Meeting Notes 18/12/19

Yorkshire Cyber Security Cluster Meeting Notes
Location: Digital Media Center, Barnsley
Date: 18th December 2019
 

Introduction

  • The Yorkshire Cyber Security Cluster is a collaborative group of experts within the cyber security industry that are committed to reducing cyber crime in the Yorkshire region
  • The cluster brings together SMEs, Governing bodies, Universities, Yorkshire Police and regional CISOs and those with a vested interest in cyber
  • Collaboration, sharing of best practices and offer expert advice and guidance to one another and the local community

Visions of the Cluster:

  • Make the best use of Yorkshire talent & skills
  • Provide members with reputational and financial benefits
  • Make Yorkshire more cyber resilient and reduce the impact of cybercrime within the region
  • Share knowledge, best practices and learn from one another

The aims of the Cluster are two-fold:

  • To support the members of the cluster by communicating National and International initiatives and trade opportunities, providing a networking platform to share ideas and best practice, encouraging collaboration and identifying partnership opportunities so that small cyber security specialist businesses in Yorkshire can find new ways to grow.
  • To support the British Government’s commitment to Cyber Security (and UK Government’s Cyber Security Strategy) by building cyber security knowledge, skills and capabilities in the Region, to make businesses more resilient to cyber attacks and make the Yorkshire region one of the most secure places in the world to do business.

 
News Segment
“Which?  found ‘serious security flaws’ in some children’s smart toys”

  • Some children’s smart toys sold in major retailers are lacking basic cyber security measures and are vulnerable to attack
  • Which? Have outlined 5 tips to help when buying and using smart toys:

1. Read the description
2. Research security concerns
3. Submit minimal personal data when buying a smart toy
4. Keep an eye on smart toys that send or receive messages
5. Turn off smart toys when not in use
 
“Trend Micro rogue employee exposes customer data”

  • Personal data of thousands of its customers has been exposed by a rogue staff member 
  • An employee sold information from its customer-support database, including names, phone numbers and email addresses to a third party
  • 70,000 of their 12 million customers had been affected

 
Zynga data breach exposed 200 million Words with Friends players“”

  • Over 218 million players of the mobile games had their login information stolen
  • The hacker accessed a database that included data from Android and iOS players who installed the game before Sept. 2nd
  • Hack exposed users’ names, email addresses, login IDs, Facebook IDs, phone numbers and Zynga account IDs

 
“Evil Corp stole more than £76 Million”

  • Evil Corp netted more than £76 million from victims using Dridex malware, which was spread via phishing attacks to steal banking credentials
  • Dridex was used to target almost 300 organizations in 40+ nations
  • Franchising business offered people in the UK “access to Dridex in exchange for $100,000 up front, plus 50% of revenue and minimum take of $50,000 a week”.
  • A $5m reward offered for information leading to arrest

 
Melanie Oldham – CEO, Bob’s Business
Kahoot Quiz to outline some important statistics about minorities in the cyber security industry:

  • 7% of Europe’s cybersecurity workforce are women
  • Globally, 11% of women make up the cyber workforce
  • 89% of the workers in the IT security industry are male

15% of the tech workforce comes from a Black, Asian, Minority Ethnic (BAME) background in the UK.

 
Joe Matthewson – Senior Access Manager, SkyBet

  • “More people have access to the internet than safe drinking water.”

Joe identified how posting a status, a check-in and or a photo on Facebook (or any other platform) about going on holiday can show attackers that your house is empty and can leave you vulnerable to an attack.

 
Joe showed the audience how easy it was to find information about someone online without any hacking. In 35 minutes Joe managed to find all of this information about someone:

Current Workplace
Interests
Age
Active Behaviour
Sleep Pattern
Recent Purchases
Family Name Including Children
Places Visited
Living Area
   Interests
Education
Diet
School
Living Location
Relationship Status
Partners Name and Age
Family Members
Recent Locations Visited
All Friends on Facebook
Holiday Photos
Current Workplace
Work Email
Personal Email
Work Phone
Mobile Number
Education Certificates
Holiday Activities
Close Friends
Linguistics
Work Address
Music Taste
  • Andrea Fortuna created a website that gives multiple Open Source Intelligence tools for social media – both Twitter and Facebook

 
Nicki Eyre – Founder, Conduct Coaching
 
Sexting Findings 2014:
37% 13 – 25 year olds have sent a naked photo of themselves
30% of 15 yr olds have sent a naked photo of themselves at least once
15% of 13 & 14 yr olds have sent a naked photo of themselves at least once
5% of 13 year olds send naked photos several times a week.
24% have sent a naked photo to someone they know only online.
24% have had a naked photo shared without their consent.
49% believe is just harmless fun.
16% said it’s the normal thing to do.
13% felt pressured into doing it.
 
Abuse on Smartphone Social Networking:
62% have been sent nasty private messages via smartphone apps
52% have never reported the abuse they have received
47% have received nasty profile comments
40% have received nasty photo comments.
42% have received hate-based comments (racism, homophobia etc.)
28% have had personal information shared without consent.
52% have never reported abuse on smartphone apps
26% felt like it wasn’t taken seriously when reported
49% experienced a loss in confidence as a result of the bullying
28% retaliated and sent something abusive back
24% turned to self harming as a coping mechanism
22% tried to change their appearance to avoid further abuse
13% stopped using the app
‘Cyberbullying is any form of bullying, harassment or victimisation online’
Cyberbullying can take place through phones, tablets and computers.  It can be in via text messages; social media; gaming; emails; online forums; chat rooms etc
 
Cyberbullying Behaviours: 

  • Sharing inappropriate content including images
  • Public humiliation eg rumours and gossip on social media
  • Excessive emails at all hours
  • Copying people who don’t need the information into emails
  • Leaving you out of online communications in order to isolate you and place you at a disadvantage
  • Threats of physical violence
  • Posing as the target online and publishing defamatory posts

 
If you experience Cyberbullying:

  • Don’t feed the trolls
  • Block and report, to your organisation and the social media platform
  • Check what personal information you’ve shared – your own personal cybersecurity is as important as the business you work for
  • Save evidence of the online bullying and harassment

 
Next YCSC Dates

  • 15th January, Round Foundry Media Centre Leeds, 9am – 11am
  • 19th February, Sheffield Hallam University, 2pm – 4pm
  • 18th March, TBC