Business leaders attending the latest Guernsey IOD seminar heard that it isn’t a question of if there is a cyber attack on their business, but when. The sell out event sponsored by JT was entitled: ‘Cyber Risk – one of the biggest threats to business’, and included expert panellists brought in from the UK, Jersey and Guernsey.
Dave Newbold, Chief Technology Officer at JT said that last year JT protected the network from eighty Denial of Service (DDoS) attacks, and it expects these to grow in number. DDoS attacks are concerted efforts to bring down a website or system by bombarding it with requests so that it can’t respond to legitimate traffic.
Panellist, Nick Vermeulen, Partner at PricewaterhouseCoopers CI, highlighted his company’s recent survey: ‘58% of respondents to our Cyber crime survey said they expected the attack to come from inside the company. In fact, only around 4% of detected incidents are external.’
Nick recommended that companies should determine their risk appetite and classify their data to allow them to monitor it properly. He also recommended monitoring staff behaviour for changes and vetting and monitoring contractors.
Paul King, Director, Threat Intelligence, Cisco Systems says companies who think they are not going to be the victims of an attack should ask themselves if another company or person could derive value from knowing some of their data. If the answer is yes then they are potential victims: ‘Lawyers often think they won’t be targets, but if you are negotiating something, there are those who would want information to help them in the deal, so why not try to steal it from the lawyers who are working for the other side?’
Also on the panel was Raheila Nazir, UK Cyber and Technology Lead, AIG Europe Limited. AIG provide specialist insurance for Cyber attacks. Raheila said that in 2015 new EU legislation is coming into effect which will make it mandatory to let individuals know if a breach has been made concerning their data. Raheila’s top tip to combat the effect of attacks is to give staff regular training and make sure that training and compliance is interesting.
Rob Jones from Guernsey IOD Committee said: ‘The event was a complete sell out with a waiting list, which shows how seriously directors are taking this threat. We were honoured to be able to present such a knowledgeable panel and our thanks goes to them for such an interesting and thought provoking seminar.’
Tamara O’Brien, Deputy Managing Director, JT (Guernsey) said: ‘Cyber attacks have grown in sophistication and volume in recent years and there is now more money being put into the development of attacks than there is in protection from them. We all need to take this risk seriously. At JT we work hard to protect the network from external and internal threats and this debate hopefully gave Guernsey directors food for thought on how they can best protect their businesses.’
The Guernsey branch of the IOD has around 750 members, representing the interests of Directors from Guernsey, Alderney, Sark and Herm.
The Expert panel consisted of: Paul King, Director, Threat Intelligence, Cisco Systems, Raheila Nazir, UK Cyber and Technology Lead, AIG Europe Limited, Nick Vermeulen, Partner, PricewaterhouseCoopers CI LLP, and was moderated by Dave Newbold, the Chief Technology Officer at JT.
The seminar was held on Friday 31st January at Old Government House Hotel.