By Mark Edwards, technical director, Capital Network Solutions

 

How did you get into this line of business?

I did a computer science degree at the University of Glamorgan and set up my own business as soon as I left which coincided with the huge growth in popularity of the internet. I initially specialised in the communications side, but over recent years there has been a big demand for cyber security.

What are the major challenges in relation to cyber security that businesses, especially SMEs, should make sure they are aware of?

The cyber security threat landscape is constantly evolving so what might have been sufficient last year might not be so this year. There is a lot of conflicting advice often from people keen to cash in on the growth of the market, so choose your advisor carefully based on a proven track record and qualifications. People, not technology, are the main threat to security.

How has the threat of cyber security changed over the years?

Cyber attacks are far more targeted towards the individual than they were even a couple of years back. Previously the biggest threat were random, automated attacks against thousands of random targets. Technology such as firewalls and anti-virus solutions are now very effective at mitigating against these, so attackers have become smarter and target individuals or companies via crafted malware or emails.

What do you see as the biggest threat and why?

People are the biggest threat. UK government statistic show that 50 per cent of the most major security breaches in 2014 were caused by 'inadvertent human error'. Many of the successful attacks could be prevented by basic end-user and management training.

How should businesses tackle the cyber security threat?

The first step to addressing the cyber security threat for any organisation is having buy-in from senior management, who are keen to create a secure culture within the organisation. Although IT departments are key to facilitating cyber security direction has to come from senior management. The new UK Government 'Cyber Essentials' standard is a simple, low-cost and very effective set of controls that will protect against up to 80 per cent of Cyber Threats. An organisation achieving this standard could be confident that they have good cyber security to a recognised UK government standard.

Where can they go to get training etc on this?

Several companies offer excellent Executive Awareness security courses. Companies such as Capital Network Solutions are a certifying body for Cyber Essentials and Cyber Essentials Plus, and can offer expert advice on how to achieve the standard.

What do you think is going to be the 'next big thing' that businesses need to embrace and how can they make sure they are not leaving themselves open to attack?

Cloud computing is the latest 'big thing' and although it has been around for several years it is still rapidly evolving and means different things to different people. People often assume that it is not their problem when information is held in the cloud, but you are effectively giving control of all your information to a third party. Companies need to be aware of the risk, select their cloud providers very carefully as the security of similar solutions can vary enormously, and manage what information employees store in the cloud. It is very easy to lost control.

What sorts of things will you be speaking about at Digital 2015?

I am looking forward to speaking about what companies can do to best protect themselves against the most common Cyber Threats. I will be talking about the Cyber Essentials standard, what it is, the benefits it offers and how to implement it.

What advice would you give to young entrepreneurs or people thinking of starting up businesses on how to protect themselves in the cyber world?

Ensure you encourage a good cyber security culture from the start and consider the security of information as a key part of your business.

Anything else you think we should know?

I am a TigerScheme qualified penetration tester and ISC2 Certified Information System Security Professional and Certified Cyber Forensics Professional.