Meeting Notes 17/07/2019

Meeting Notes 17/07/19

Yorkshire Cyber Security Cluster Meeting Notes

Location: Irwin Mitchell Solicitors, Sheffield

Date: 17th May

Introduction

  • The Yorkshire Cyber Security Cluster is a collaborative group of experts within the cyber security industry that are committed to reducing cyber crime in the Yorkshire region
  • The cluster brings together SMEs, governing bodies, universities, Yorkshire Police and regional CISOs and those with a vested interest in cyber 
  • Collaboration, sharing of best practices and offer expert advice and guidance to one another and the local community.

Visions of the Cluster:

  • Make the best use of Yorkshire talent & skills
  • Provide members with reputational and financial benefits
  • Make Yorkshire more cyber resilient and reduce the impact of cybercrime within the region
  • Share knowledge, best practices and learn from one another

The aims of the Cluster are two-fold:

  • To support the members of the cluster by communicating National and International initiatives and trade opportunities, providing a networking platform to share ideas and best practice, encouraging collaboration and identifying partnership opportunities so that small cyber security specialist businesses in Yorkshire can find new ways to grow.
  • To support the British Government’s commitment to Cyber Security (and UK Government’s Cyber Security Strategy) by building cyber security knowledge, skills and capabilities in the Region, to make businesses more resilient to cyber attacks and make the Yorkshire region one of the most secure places in the world to do business.

News Segment

“Ringcentral, Zoom security flaw affects certain Mac users”

  • Mainly (and so far only) affects Macs
  • Zoom, Ringcentral and Zhumu install a daemon for calls
  • Method used immediately opens camera / activates microphone
  • Patches have been rolled out from all 4 suppliers

“Facebook launch scam detection service”

  • Launched in the UK, following action from Martin Lewis
  • “Specially trained team” within Facebook will review reports
  • Being referred to as a “Social Policing” initiative
  • £3m to Action Fraud and team size increase to 30,000

“Airport email scam thwarted by UK’s cyber-defender NCSC”

  • 140,000 separate phishing attacks intercepted overall
  • Emails invited recipients to pay a small fee for a larger refund
  • 200,000 separate users targeted with gov.uk domain
  • NCSC took down the “real” email address, so there could be no replies

“Fernando J. Corbató, ‘Inventor of passwords’, dies at age 93”

  • Oversaw the creation of a “Compatible Time Sharing System”
  • Users could “mess with” other users by moving/changing files and folders
  • Created password protected accounts
  • Corbató’s Law

Elly Sterling – Yorkshire & Humber Regional Cyber Crime Unit

  • Part of the Protect Team, who speak to organisations and do awareness training and mitigation advice following NCSC and NCA guidelines
  • Prevent Team works with younger people by going into schools, Pursue Team who do the ongoing public investigations and Prepare Team who look into new and upcoming technologies and how these can be made more aware of to the public
  • Home Office Report Spring 2019 reported that by the end of December 2018 there were 23,683 reported cases of computer misuse to action fraud, which is a 9% increase from the previous year.
  • The malicious hacking of social media and emails are the most commonly reported to Action Fraud, followed by computer viruses and malware
  • The volume of personal data available online is making social engineering scams more prevalent and so social media platforms have been used to identify potential victims
  • UK-registered companies pay bribes overseas in order to obtain or conduct businesses. The sectors most at risk are one where public officials have high involvement e.g. aviation 
  • Interactive, online and free game ‘Cyber Centric’, created by the unit and Centric, gives staff training and raises awareness. It is currently based at a managerial level but they aim to expand to create some more scenarios and end-user perspectives

Helen Goldthorpe – Shulmans Solicitors

  • BA and Marriott fine cases have been unusual from an ICO point of view as the notice of intention to fine is kept confidential until the company has made their representations about what they think the fine should be. Due to the size of the companies and the fines against them, investors had to be made aware
  • ICO Annual Report highlighted figures about how they handed data breaches reports. 82% out of a total of 13,000 reports in that year ended up with no further action being required
  • The cases against Marriott and BA are large fines, but these are the worst incidents and there are many incidents that are being dealt with more informally

Ian Glover – CREST President

  • CREST is a not-for-profit organisation, who look to build capacity, capability and consistency within the cyber security services market. They concentrate on penetration testing, cyber security incident response, threat intelligence and do the accreditation of SOCs
  • They have accredited around 160 organisations globally and combine the professional certifications with qualifications to run schemes that are tied together with effective codes of conduct and ethics
  • They do a lot of knowledge sharing e.g. recently running their Cyber Access Day, which covered areas of diversity in order to monitor that the industry is inclusive
  • They are aiming to work more with psychology and educational backgrounds to give some form of measurement
  • Although there is not a lack of skills within the industry, there is a lack of certified professionals who can provide advice, guidance or defence against mitigation attacks, like those to BA and Marriott
  • No existing certifications or credentials in the industry would make someone fit for purpose to defend against these cases
  • NIST framework looks at critical and national infrastructure. The artefacts used to report against it are not adequately defined
  • CREST has been working with the Civil Aviation Authority to develop the types of artefacts that should be put forward and looking for individuals with the credentials to sign them off
  • The industry needs to act quickly to think about the consequences associated with dealing with the Information Commissioner, how to defend our organisations and what evidence we will provide
  • Should be trying to get cyber security on the PLC list and should be moving to some sort of mandatory reporting

Peter Stanfield – Irwin Mitchell Information Security Manager

  • The most common threats to law firms are phishing, data breaches, ransomware and supply chain compromise
  • Phishing is still the number one cyber security risk because of the human layer
  • Phishing is easy, cheap and effective and the most common impact to phishing victims is stolen login credentials
  • In a law firm there is a designated team to deal with data breaches and conflicts
  • A Business Continuity Plan and a Disaster Recovery Plan are needed to protect against Ransomware
  • Recently a cyber forensics company was taken out by a ransomware attack
  • They have made a robust plan to prevent against a supply chain compromise by combining every element of the company. They do background checks on staff and financials of companies, data protection, capabilities, what they have in place in terms of training and technology

Where to start?

  1. Pick a strategy
  2. Pick an industry standard to meet
  3. Deliver and maintain it
  4. Measure it

How to Defend Against the Digital Dark Arts

People

  • Develop a human firewall
  • Annual and regularly updated training
  • Regular phishing simulation tests

Process

  • Have a strategy
  • Have a policy and minimum standards
  • Have a defined method to report suspicions

Technology

  • Anti-virus, anti-malware tools
  • Check web gateways or traffic
  • SPF, DMARC, DKIM
  • Two-factor authentication

Next YCSC Dates

  • 11th September, TBC, 17:00-19:00
  • 20th November, Shulmans Solicitors Leeds, 14:00-16:00pm