A year or so ago the North East ICT Managers group put on a very successful security event. It really changed the relationship that we had with central government over the Public Service Network in a good way. This year we’ve done something similar under the banner of ‘Enabling safe business’. I would normally chair such events but I was away on holiday in Madeira so we decided to beam me in via a satellite link.
Of course this presented two problems: working on holiday would not make me popular and trying to set up the link in the middle of the Atlantic Ocean would be flaky at best. So we grabbed a few props and mad a video. Here’s the script.
[Shot opens with Phil siting in a deckchair wearing Hawaii shirt and straw hat against a back drop of exotic foreign scene.]
Is this working?
Good morning. I’m sorry that I can’t be there in person but I am on holiday as you can see in sunny Madeira. In the best tradition of Hollywood award ceremonies we’ve decided to beam me in using this live satellite feed.
It’s amazing how good a connection you can get from the middle of the Atlantic Ocean.
Graham has told me that we have nearly 100 people attending today and we have some fabulous and highly esteemed speakers.
Here in Madeira the word for safe is seguro. Safe and secure are the same word. Safety and security go hand in hand. Who wouldn’t want a safe place to live in and work in? So that means it has to be a secure place to live in and to work in, yes?
The services that we work in hold information that’s a hackers dream. Our business is all about looking after vulnerable people in society, information about them, and sometimes even their money. That means we have data that’s increasingly useful to criminals. Credit card information, banking details, what people are interested in, which children are from troubled families, who is Looked After, who has special education needs, where vulnerable people live, what their key safe numbers are.
To deliver our services we share this sensitive data with a whole range of partners and other organisations we work with – they have to share their sensitive information with us such as company accounts etc. So we hold that too.
[Enter seagull from above with screeching noises. It hovers for a few seconds overhead before flying off. Phil removes hat and wipes something off before discarding it to one side. He raises his eyes.]
Sorry about that. Anyway,
Today is about helping us understand more about how we can keep services running and keep the business developing by ensuring we keep ourselves safe.
Threats aren’t new. The tools have changed. It is an arms race. Even since we last considered this subject here back in 2013 the pace has stepped up a few gears. Hackers aren’t geeks in their bedrooms anymore – the bad guys offer professional ‘guns for hire’ service.
More likely though is that one of your colleagues will mistakenly send something to the wrong place, leave some sensitive information lying around or deliberately be taking it away for some nefarious purpose.
In the last 5 years thinking has changed. It used to be ‘were ok. We have antivirus, are locked down. No-one can get at us.’ Now it’s ‘You will be attacked so be ready. You have probably already been attacked or have had a breach’.
People will attack you not just because they don’t like what you do but rather because of the opportunity to make money from you. They will attack you because they can.
All these things we’re connecting to the internet and that fact that people are prepared to give so much information about themselves away are making it easier for the organisation to be attacked and people’s privacy to be violated.
Changes are coming in Data Protection rules – they are already a year overdue and legislation is going to struggle to keep up. Make sure you’re ready. Help is available for SIROS and IAOs – from the National Archives.
And what are the consequences of an attack or breach? Your face on the front page of the Evening Chronicle; tens of thousands of pounds to research and fix the hole; having to divert staff from the day job; a £500,000 fine; going out of business?
[A beach ball comes in from stage left and Phil heads it back off scene.]
Where was I? Oh yes.
The good news is that the North East is at the vanguard and is sorting itself out to be one of the safest places in the country to do business. We have Intelligence clusters through the North East Fraud Forum etc.; Experts coming together through Dynamo North East etc.; Support for organisations through WARPs such as our own group ISNorthEast.
That’s enough from me. I need to get back to enjoying myself. We have a packed agenda and I’ll leave you in Graham’s capable hands. I’d like to thank you all for coming, the NEICT for supporting this event and for Graham who has once again pulled it all together.
[Phil reaches for the drink on the table, lifts it to his lips, takes a drink and raises it in front of him.]
Saude y adios!
Graham will let me know how it went.