extending the protective blanket that we’re spreading across the regions.”
Ben Fletcher, chief financial officer at The Very Group (a national ambassador for the National Cyber Resilience Centre Group) concluded: “As a digital retailer, cyber security is a vital part of protecting both our customers and our business. It’s something we take very seriously. We’re pleased to support the great work that the National Cyber Resilience Centre Group transacts in order to raise awareness of this important matter.”
Focusing on people
The theme for Cyber Security Awareness Month this year is ‘See Yourself in Cyber’: putting the focus on the ‘people’ part of cyber security and bringing awareness to threats like phishing.
In line with this theme, statistics from reports published by intelligent cloud e-mail security company Tessian have now been shared to illustrate why the focus on the ‘people’ element is so important in today's threat landscape.
The Psychology of Human Error Report 2022 notes that one-in-four (ie 26%) employees have clicked on a phishing e-mail at work. Over half (52%, in fact) of those members of staff surveyed in UK and US organisations have clicked on a phishing e-mail because it looked as though it had emanated from a senior executive at the company.
In addition, more than a third (36%) of employees have made a mistake at work that compromised security, while 40% of employees surveyed have sent an e-mail to the wrong person (a mistake which resulted in nearly a third of businesses losing a client or customer).
Focusing attentions on security training and awareness, Tessian’s Security Cultures Report 2022 has found that:
*nearly two-thirds (64%) of employees admit they don’t pay attention to security awareness programmes, with 36% considering them ‘boring’
*30% of employees don’t think that they’ve played a role in maintaining their company’s cyber security, while 45% don’t know who to report security incidents to as and when they occur
*three-in-four organisations had suffered from a security incident between July 2021 and July this year
In terms of how cyber criminals can easily access and exploit publicly available information to advance their scams and hack into people’s accounts, Tessian’s How to Hack a Human Report highlights that:
*half of people share names and pictures of their children on social media
*nearly three-quarters (72%) mention birthday celebrations
*81% of workers update their job status on social media
*over half of employees (53%) share how long they’ll be away in their Out of Office e-mail message, while 42% announce where they are going
Social engineering
Kim Burton, head of trust and compliance at Tessian, informed Security Matters: “Social engineering and the manipulation of people over phishing e-mails works. It’s fast becoming the leading cause of security breaches in organisations today. For too long, though, businesses have relied on training their people in one-off training sessions, asking them to detect the impersonation or spot the bad links in a phishing e-mail. If employees fail to do so, they are then penalised. This must change. Businesses need to adopt a ‘people first’ approach to security such that every person in an organisation can understand how their actions keep them and the company secure.”
Burton added: “This Cyber Security Awareness Month and beyond, we should make security specific and actionable to each individual’s world and help nudge people towards safer security behaviours. Create a culture of empathy and care and back up training and education with tools and procedures that make secure practices easy to integrate within everyday workflows and personal lives, from asking them to routinely check privacy settings on social media accounts to ensuring strong password management and regular education on e-mail threats.”
