Held on Thursday 2 October, Consec 2014 – the Association of Security Consultants’ Annual Conference – ran under the banner ‘Securing Business, Protecting the Future’ and highlighted the overriding need for a true analysis of risks and necessary solutions rather than business professionals relying on simplistic reports and common assumptions. There was also consideration around developing effective strategies for tackling today’s myriad cyber threats and the importance of being able to rely on quality products and services in the ongoing fight against criminality.
Over 150 delegates representing security suppliers and end user organisations attended the event, which was held at the London Heathrow Marriott Hotel. It was the Association of Security Consultants’ (ASC) 20th Annual Conference and Exhibition, with the conference proceedings expertly chaired by Security Industry Authority chairman Elizabeth France CBE.
In his opening keynote address, Professor Michael Clarke (director general at the Royal United Services Institute) outlined key factors influencing current global threats. These include demographic trends, climatic events resulting in population movement, regional tensions, the growth of virtual communications, a significant level of financial assets being out of reach of state jurisdiction, economic hardship and resulting migration and the takeover of liberal revolution by fundamentalist elements.
Paul Easter – managing director at Harquebus and 2014 Imbert Prize winner – sought to dispel some common misconceptions around terrorist capabilities. Easter stressed that these capabilities are typically conventional from a technology point of view, and that terrorists have generally not succeeded in using the Internet as a cyber weapon while they also remain a long way off from being able to pose a nuclear threat.
According to Easter, terrorists’ abilities to use more advanced methods of attack are dependent on state assistance. This is very often non-existent or otherwise limited.
Tackling the cyber threat
Sue Seaby – director at SAS Security Risk Service – explained why tackling the cyber threat should be an exercise carried out as part of an integrated plan for dealing with all threats and involve each risk discipline rather than cyber being treated as something special.
Seaby added that Boards of Directors need to be educated against being swayed on risk policy dependent on media coverage at any given time, and feels there should be greater recognition of the scale of the insider threat to information security. Apparently, 80%-85% of all data breaches are committed by members of staff, either inadvertently or deliberately.
Both Seaby and Jane Attwood (representing the John Taylor International Partnership) focused on the importance of organisations ensuring that their suppliers – as well as their employees – follow appropriate procedures specifically designed to minimise risk.
Attwood, who is also a member of the London Chamber of Commerce and Industry (LCCI) Defence and Security Committee, outlined the findings of recent LCCI research on cyber security. 54% of London businesses have been the victim of cyber crime in the last 12 months. The main barriers to improved protection are the perceived high cost (the response received from 34% of those questioned as part of the research) and a lack of threat awareness (30%).
LCCI recommendations include making it simpler for businesses to know where to go for advice and the availability of the Innovation Voucher for cyber security on a continuous basis to help SMEs bring in outside expertise.
UK Partnership for Conflict, Crime and Security Research
Dr Tristram Riley-Smith – external champion to the UK Partnership for Conflict, Crime and Security Research at Cambridge University – explained that, despite a perception that information security is all about technology, probably the most important element in cyber research focuses on human behaviour. A high proportion of risks may be minimised if Best Practice techniques are followed.
The UK Partnership is a national research programme aimed at improving our understanding of current and future security challenges. To date, over 1,200 projects have been energised.
Dr Riley-Smith’s prime mission is “to see value extracted from the university world and delivered to the people who can do something with it”. He cited a number of examples, including making the link between ‘lucky imaging’ techniques from astronomy and improving the resolution quality of surveillance systems installed for operational crime prevention and detection.
It’s estimated that the global security market will rise in value from £410 billion in 2012 to £571 billion by 2016. Dr Riley-Smith said that the goal was for the UK’s share of security exports to rise from 4% to 8% by 2020.
Following this theme, Stephen Phipson CBE – director of security industry engagement with Her Majesty’s Government – then outlined his own work designed to support various activities across Government. Led by the UKTI and heavily promoting security exports, this work has already built on the UK’s delivery of a safe and secure London 2012 Olympic and Paralympic Games.
Phipson’s key role involves co-ordinating the interaction between Government and the UK’s security sector and, during his presentation, he duly stressed the importance of being able to rely on high standards from the organisations the Government’s export initiatives are designed to support.
Chartered Security Professional certification scheme
Di Thomas, membership engagement manager at The Security Institute, continued the theme of standards with her summary of the Chartered Security Professional certification scheme.
The 75th practitioner to gain the prestigious status of Chartered Security Professional is Bob Martin, an ASC Board member. Bob’s achievement was marked with an official certificate presentation ceremony at Consec 2014.
Summing up the day, Allan Hildage – the ASC’s chairman – said: “This year’s Consec proved to be yet another informative and worthwhile conference where our delegates were fortunate to hear some outstanding presentations delivered by security and risk expert leaders from across Government, academia and industry.”
*Further information on research projects being enabled via the UK Partnership for Conflict, Crime and Security Research and RISC is available online at: http://www.riscuk.org/academia/academic-marketplace/
**The LCCI report ‘Cyber Secure: Making London Business Safe Against Online Crime’ is available online at: http://www.londonchamber.co.uk