A cyber security expert set to speak at the Unlocked Manchester conference has urged businesses to prepare for crisis scenarios.
More than 40 per cent of UK businesses suffered a breach or attack in the past 12 months, with the volume of cyberattacks growing more than a quarter to 1,500-plus attacks a day on average.
Holly Grace Williams is technical director at Secarma and a regular speaker on new threats to security at conferences and expos.
She told 老九品茶Cloud that Unlocked Manchester, , will include workshops on real-life scenarios which will help companies consider all aspects of a breach.
鈥淚 think that a lot of people will realise that in dealing with breaches, it’s not the things that you expect to go wrong that are the problem 鈥 it’s the things you haven鈥檛 thought about,鈥 she said.
鈥淥ne of the companies I worked with a while ago who had suffered a data breach decided that they would send a letter to every affected customer.
鈥淭hat was their biggest complication: how would they physically deliver the letters? They operated in multiple countries and had four languages.
鈥淗ow do you write a letter in four languages that’s been through a lawyer so it’s technically and legally accurate and then dispatch the letter to all of those people?鈥
In September last year the UK’s Information Commissioner’s Office聽fined Equifax 拢500,000 for failing to protect the personal information of up to 15 million UK citizens during a cyber-attack which took place in the United States in 2017 and affected 146 million customers globally.
鈥淲hen you consider announcements such as 鈥榳e have 100,000 or 200,000 affected customers鈥, even that’s a lot of letters! If you try and simplify that by sending emails or using a call centre, it doesn鈥檛 really make it much easier,鈥 continued Williams.
鈥淲ith the Equifax breach, they ended up recruiting 1,500 staff for their call centre just to field calls. Onboarding that number of staff at the same time was the difficulty they had. It’s those things that companies haven鈥檛 considered.
鈥淪ome of it is simply dealing with a lot of actions at the same time: you can鈥檛 run it in sequence. If you did that, the response would be very slow.
鈥淐ompanies very often have legal requirements for disclosing breach data: the go-to example with GDPR is telling the ICO within 72 hours. But that鈥檚 the easy part: their next questions of how many records and how did it happen鈥 having those answers is much harder.鈥
At Unlocked Manchester, which will run from 9am-1pm, Secarma will draw upon such real-life scenarios as it walks attendees through examples of data breaches in a workshop.
鈥淭here are different talks going on throughout the day about what organisations should be caring about. We鈥檙e asking: how should you be planning for a breach?
鈥淲e did an interview with the former CIO of Equifax [who was in post] when they had their big breach and he went through that experience with us. I want to draw that kind of information into this.
鈥淚nstead of talking to companies about what could happen, we want to look at real breaches and to guide the companies through that thought process of ‘if that was us, how would we deal with it?鈥欌
She added: 鈥淭he number of security professionals who have lived through a significant breach is quite small, so a lot of companies are presuming a lot of things.
鈥淗ow good is their incident response plan? When did they last test it? When did they last update it?
鈥淒ealing with a breach is a time of crisis 鈥 and it’s never as easy as you think it’s going to be.鈥
The conference will cover topics as diverse as the rise in cyber-terrorism and mobile malware to the advantages of ethical hacking and the future of artificial intelligence and the Internet of Things.
The keynote speakers are ethical hacker FC 鈥 Freaky Clown 鈥 and former director of the government’s National Cyber Security Centre John Noble.
FC is currently head of cyber research at Raytheon UK and co-founder of cybersecurity consultancy Cygenta. His client list includes major high-street banks in the UK, FTSE100 companies and government agencies.
The twin Unlocked London event on 24th July at the Shard is sold out.