We were delighted to host the inaugural Buckinghamshire Cyber Security Summit on Thursday 8th November at Chicheley Hall in Buckinghamshire. The aim of the event when initially conceived, was to give the attendees an overview of the cyber landscape that small and medium businesses face, firstly to better understand the threats that exist but also to give some practical advice and overviews of solutions that should be considered as part of a layered security approach.
In attendance were over 70 guests from a wide range of companies and organisations. But for those that were unable to make it we wanted to give you a brief overview of the day. We'll bring lots of the content to you through videos over the coming days and weeks.
Jamie Bartlett: The Dark Net
Jamie is a well-known expert on the Dark Net and with a few of the Mirus team having seen him present before, we knew the audience would learn lots and enjoy Jamie's content. His presentation gave the attendees an insight into how the Dark Net is accessed, what kind of things are available (from illegal drugs through to cybercrime-as-a-service and credit card data), and what he sees in its future.
It was likely surprising to many what a normal place the Dark Net is, not all chat rooms and code. It has become almost a normal shopping environment (for not normal goods and services!) with many of the same features you would find on an Amazon or eBay store i.e. feedback ratings and payment methods that ensure all parties are satisfied with the process.
Tim Jeffcoat: Cyber Security Expert: Datto
Tim's session gave us an overview of the overall cyber threat landscape in 2018. Whilst many have noted the slowdown in ransomware, we were informed of the more targeted approach that many of these infections are now taking. As part of the presentation, we even saw what a ransomware infection looks like (in a test environment!) when it does happen, transforming normally accessible files to fully locked dead files.
We also reviewed some of the principles of a good backup and DR solution, such as having three copies of your data i.e. production environment, separate hardware and cloud replication.
Datto maybe a name you haven't heard of, but should you have their solutions in place within your business you can sleep much easier knowing that in the event of a disaster scenario, you stand a significantly increased chance of working as normal in a much shorter space of time compared to other DR solutions.
Adam Nash: Cyber Security specialist Webroot
The key message from Adam's session was that of the importance of testing and training users within our organisations to recognise the different threats that exist and what they might look like as part of a layered security approach. The key example we discussed was that of 'phishing emails' and how we can help increase awareness of things to look out for in order to prevent accidentally giving away your credentials or access to SaaS applications.
Webroot offers an excellent phishing testing platform which can be used to create test phishing emails to identify those that are susceptible to scams such Office 365 password reset requests, Apple iCloud account password resets or SaaS-based tools that many businesses use i.e. Salesforce.com. Whilst trying to identify those weak spots the platform then goes on to offer user training in simple to digest user videos. We learnt that through a continual testing and training programme, we can help prevent some of the most dangerous threats.
Paul Lockhart: Practice Manager, Osbourne Morris and Morgan
Paul brought to the Summit some real-world experience and practical advice that OMM have adopted within their business. The initial discussion was based on certification against the governments cyber standard, Cyber Essentials, as part of their overall review of their businesses security. We reviewed why they had decided to undertake the assessment, what the review entailed and how Mirus helped guide them through this process.
We also discussed the efforts that OMM have undertaken to educate the whole of their business on cyber threats and GDPR, right through to training their externally employed cleaner!
Cal Leeming: Security Consultant
Cal gave us an insight into his early years as a pre-teen child getting started in hacking (on a dial-up modem!) through to his current role as a security advisor. One of the key parts to Cal's session was the demonstration of how easily devices can be hacked, and with the increasing proliferation of connected devices within our homes and offices, it’s something we need to be increasingly aware of. The demo on the day was the hacking of a home burglar alarm, with a volunteer creating a new password on his demo set-up and Cal gaining access to reset the whole system within two minutes! We also saw how easy it is to spoof SMS messages from friends, family and business contacts.
One of the key messages in this session was the importance of planning and playing out different scenarios within your business or organisation of what you would do if ‘X’ happened. I.e. what would the steps be if your systems became infected with ransomware or how would you react to core systems being lost on the day that payroll needs to be processed. Through playing out these scenarios you'll be better prepared and therefore react in a more planned and effective manner should the worst happen.
David Staunton: Mimecast
David highlighted the volume of threats that are still delivered via email over and above all other methods. We examined the ways in which solutions such as Mimecast can help identify and block these threats despite their form via different tools. These include attachment scanning, protection from spoofing as well as the more standard virus scanning.
This was another session that highlighted the importance of educating users of the threats that are out there and how given the right education and training people can work alongside all the tech to help block threats.
Tony Pullin: Secure Print
Print isn't often deemed as the most exciting areas of IT, but the data that we print is often some of the most confidential and most sensitive data that our businesses possess, think payroll or accounting data. If this gets into the wrong hands then serious issues can occur! Tony explained the importance of secure print management, not only controlling what people can print but ensuring its only pulled to the printer through user interaction.
The final part of the day was a more general panel session featuring several our speakers from the day. A wide range of issues were discussed from Facebook through to large corporate data losses i.e. British Airways, and education of our young people into the threat of cybercrime.
In summary, there were a few key themes and messages that came through on the day from all of the speakers, firstly the need to help educate and secondly, the importance of a layered approach to security.
Whilst many of our speakers mentioned that users can be the weakest line of defence against cyber threats, it was clear that this doesn't have to be the case! Through small shifts in user behaviour and awareness, we can turn users into our "human firewall', a phrase that was mentioned throughout many of the sessions.
The second area was that of the importance of a layered approach to security i.e. not relying on one form of protection. The layered approach we discussed included robust anti-virus, next-generation firewalls, email filtering, backup, disaster recovery, secure print, and creating robust processes within your organisation, as well as what everyone agreed was vital, user awareness and education.
If you'd like to hear more about the event or any of the solutions covered drop us an email firstname.lastname@example.org.
Please view our Pinterest board to see more photographs from the event.