The National Cyber Skills centre (NCSC) based in Malvern is launching a new programme of Cyber Security classes to help protect the Micro business and Sole Traders.
Cyber Security is a huge issue that is largely being ignored by the majority of organisations. A common misconception is that this is an IT issue, or that smaller organisations are not at risk. This is likely in part due to a lack of understanding about the real risks and what simple steps can be taken to put in place basic protection. In reality much of Cyber Crime depends on the weakest link, the people. Failing to use a good password or change it, sharing login information, putting sensitive information in areas that are easily accessed by others, using infected memory sticks, clicking the wrong link. It’s a long list and growing as the bad guys get more and more sophisticated. Sometimes it’s a simple mistake, posting on social media something about working late on a large contract proposal gives away the game and helps the attackers hone in on a target.
What most people don’t realise is that Cyber Crime is a large and growing background economy where tools are available for free or low cost that automate the process of testing the security of individuals and organisations to find a weakness that can be exploited. Generally it is not the Hollywood image of a lone genius malcontent hammering away at a keyboard in a darkened room. Across the world computers are diligently working their way through lists of user names and email addresses using ever more complex algorithms to crack passwords. Often those that find the weakness sell on the information to others that use it for their needs. While identity theft is one use, sometimes it is about gathering intellectual property such as customer or supplier lists, pricing strategies, information about business plans, or even to use computers and servers to launch attacks on others, and the list goes on. There is a thriving trade in information if you know where to look.
In addition to the sterile cold world of automated hacking is the more sophisticated targeted hack. Here individuals with varying levels of expertise focus on an organisation of interest that they know has something they or somebody else wants. Sometimes it is personal and sometimes they are “guns for hire”. Some of the largest companies in the world spend a fortune fighting a running battle with teams of hackers, and often they fail as we know from the media. Governments and massive companies across the world regularly report breaches and loss of data, with it goes a loss of reputation and secrets. In addition to the direct damage is the financial hit of fines from the Information Commissioners Office.
As scary as this sounds relatively simple things go a long way to putting in place a good level of protection from many of the run of the mill attacks. The UK government is promoting their “Cyber Essential Scheme” which is rather dryly described as having in place the “5 key controls”. These are simply malware protection, access control, firewalls, secure configuration, and patch management. There is a scheme where an organisation can self-audit against the standard and earn an accreditation for both peace of mind and promoting their safer status to suppliers and customers. Taking a little time to understand what these mean and how to apply them gets the basics in place. Getting yourself and your team aware of how attacks use people to get around the technology strengthens the five key controls further. For many organisation basic protection can be put in place relatively easily.
So back to Cyber Bytes, the programme was devised in response to a number of conversations where businesses and organisations told the NCSC that they were aware they needed to do something but didn’t know where to start, or that the training they were offered was too complex for them. Cyber Bytes addresses this with to the point 3 hour classes that can be taken as a whole or just the subjects of interest.
The National Cyber Skills Centre (NCSC) is based in Malvern and supported by the Worcestershire County Council with a mission to make organisations aware of the risks of Cyber Crime and to help them put in place protection. Courses are run in Malvern and across the UK. The NCSC publishes regular articles to help organisations understand the issues at http://insights.cyberskillscentre.com/. Further tools and resources can be found at http://www.cyberskillscentre.com/resources/