On the 21st of May I presented a short talk at the inaugural e-Crime Scotland Summit, hosted by RBS at their excellent conference centre in Gogarburn. This event was introduced by Kenny MacAskill, Minister for Justice and boasted a wide range of high profile security professionals from the Police, consultancy, financial services, retail, penetration testers, audit and CISOs. Some talks were quite technical, and some at very high level - such as Richard Hollis' "Zen and the art of Threat and Risk assessment"
280 attendees registered for the event, which was reported in local and national news, and the feedback is incredibly positive - the aims of e-Crime Scotland are to equip Scottish businesses with the knowledge and tools to be "aware, vigilant, informed and ultimately safe from the destructive effects of e-crime in all its forms."
There were core themes running through the event - the key threats from organised crime, the technological capabilities of attackers and defenders, and the value of awareness training for all staff.
I spoke on Scams, Phishing and Malware - and the majority of my talk was aimed at describing just how reliant the majority of attacks are on people. While there are technical controls which can mitigate risks - which are used by many organisations - getting the people side right is critical!
I also used some of the results from PwC's biannual Information Security Breach survey to demonstrate why this should be of interest to all the attendees, who included heads of security, CISO's, CIO's, auditors, FD's, police officers and others.
The report includes some interesting numbers in the executive summary:
- 93% of large companies had at least one breach last year
- The median number of attacks last year was 54 for large companies
- The cost of the biggest breach averaged between £110,000 and £250,000
- 45% of large companies had breached data protection laws in the last year (one in ten of these said it happened at least once a day)
- 73% of large companies outsource business processes, but carrying out checks of providers has not kept pace