David Mount reports back from the FT Cyber Security Summit 2016 in London, and shares his thoughts on Cyber Security in the enlightening blog. Read on
Last month I was fortunate to be able to carve some time out of my diary to attend the Financial Times Cyber Security Summit in London. The event promised a strong line-up of cyber-security heavyweights – and I mean that in the knowledge and experience sense, rather than in Trump’s viewof a cyber-crime protagonist.
The sentiment was clear – the good guys are still losing to the bad guys, and it doesn’t look like it’s going to change any time soon. Nausicaa Delfas, Director of Specialist Supervision at the UK’s Financial Conduct Authority shared some interesting, if unsurprising numbers. Over the past few years, they have seen the number of reported cyber-attacks on financial institutions steadily rise – 5 in 2014, 27 in 2015, and 75 so far in 2016. The pessimist (or perhaps realist) in me makes me think that we’re facing ever increasing armies of cyber-criminals who are better organised, better skilled and better funded than the average target; the optimist in me tries to think that we’re actually getting better at spotting the attacks earlier, and thus able to respond more effectively than before.
Whatever the reasons, it’s evident that the good guys will only become truly effective in their mission through effective sharing of information. Indeed, the great military strategist Sun Tzu proclaimed “if you know your enemy and know yourself, you need not fear the results of a hundred battles”. There’s no room for egos in cyber-security. Attacks happen, and one major bank highlighted the empathetic sentiment they received from their customers if they announce they are suffering a cyber-attack such as DDOS.
So let’s not perpetuate the myth that all cyber-attacks are perpetrated by socially awkward teenagers in their bedrooms. Some indeed are, and often as a result of frankly inexcusable and embarrassing approaches to information security. However, many are not. We must change our approach and find the ways to allow cyber-security professionals to truly come together as a team, rather than acting as a loosely grouped collection of skilled individuals. Thankfully, we’re starting to see some initiatives take shape in this space, and during the event there was optimism regarding the UK Government-led National Cyber Security Centre, but much more work is needed on cyber information sharing platforms to provide open, timely access to rich information such as threats, attack vectors and indicators of compromise. As basketball coach John Wooden said – “failure isn’t fatal. But failure to change might be” – a prophecy to the cyber threats of today or tomorrow perhaps?