Meeting Notes 15/05/2019

Yorkshire Cyber Security Cluster Meeting Notes

Location: Sheffield Hallam University

Date: May the 15th

 

  • The Yorkshire Cyber Security Cluster is a collaborative group of experts within the cyber security industry that are committed to reducing cyber crime in the Yorkshire region
  • The cluster brings together SMEs, Governing bodies, Universities, Yorkshire Police and regional CISOs and those with a vested interest in cyber
  • Collaboration, sharing of best practices and offer expert advice and guidance to one another and the local community

The aims of the Cluster are two-fold:

1 – To support the members of the cluster by communicating National and International initiatives and trade opportunities, providing a networking platform to share ideas and best practice, encouraging collaboration and identifying partnership opportunities so that small cyber security specialist businesses in Yorkshire can find new ways to grow.

2 – To support the British Government’s commitment to Cyber Security (and UK Government’s Cyber Security Strategy) by building cyber security knowledge, skills and capabilities in the Region, to make businesses more resilient to cyber attacks and make the Yorkshire region one of the most secure places in the world to do business.

 


News Segment

“‘Twitter leaks Apple iOS user’s location data to ad partner”

  • Recent security bug
  • Leaked at the “ZIP code or city” level
  • Bug is fixed but no details
  • Using more than one account can affect all
  • Happened during an advertising process
  • All data wiped

“Hackers take over IoT devices to ‘click’ on ads”

  • Estimated 25 billion IoT devices by 2025
  • None will be totally secure
  • Any device with an IP address
  • Drive revenue for hackers
  • Push for security required

“Whatsapp discovers ‘targeted’ surveillance attack”

  • Hackers able to install surveillance software on phones and other devices
  • Targeted a select number of users
  • Fix was rolled out on Friday
  • Discovered early May
  • Would allow attacker to read all messages on a device
  • Installed using a voice call that didn’t need to be answered

Game of Thrones free streaming sites steal private data

  • Most contain “worrying amount of harmful malware”
  • Three popular sites trick users into handing over personal information
  • Then used to perform phishing
  • Some links just download malware
  • Fake sites posing as real sites
  • Cryptojacking malware is common

YH ROCU- Dean Russell

  • Crime drop since last quarter
  • Last quester 250 cases disseminated through to police, 20% were phishing attacks
  • This quarter is had dropped to 120
  • This drop may be due to the art of phishing developing and a raise in awareness of phishing
  • YH ROCU won two awards at the National Cyber Crime Awards

Gary Bell – IISP

What is IISP-
– Institution for Information Security Professionals
– Now a chartered Institute

Security Professionalism-

  • What skills should security professionals have to do their job.

Collaboration-
– 16 organisations working together to figure out what makes a good cyber security professionalism.

Royal Chartered Institute-

  • This shows that they are a standard and that members hold the bench mark.
  • Members become chartered individuals.
  • 700 certified individuals so far.
  • They are holding a degree of relevance.

Capability Framework-

  • Skills framework is at the heart of what they do.
  • Provide evidence and then this goes to judges.
  • Scored on factors from 1-6.
  • It recognised where your skills are and where the gaps are and it helps to see where you can further your career.

Knowledge Framework-

  • This is a document for graduates coming in to the industry or career changers. It helps to fill the gaps from level 1-2.

Upcoming event-

IISP LIve – 11th July – Birmingham


Adrian Beckham- Adsa

PCI DSS Explained

Anyone who takes card payments needs to comply.

There are 4 levels of merchant-

In 2006 the six top payment companies were concerned as they started to get reports of lots of fraudulent transactions.

So they came together to help make people compliant if they wanted to use their payment process.

If you want to use the platform then you have to be compliant to their standards and there are processes that you need to follow.

People would receive an independent assessment to make sure that they follow 12 different criteria. That ensures that they are protecting card payment information.

These assessments are annual no matter how small or big your company is.

If you don’t comply there are possible fines, increased payment processing costs, lack of trust and risk of compromise.


Future YCSC Meeting Dates:

17th July, TBC, 13.00- 15.00

18th September, TBC, 13:00 – 15:00

20th November, TBC, 13:00 – 15:00