The panel discussed what the last 12 months has meant for cyber security. Of the changes we've seen, both positive and negative, what must we ensure remains? For a sector that has seen growth whilst also being hit hard, the panel considered what we can learn from a global crisis.
The panel included Moderator Victoria Knight - Strategic Campaigns Director, BAE Systems Applied Intelligence and co-chair of the Greater Manchester Cyber Advisory Group and panellists Neil Jones, Head of Cyber Security and Innovation, GM Cyber Resilience Centre, Raj Badiani, Head of Digital, Raytheon UK, Professor Richard Greene, Pro-Vice-Chancellor for Research and Knowledge Exchange, Manchester Metropolitan University and Saskia Coplans, Founder and Security Consultant, Digital Interruption.
Greater Manchester presents a unique opportunity for cyber, as we work towards establishing the region as UK and European centre for cyber and digital ethics, trust and security. The region has a £5 billion digital economy, and its strong cyber ecosystem is at the heart of that. Greater Manchester is the fastest-growing tech city within Europe, now only second to London when it comes to investment, overtaking Cambridge for the first time.
The panel session was hosted hot on the heels of the publication of Governments “Global Britain in a Competitive Age: the Integrated Review of Security, Defence, Development and Foreign Policy” The national review highlighted how critical cyber is in defence and economic opportunity. It states a need for the UK to keep adapting, innovating and investing to maintain and extend a competitive edge as a responsible, democratic cyber power.
Last year, at the 2020 Digital City Festival a talking point was the cyber, security and intelligence industry and how the industry had significantly changed within the last few years. It’s safe to say that the expectation of further changes over the following 12 months soon became something of an understatement.
Data from the National Fraud Bureau shows 86% of incidents of fraud were ‘cyber enabled’ with around 30,000 of cyber fraud reported to law enforcement nationally a month - at a cost of £2.4bn to victims. This data also shows the volume of reporting remained relatively static at the start of the pandemic, but very quickly a shift in types of cyber-crime were seen, the ability of cyber criminals to adapt and shift very quickly is one of the biggest challenges to the sector.
Action Fraud also shared that between February 2020 and February 2021, they received 15,214 reports about email and social media account hacking. Most reports (88%) were made by individuals, with 12% of reports being made by businesses.
In Greater Manchester, we work hard to educate our communities and businesses, giving them the knowledge to protect themselves, through organisations such as the Greater Manchester Cyber Resilience Centre, a not-for-profit venture between Greater Manchester Police and Manchester Digital, with an aim to grow and strengthen the region's resilience to online crime by providing the highest standards in leadership, integration and collaboration across the cyber eco-system in Greater Manchester.
When considering professionals within our sector, should our focus be on addressing the number of professionals versus level of threat? Currently levels of industry professionals still leave us with 71% of mobile apps never being security tested and 80% of IOT apps never tested for security – this gap is only increasing.
Should we be creating environments where security isn’t a blocker? Making security as easy as possible for organisations and end users. Digital Interruption recently received Innovate UK funding for REX – which scans Android applications for vulnerabilities. REX is made for developers and software testers and sits in the centre of your pipeline. This is just one way that Digital Interruption aims to make security more commercially viable – another area of focus the sector should consider.
We know a skills gap exists within the sector. How do we address this gap and ensure our people are skilled for these roles?
Raytheon’s Cyber Academy is a retraining programme designed to create a new generation of cyber security professionals, who will develop the necessary skills and knowledge to secure cyber security related employment. The academy was created in partnership with the Greater Manchester Combined Authority as part of the Fast-Track Digital Workforce Fund.
Our workforce should not only be relevant but also prepared for upcoming and ever-changing threats. IT and OT present a whole new domain of internet enabled things and some organisations are largely operating without understanding the threats that exists.
Greater Manchester, however, can lead - a region where the education sector collides with industry, and cyber firms are often drawn here to collaborate with the city region’s five universities, where more than 100,000 people study. These students could be thinking about careers relevant to cyber security, but we must continue to work together to ensure our people have the appropriate skills to fit into the industry.
This is already happening through projects such as the Greater Manchester Cyber Foundry - a programme for small-medium sized businesses to help with business growth, stability, and security. The programme is a partnership of four universities from the North West: Lancaster University, The University of Manchester, University of Salford, and Manchester Metropolitan University, using their expertise to help defend, innovate and grow businesses in Greater Manchester.
Those same universities have teamed up to ensure 150 forward-thinking businesses are at the forefront of the evolution of Artificial Intelligence in Greater Manchester, through the Greater Manchester AI Foundry.
The cybercrime threat has never been greater, with cyber criminals and sometimes state sponsored actors taking advantage of the pandemic to carry out damaging attacks on people from all walks of life and businesses of all sizes, as they increasingly work online.
The threat has always been there, but the threat landscape has shifted. We often hear residents and small businesses ask why they would be targeted but it is rare that cybercrime is individually targeted, wide nets are being cast by criminals and cybercrime does not discriminate.
When we leave the house most of us would close windows, lock doors, set alarms etc. Should our approach to operating online be the same? If that is the approach we’re expected to take as part of our everyday lives, how can we support each other so that everyone has the knowledge of both the importance and how to do this?
This isn’t just the responsibility of industry but is a challenge for us all. Multi-agency education readily and freely available to our people to help understand the different types of threat is key. We assume younger people are more tech savvy and so, not at risk as much as our older generation but with younger people spending more time online is the risk to them increased?
As employers the biggest threat is our people. Last year, when predominantly office-based industries needed to work from home, we saw many employees having to handle sensitive and valuable information through at home digital infrastructure that was set up for personal, not corporate use. Should more be done by Government to standardise national policy around cyber security?
Greater Manchester is taking its position as an internationally recognised centre of digital innovation, research and practice. One way Manchester Metropolitan University is supporting this positioning is through its centres for research and knowledge exchange, focussing on 14 world-shaping disciplines. There are currently research groups looking into the use of language in online child abuse, a group looking at ethics in AI and all forms of behaviour type.
Manchester Metropolitan University and the University of Manchester are also in the country’s top for the number of in Knowledge Transfer Partnership, and when combined with the contribution from University of Salford, we’re left with an interesting and unique approach, setting Greater Manchester apart from other regions.
The Greater Manchester Cyber Security Advisory Group, of which all panellists are members, reflects the cyber security capabilities of the region and is driving forward inclusive economic growth for the city-region and the North.
The cross-industry group provide strategic oversight and a force for inclusive economic growth, taking an ecosystem approach to building that capability and economic resilience. The group will help us achieve our ambition that Greater Manchester be recognised as a world class centre for cyber security and digital trust, and No. 1 in the UK with strengthened links to similar centres internationally and define routes to which we can achieve that.