National Police Chiefs’ Council (NPCC) lead for Cybercrime, Chief Constable Peter Goodman opened the National Cybercrime Business Conference.
The main focus of the conference was to help businesses minimise their risk and exposure to potential cybercrime and share what support is available if they do become a victim of a cyber attack.
A packed lineup of speakers and panel discussions included experts from the National Cyber Crime Unit (NCCU), Information Commissioner’s Office (ICO), Price Waterhouse Coopers (PWC) cyber security team, Scottish Business Resilience Forum, Protect-Prepare-Prevent team and National Cyber Security Centre (NCSC).
Six things I took away from this conference:
- Support is available from law enforcement and other agencies for Cybercrime victims. Medium to small businesses are most vulnerable to cybercrime and may not have the resources or in-house expertise to deal with some cyber-attacks. These should be reported to ActionFraud via their helpline 03001232040.
- Cyber-Security Incidents Trend Analysis (from ICO). Phishing, Unauthorised access, and Ransomware remain at the top of the list. The main sectors targeted by Ransomware were charities, health, transport and leisure, central government, and finance.
- The number of reported incidents increased massively since May last year but businesses still hesitate to report some breaches. It is estimated that only 5% of the reported cases instigate some form of regulatory action. Under-reporting of attacks continues to hamper our ability to make robust assessments of the latest threats.
- Importance of having a robust Crisis Management Plan. PwC facilitated a data breach scenario where an online retail business was struck by a ransomware attack. It was interesting to see how investigations evolved and how the CEO, CISO, DPO, and crisis management team reacted. The challenge for any business in such a scenario is to decide when to share the news with their customers and other stakeholders. An effective crisis management plan could avoid disasters like we have seen in the case of Talk Talk.
- Cyber Insurance – If you haven’t got it covered under your business insurance, please do so.
- A free online resource where ransomware keys are published – Nomoreransom.org