03 Feb 2016

DPRTE 2016: countering the menace of cyber hacking

Cyber Security at the Ministry of DefenceCyber security will be a major focus at DPRTE 2016 on 16 March at Cardiff’s Motorpoint Arena as Xenubis Director Paul Clarke delivers a keynote speech on online espionage protection. Here, Mr Clarke tells MOD Defence Contracts Bulletin (MOD DCB) reporter Domhnall Macinnes what delegates can expect from his speech.

Paul Clarke’s keynote speech at the forthcoming DPRTE 2016 defence procurement showcase will draw on his experience as head of Xenubis, the cyber security firm he formed four years ago.

Xenubis has secured national infrastructure in the UK at several different nuclear sites, protecting them from online and technical threats, as well as supplying technical security advice to a critical customer responsible for providing power in the UK.

The company has also provided advice to legal firms in online defamation cases and even worked with firms dealing with fraud regarding high-value assets.

Mr Clarke commented: “Cyber crime is now bigger than the global drugs trade. The benefit for cyber criminals is that they don’t have to leave the comfort of their own home. It can be organised very easily and remotely. Also, the risks are a lot lower than smuggling drugs across the world.

“In addition, on the dark net – where people are operating and selling goods – criminals can purchase a ready-made hacking package in order to exploit a website or system.”

Looking ahead to his speech at DPRTE, Mr Clarke said: I want to bring a real flavour of the practicality of what a hacking operation against you may look like and how you should approach increasing employee awareness.”

He continued: “The talk will be about how this fits into the broader issues of strategic cyber security. Obviously there will be a lot of procurement people there and we want to enunciate to businesses that a hacker won’t come directly to you; rather they will identify a link in your supply chain and exploit you that way. It could be as simple as gaining access to your customer database – an attack which could damage your public profile and ruin your business.”

He added:My message will be for everyone to increase their awareness, from the board level down. Boards and the companies we have engaged with are unclear as to how serious this threat is and how it can shut their business down from a simple hack 2000 miles away.”

To tackle this threat, Mr Clarke explained that companies had to take a holistic approach to cyber security.

He explained: “Cyber threats are traditionally left to IT departments; something which I think is wrong. It should be a board-level issue of risk and strategy that then needs to be compartmentalised across the company with specialist advice. Outside of the set information technology infrastructure, security steps should be taken – and it takes a specialist to advise the IT teams.”

Mr Clarke warned of the potential consequences of neglecting cyber security.

He cautioned: We see time and again cyber security not being taken seriously; as a result the average loss to an SME of an attack is now around £70,000. When you look at larger firms that figure increases exponentially. You’re factoring in insurance claims as well as loss of staff, time and effort; it’s a major financial loss for a single incident.”

Mr Clarke offered some practical advice, however: “Be proactive. Act now. Seek specialist advice if you don’t have it internally. Outside specialists can look at a company from an attacker’s point of view and show you how you can be exploited. There’s a host of mitigation measures available, but engage with someone in the industry who can give you good, solid, sound advice based on their own experience.”

To hear more from Mr Clarke and gain the opportunity to meet Xenubis directly, book your place now at DPRTE 2016.

Mr Clarke concluded: “Attendance at events such as DPRTE is very important. It is vital that everyone engages at the right level. Cyber security is a sensitive issue. When a company is attacked it is often understandably kept quiet. It is crucial that these events allow people to open up a little and share their experiences so that knowledge and awareness grows. To share that message is very important. Criminals are actively targeting UK businesses 24 hours a day, and the tools and methods they are using are becoming increasingly sophisticated. It’s a live threat.”