Breakfast briefing: Cybersecurity – people can be the weakest link
An ever-evolving threat landscape is causing East Midlands SMEs problems when it comes to their cybersecurity – that was the message from industry specialists at TheBusinessDesk.com’s latest breakfast event.
Sponsored by Air IT, the audience at the Cyber Security – Protect and Thrive event heard from Harpreet Sandhu, partner and head of commerce and technology at hosts Nelsons, Brian Lowe of AT&T and Lee Johnson, chief technology officer at Air IT.
Johnson opened the event by running through the different methods that increasingly sophisticated criminals are using to target SMEs. This, he said, was being brought about by advances in technology, a move to cloud computing and, simply, more attempts and more success.
He said that legacy protection that some SMEs have in place is no longer adequate and that attacks using phishing, ransomware, CEO impersonation and social engineering are causing huge issues for businesses.
He said: “Technology is only one piece of the puzzle; often people have the capability to be the weakest link in their security defence. However, people can also be the strongest line of defence with the right knowledge. Threats are constantly changing – businesses need to take the right advice to ensure they’re secure.”
Brian Lowe, AT&T
Lowe also spoke of the changing nature of the threat landscape, saying that cybersecurity is a business problem that must be addressed at scale. Less than 1% of attacks are committed by an insider, he said, and that the average cost to a business due a cyber breach is £3.1m.
He said: “Often SMEs are understaffed, underfunded and underskilled and this is their disadvantage against the criminals. Attackers only need to be successful once.”
Harpreet Sandhu, Nelsons
Sandhu gave an update on GDPR – 18 months after it came into force – and applied it to cybersecurity.
He said: “While businesses are entitled to consider the costs of the implementation of GDPR, they need to ensure that have the correct processes in place, and that includes risk analysis, organisational policies and physical and technical measures.
“Each new service or business process that makes use of personal data must take privacy and data protection into consideration during the design phase.”
Our thanks to sponsors Air IT and Nelsons in Leicester for hosting.
