We’ve taken our training dark, really dark!
Written by Eleanor WillockLast month, as part of my ongoing scheme to get interesting folks to come to Mantis and teach us something we don’t know, things got a bit dark.
Jay Abbott, friend of Mantis and cyber security industry expert, joined us for the morning to talk about the public sector, risk and digital security. When I say that things got a bit dark, I really mean dark web. Gavin’s face as Jay happily explained to us all how to access the dark web was an absolute picture. I think his current nemesis, GDPR, was momentarily forgotten underneath visions of the agency disappearing into a big black hole.
Jay has worked with many public sector organisations in his career, helping them identify potential cyber threats and risk areas, and, of course, helping them stop attacks and prevent others. Many of our clients and their customers, of course, face these threats. The NHS attack last year, we learned, was one of the simplest cyber moves an assailant can pull off, requiring very, very little technical skill, but a lot of guts to deploy.
In the past weeks alone there’s been organised bomb hoax warnings at schools all over the UK, and warnings that Russian retaliation for the expulsion of diplomats will take the form of more cyber attacks on institutional and financial targets. Experts like Jay are working behind the scenes in every business and government department to identify and minimalise security threats, sometimes strategically, sometimes simply patching systems as fast as they can before the threat mutates.
I know from my own crisis management experience that the risk of disruption to a service or product from an exterior attack to IT systems is, or should be, the peak concern for an organisation with or without significant public profile. While some cyber attacks happen to make a moral or political point, many just occur because a tiny flaw is discovered, and exploited, because an attacker finds it irresistible. So frustrating, but so very commonplace that both Jay and I agree, resilience planning and risk management has to be taken more seriously, especially by the public sector.
I’m a complete web chicken and even though I now know that the dark web is frighteningly easy to find, I’m steering clear. My criminal mastermind days are over, after all.
You can hook up with Jay and say hi here on Twitter, and here on LinkedIn.