As global head of Security Research at Sophos, James Lyne knows a thing or two about protecting yourself and your business from cyber threats. James spoke to us about the risks posed by new technology, and how both individuals and companies can help to ensure that they stay safe online.
How can companies engage their staff to take ownership of their role in protecting their business from cyber attacks?
For the average employee, their cyber security exposure from their workplace comes from a policy written in dull, inaccessible language. Many review the policy (because they are made to) and then promptly forget it. The key to security awareness is to make it engaging and personalised. Educating people on the fascinating tools and techniques of cyber criminals and then providing simple tips to help keep employees safe not just at work but at home changes the conversation - people are far more likely to work to protect their credit card, their family iPhoto account and their kids when online, but there is huge overlap between these security practices and what businesses want at work.
Dull, lengthy security policies result in staff switching off
What do you hope that audiences will do differently/take away from your speech at an event?
In my talks, I've focused heavily on demonstrating, practically, how cyber attacks work and how you or your business can become a victim. Giving people an understanding of the scale of the problem, how cyber criminals systematically profit from their data and the remarkable commercial offerings for cyber crime, always helps to make people take the threat seriously. I combine the peek inside the world of the cyber criminals with practical demonstrations and plain speaking simple advice. I want audiences to leave realising they are the target, they are interesting (not just millionaires or huge businesses) to cyber criminals, I want to empower audiences to do the basics to keep themselves safe.
What would be your one vital piece of advice for those wanting to stay safe from online attacks?
With the deluge of headlines about data breaches, hacks and the threat of nation states compromising organisations many are becoming disillusioned, unsure of how to thwart cyber attacks. Granted, the scale of modern cyber crime is vast but in many cases, the attacks work by virtue of simple security failures. My one piece of advice above all else is not to underestimate the impact of the top 5 basic cyber security practices. Us security pros are always ranting about password best practice, but it thwarts so many attacks - even those that sound high end and targeted. Get online, find the basic practices and help make life harder for cyber criminals.
It's still a top priority to ensure that passwords are secure
What new threats do you think will increase in 2017
Ransomware - malware that gets on to your system and encrypts your files to demand money to get your data back. This has been the undoubted top campaign of cyber criminals over 2016 and I believe we will see even more creative variations of this attack in 2017 - it has just been too successful. That being said some scary prospects are developing in the area of ransomware. Some ransomware is now floating around the Internet where the payment and communication channels have been taken down, or the cyber criminals responsible have abandoned it. That means the prospect of more malware that once infected does not allow you to pay to get your data back. We've also seen instances of this campaign impacting more diverse types of devices and serious life and limb impacting institutions. Undoubtedly one to watch and to prepare for before it is too late.
What's next for James Lyne?
I've been on a two your mission to demonstrate vulnerability in the Internet of Things (the huge number of Internet-connected devices many of us are putting in our homes from CCTV cameras to wifi connected kettles). I've been stripping down IoT products and am now on a mission to demonstrate their vulnerability practically to the public. I've also been on a 3-year mission to bring new talent into the industry, including building a game for kids that teaches them the basics of cyber security and hacking - this has now been deployed to an entire country and is seeing more pick up globally. I plan to keep on hacking, finding flaws and trying to spread the word that security is important and we all have a part to play.
We represent a total of over 6000 speakers, with 1000 listed on our website. For more info., call us on +44 (0) 20 7607 7070 or email us at firstname.lastname@example.org.