Jason Towse reviews the security industry for the third quarter of the year in his role as Managing Director for Mitie’s security business. Jason writes: “There’s been a lot going on in the last quarter with several key events in our sector focusing on the evolving challenges generating from the shift in threat landscape.
“I was delighted to announce I had joined the leadership board of TINYg and with their two main conferences taking place in the quarter, New York and London, I was honoured to speak at the sold out event in London. I was pleased to see the debate around IT and physical security convergence really gathering pace as two of the speakers covered the subject and a significant proportion of the delegates were IT security leaders in what has traditionally been an event for physical security leaders.
“Collaboration of IT and physical security resilience is absolutely critical for the future of business and I’ll be looking at some interesting partnerships to give our clients the holistic support network to mitigate risk and provide strong resilience against cyber crime in the very near future.
“Interestingly, and through much dialogue, many are saying the “The most fundamental element of threat is deeply human” and the insider threat is to blame; intentional or not. In some cases, those insiders are driven with intent, the desire to benefit themselves through making available sensitive data or to retaliate against mistreatment. There are also reported cases where third-party contractors or temporary workers have been responsible for their client’s network breaches, either through malice or by accident. However, according to a worldwide survey of Information Security Forum (ISF) members, a large majority of those network openings were created innocently through accidental or ignorant behaviour by workers with no intention of harming their employer. In a number of cases, that vulnerability was the result of a trusted employee conducting a simple task like taking files home to work on in their own spare time or just clicking on something they shouldn’t.
“Another event I attended in October was the SASIG session (Security and special Interest group). I really enjoyed the forum and the subject that really struck a chord with me was the European Union’s General Data Protection Regulation (GDPR). When this comes in to force it will be an absolute game-changer for both large organisations and SMEs that stores customer information. In 2018, the GDPR will introduce fines of up to €10 million or four percent of annual turnover for data breaches, far exceeding the current maximum of £500,000. Unsurprisingly, with the nature of its customer data, the financial sector in particular is vulnerable to hackers. Financial Fraud Action UK recently revealed that fraud in the UK payments industry has soared by 53 per cent in a year. Worryingly, over 1 million reported cases of fraud involving online and phone banking were reported in January – June of this year. Frightening I know, and I will be discussing the implications of this with my teams and clients in order to be proactive in ensuring we have robust standards and procedures in place.
“It’s awards season in the industry and the team and I are looking forward to attending this year’s Security Excellence Awards. It’s always a really positive night and so enjoyable to celebrate great people and initiatives in security. The OSPAs have also arrived in the UK which is brilliant for raising the UK’s security profile around the world. Because the OSPAs are an international awards scheme I’m excited to showcase the great work we do in the UK which I think is world leading in some cases. Hopefully we can demonstrate some best practice and inspire our global colleagues to embrace some of our modern approaches”.