To mark the opening of Security Serious Week, the cream of UK cyber-security marshalled at London's St Katharine's Docks, to discuss the campaign as the opening salvo of an industry-wide effort to raise security awareness.
Yvonne Eskenzi, one of the founders of the campaign, explained the drive behind it: “Security Serious is all about those that can't, learning from those that can – it's simple really. I plan to bring together our leading experts to convey their words of wisdom to those people and organisations who want to become more security savvy.”
Eskenzi added that this campaign hasn't fallen on deaf ears either: “The response we've received for this campaign, and the calibre of the supporters on board, all prepared to selflessly give their time to help create a safer online community is inspiring.” Ranked among its supporters are such international names at BT, HP, Canon UK, HSBC and GlaxoSmithKline, among others.
The week runs from the 26th to the 30th of this month and during it, 50 experts will be offering their time and knowledge to the uneducated in all matters cyber-security. The campaign will also be offering a host of workshops and lectures to better train those unfamiliar with the arcane ways of cyber-security.
Some of those experts have also joined forces and, just in time for Halloween, put together “the little book of hacking tales, a collection of mostly fictitious tales on IT security", available to download as a free e-book.
This collection of the like-minded of the IT world had attendees from every corner of the industry.
XQ Digital Resilience, a company that emphasises that very word over security, specialises not in penetration testing, but resilience training and red teaming, acting as an adversary to their clients' security systems and seeing how easy it is to break into the vault. David Carroll, the company's managing director, reasons that this approach doesn't just "test the windows without the roof" but offers a more complete picture of a company's cyber-resilience.
The "big secret" of cyber-security, according to Martin Smith, CEO and founder of the Security Company International is people. Running the business out of a 16th century barn, Smith organises meet-ups between CISOs, security experts and cyber-security professionals together to talk about the problems plaguing the industry and the vaccines and cures for dealing with them.
That said, ‘people' might not be as big of a secret as Smith thinks. Dr Stephen Wright, manager of the National Cyber Skills centre, a security training organisation, is at the heart of what cyber-security is all about. So much of what Wright focuses on is not about tech skills or CISOs but getting the rank and file to understand what their role is in helping to protect their company from attack. Even the office cleaners can be a liability.
It's about time too; the average breach goes undetected for the better part of a year and cyber-crime costs the global economy over $400 billion a year, with the UK accounting for a large amount of that loss. Many of the attendees agreed that it is no longer enough to buy expensive software. The trajectory will have to be – if the Security Serious campaign has anything to say about it – people sharing information and learning from each other how to get more serious about security.