Tag Archives: London Chamber of Commerce and Industry

Consec 2014 highlights overriding need for true analysis of business risks

Held on Thursday 2 October, Consec 2014 – the Association of Security Consultants’ Annual Conference – ran under the banner ‘Securing Business, Protecting the Future’ and highlighted the overriding need for a true analysis of risks and necessary solutions rather than business professionals relying on simplistic reports and common assumptions. There was also consideration around developing effective strategies for tackling today’s myriad cyber threats and the importance of being able to rely on quality products and services in the ongoing fight against criminality.

Over 150 delegates representing security suppliers and end user organisations attended the event, which was held at the London Heathrow Marriott Hotel. It was the Association of Security Consultants’ (ASC) 20th Annual Conference and Exhibition, with the conference proceedings expertly chaired by Security Industry Authority chairman Elizabeth France CBE.

In his opening keynote address, Professor Michael Clarke (director general at the Royal United Services Institute) outlined key factors influencing current global threats. These include demographic trends, climatic events resulting in population movement, regional tensions, the growth of virtual communications, a significant level of financial assets being out of reach of state jurisdiction, economic hardship and resulting migration and the takeover of liberal revolution by fundamentalist elements.

Consec 2014 was attended by over 150 delegates representing security solutions suppliers and end user organisations

Consec 2014 was attended by over 150 delegates representing security solutions suppliers and end user organisations

Paul Easter – managing director at Harquebus and 2014 Imbert Prize winner – sought to dispel some common misconceptions around terrorist capabilities. Easter stressed that these capabilities are typically conventional from a technology point of view, and that terrorists have generally not succeeded in using the Internet as a cyber weapon while they also remain a long way off from being able to pose a nuclear threat.

According to Easter, terrorists’ abilities to use more advanced methods of attack are dependent on state assistance. This is very often non-existent or otherwise limited.

Tackling the cyber threat

Sue Seaby – director at SAS Security Risk Service – explained why tackling the cyber threat should be an exercise carried out as part of an integrated plan for dealing with all threats and involve each risk discipline rather than cyber being treated as something special.

Seaby added that Boards of Directors need to be educated against being swayed on risk policy dependent on media coverage at any given time, and feels there should be greater recognition of the scale of the insider threat to information security. Apparently, 80%-85% of all data breaches are committed by members of staff, either inadvertently or deliberately.

Both Seaby and Jane Attwood (representing the John Taylor International Partnership) focused on the importance of organisations ensuring that their suppliers – as well as their employees – follow appropriate procedures specifically designed to minimise risk.

Sue Seaby of SAS Security Risk Service speaking at Consec 2014

Sue Seaby of SAS Security Risk Service speaking at Consec 2014

Attwood, who is also a member of the London Chamber of Commerce and Industry (LCCI) Defence and Security Committee, outlined the findings of recent LCCI research on cyber security. 54% of London businesses have been the victim of cyber crime in the last 12 months. The main barriers to improved protection are the perceived high cost (the response received from 34% of those questioned as part of the research) and a lack of threat awareness (30%).

LCCI recommendations include making it simpler for businesses to know where to go for advice and the availability of the Innovation Voucher for cyber security on a continuous basis to help SMEs bring in outside expertise.

UK Partnership for Conflict, Crime and Security Research

Dr Tristram Riley-Smith – external champion to the UK Partnership for Conflict, Crime and Security Research at Cambridge University – explained that, despite a perception that information security is all about technology, probably the most important element in cyber research focuses on human behaviour. A high proportion of risks may be minimised if Best Practice techniques are followed.

The UK Partnership is a national research programme aimed at improving our understanding of current and future security challenges. To date, over 1,200 projects have been energised.

Dr Riley-Smith’s prime mission is “to see value extracted from the university world and delivered to the people who can do something with it”. He cited a number of examples, including making the link between ‘lucky imaging’ techniques from astronomy and improving the resolution quality of surveillance systems installed for operational crime prevention and detection.

It’s estimated that the global security market will rise in value from £410 billion in 2012 to £571 billion by 2016. Dr Riley-Smith said that the goal was for the UK’s share of security exports to rise from 4% to 8% by 2020.

Dr Tristram Riley-Smith spoke about the UK Partnership for Conflict, Crime and Security Research

Dr Tristram Riley-Smith spoke about the UK Partnership for Conflict, Crime and Security Research

Following this theme, Stephen Phipson CBE – director of security industry engagement with Her Majesty’s Government – then outlined his own work designed to support various activities across Government. Led by the UKTI and heavily promoting security exports, this work has already built on the UK’s delivery of a safe and secure London 2012 Olympic and Paralympic Games.

Phipson’s key role involves co-ordinating the interaction between Government and the UK’s security sector and, during his presentation, he duly stressed the importance of being able to rely on high standards from the organisations the Government’s export initiatives are designed to support.

Chartered Security Professional certification scheme

Di Thomas, membership engagement manager at The Security Institute, continued the theme of standards with her summary of the Chartered Security Professional certification scheme.

The 75th practitioner to gain the prestigious status of Chartered Security Professional is Bob Martin, an ASC Board member. Bob’s achievement was marked with an official certificate presentation ceremony at Consec 2014.

Summing up the day, Allan Hildage – the ASC’s chairman – said: “This year’s Consec proved to be yet another informative and worthwhile conference where our delegates were fortunate to hear some outstanding presentations delivered by security and risk expert leaders from across Government, academia and industry.”

*Further information on research projects being enabled via the UK Partnership for Conflict, Crime and Security Research and RISC is available online at: http://www.riscuk.org/academia/academic-marketplace/

**The LCCI report ‘Cyber Secure: Making London Business Safe Against Online Crime’ is available online at: http://www.londonchamber.co.uk

Leave a comment

Filed under Risk UK News

Growing risk of online crime threatens London’s business reputation

The capital’s reputation as a safe place in which to do business is under threat unless firms are better prepared against the rising threat of online crime.

A new report from the London Chamber of Commerce and Industry (LCCI) argues that, despite efforts from Government and law enforcement, London firms – particularly small and medium-sized enterprises (SMEs) – are still largely oblivious to the ever-more sophisticated methods cyber criminals are using to steal valuable information.

Cyber crime costs UK companies alone at least £21 billion per year. The costs of a security breach experienced by smaller organisations are rising, with the average cost of the worst attacks now between £65,000 and £115,000 (up from £35,000 to £65,000 a year ago).

The LCCI report – entitled: ‘Cyber Secure: Making London Business Safe Against Online Crime’ – finds that:

*Over 50% of London firms had experienced a cyber breach
*Cyber crime numbers and costs could be far higher due to widespread under-reporting of online fraud to Action Fraud
*A lack of awareness of cyber threats and the high costs of protection remain significant barriers to firms implementing stronger security measures
*Smaller firms are becoming increasingly targeted by cyber criminals as their systems are generally easier to access and they provide an open door to larger companies via supply chains
*Government initiatives to improve awareness and resilience (and to reduce the costs of security) are welcome, but often use overly complex and technical language which renders them inaccessible to the average SME

The capital’s reputation as a safe place to do business is under threat unless firms becomes more prepared against the rising threat of online crime

The capital’s reputation as a safe place to do business is under threat unless firms becomes more prepared against the rising threat of online crime

Creating a single ‘landing pad’ of resources

The LCCI calls on the Government to create a single ‘landing pad’ of cyber security resources aimed at business, making it simpler for companies to know where to go for advice. The Mayor of London can complement this resource for the capital’s firms through the proposed London Business Resilience Centre.

Despite the Government’s designation of Action Fraud as the first point of contact for cyber crime victims, many businesses are not aware of the service’s existence. Minimising the information required from companies and better promotion would help increase reporting rates for vital intelligence.

More also needs to be done to make it easier for firms to recover the costs of cyber crime, and in particular those acts of criminality perpetrated in the UK.

The Government should encourage Internet Service Providers (ISPs) and banks to use the cover of existing laws to release data that could result in faster and more decisive action being taken against criminals.

Some simple guidance to help firms navigate the civil or criminal legal system would also be of valuable assistance.

Growing menace of cyber crime

Colin Stanbridge, CEO of the LCCI, said: “The growing menace of cyber crime is costing business dear in financial, data and intellectual property loss terms. SMEs often have very limited resources they can allocate to cyber security so the Government and Mayor of London must be more targeted in their approach to reaching smaller firms with helpful information, and focus on providing easy–to-adopt online security solutions.”

Stanbridge continued: “Unless more is done to help smaller firms understand and put in place at least basic security measures, the reputation of London as a major global centre for business is vulnerable. The authorities need to work together to make the process of online protection simpler, quicker, easier and cheaper for the smaller firm such that the health of the economy and the reputation of the capital is not undermined.”

Stephen Greenhalgh (Deputy Mayor of London for Policing and Crime) added: “The advance of technology has shifted criminal activity from the streets to the PC. The LCCI cyber security report paints a determined picture of a strong will from Government and law enforcement to protect businesses, but a confused landscape in terms of fragmented initiatives and policy responses. This report should galvanise the effort and make this confusing landscape easier for the business owner to navigate, from the online SME right through to the multinational. MOPAC looks forward to working with the LCCI to raise awareness and simplify the plethora of initiatives out there, particularly for SMEs, through single hubs like the London Business Crime Resilience Centre.”

City of London Police Commander Steve Head, who is also the Police National Co-ordinator for Economic Crime, explained: “Cyber crime is estimated to be costing UK companies at least £21 billion every year, but the reality of the situation is that this huge figure would be even higher if all businesses reported to the authorities when they had fallen victim to an offence committed through the Internet or via other emerging technologies.”

Head also stated: “It’s therefore vitally important that SMEs who fall victim to an online crime contact Action Fraud which, in May, became part of the City of London Police and now sits directly alongside the force’s National Fraud Intelligence Bureau. Working together, they are improving the service provided to small companies whose security has been breached by cyber criminals with, most importantly, the arrival of bulk reporting for industry just around the corner.”

City of London Police Commander Steve Head

City of London Police Commander Steve Head

In conclusion, Head opined: “The past year has also seen a significant rise in crime disseminations to UK forces for investigation and a huge rise in the disruption of criminal enablers. However, it’s only by having the full picture of how cyber crime is targeting industry to hand that law enforcement and Government can put in place the resources and measures required to combat what has very quickly become a massive threat to the sustainability and profitability of companies operating the length and breadth of the land.”

Leave a comment

Filed under Risk UK News