Posted: 19 Feb, 2018
I am delighted to summarise the last element of our recent TMA London event which I chaired. Whilst our guest list was 150 people I know that lots of our wider membership would have loved to have been in the audience to hear about Cyber Risk to Business. Jim Wheeler - CEO of www.resolvecyber.com - spoke about how 2018 needs to be the year we take the cyber risk seriously. He mainly spoke about how it is a case of not if, but when, our businesses get hit with a cyber-attack.
It was quite an eye-opener! I can't repeat all the feedback (because of expletives!) but when he showed us how vulnerable our businesses are and how easy it is to buy stolen data from the Dark Net we were all shocked. Revealing to us that it is believed that only 4% of the internet is viewable to normal users, with the Dark Net lurking beneath, was a considerable surprise.
He showed us just how accessible the Dark Net is, where criminality as a service is very easy to buy and cheap too, with hackers’ prices starting at just £300! It was amazing to see websites that looked like normal Amazon sites but selling drugs, guns and illegal services. You even had quality assurance paragraphs and helplines (well perhaps not, but it certainly felt like a normal set of shopping websites…I was already thinking about YOU save banners etc. from my former life!). Jim explained how every business is being targeted and so doing nothing is not an option. We wouldn't own a house without any locks on the doors!
The audience and I enjoyed it and I have heard that a number of them are already engaging with Jim to make their businesses more secure, which is great news. Whilst the audience were entertained and amazed, it did feel like watching “car crash TV”…personally I probably repeated what I had seen to about 10 friends who no doubt will repeat.
At the end Jim gave us 3 Takeaway Questions to ask our businesses or our clients:
- What does your Digital Estate look like? Can you find out the name, owner, and whereabouts of every digital device in your business? If not, you are not adequately aware of your assets and, therefore, you are not able to protect your business and you are at high risk.
- Awareness is the first step: If any board member (of any company) doesn't understand cyber at a relevant level to their role, they could be considered as a noncompetent person for their position. Our executives need to have cyber awareness training so that they can treat cyber as any other business risk. Once the board are trained we then need to train our workforce. Jim told us ReSolve Cyber are UK experts in Boardroom cyber education, and as we saw they have a vast amount of knowledge and are able to explain it in normal language.
- Assess to measure current state: We need to measure how secure our business is to cyber-attack. This can be done through a number of ways. Do you have a cyber incident plan for when the inevitable happens? Have you ever had that plan tested? Would you sleep better at night knowing that external industry experts have reviewed and tested your plan? They will give you advice on what you can do better so that next time (when you are doing it for real) your resilience to is much higher.
The threat certainly isn't going away - we have seen this week already that even the UK Government is having to shut down websites because of a clever cyber-attack. See here: BBC News - Cyber Attack Cryptojacking.
If you want to start to take cybersecurity seriously then Jim’s contact details are firstname.lastname@example.org.
Looking forward to the next London event I would ask you to join the TMA on 7th March hosted by Colliers. Given we have had over 300 bookings for TMA events so far this year I hope you’ll agree that TMA is very much worth your attendance and your membership.
We also have TMA events in the regions on the following dates: West Midlands (Birmingham) 7th March, Thames Valley (Reading) 15th March and North West (Manchester) 20th March.
Click here for full details and to make your booking.
Back to News