Hear from the CEO of the UK Cyber Security Association

Security Journal UK chats with Lisa Ventura, CEO & Founder of the UK Cyber Security Association (UKCSA), about the work the organisation is doing across the cybersecurity sector and how businesses and individuals can protect themselves against the growing threat of cyber-attacks.

What are the key aims and objectives of the UKCSA?

Cybersecurity is a massive issue – government, businesses and individuals rely heavily on the internet, as well as IT systems, and have come to realise that they are more at risk from cyber-attacks than ever. These attacks are becoming increasingly more sophisticated and stealthier; targeting people, networks and devices.

There are many questions, and not enough answers.

The UKCSA was born with the aim of breaking down the barriers between all areas of cybersecurity and uniting the industry to share best practice, threats and insights. We are for: individuals who actively work in the cybersecurity industry in the UK and internationally; small businesses, SMEs and enterprise/corporate companies who actively work in the cybersecurity industry in the UK and internationally; small businesses, SMEs and enterprise/corporate companies who don’t actively or necessarily work in the cybersecurity industry, but want to show that they take their cybersecurity seriously/have a strong interest in the cybersecurity industry.

We will work to a set of core aims and objectives which are:

• To create and grow the UK Cyber Security Association through a membership base of individuals in the UK and internationally, and organisations in the UK and internationally of all sizes.
• To heavily promote the world-leading work that the UK is currently undertaking in cybersecurity, to promote all key cybersecurity initiatives and to promote initiatives such as Cyber Security Valley UK and the Cyber Resilience Centres.
• To form collaborative partnerships and agreements with key organisations across the UK and other membership bodies such as the National Cyber Security Centre, GCHQ, the UK Cyber Security Council and the Chartered Institute of Information Security Professionals.
• To set up regional networks in England, Wales, Scotland and Northern Ireland to support and promote the work that the UKCSA is doing and to set up working groups in key areas such as for women in cyber, equality and diversity (including neurodiversity), military/veterans, skills/education/training and developing the association.
• To promote the cyber-skills gap and encourage more people to enter cybersecurity, as well as working to encourage more women to enter the industry.
• To increase business opportunities in cybersecurity for our members either directly or via collaborations.

Our overall aim is to become a caring, sharing and strong community in cybersecurity that gives back through raising awareness of the growing cyber-threat. We will do this via proactive thought leadership and education/training that focuses on how individuals and organisations can protect themselves as much as possible from cyber-crime and all types of online and offline fraud.

What are the benefits of being a member of the UKCSA?

Some of the key benefits that members will receive include: access to an exclusive community portal to meet, engage with an interact with other members to share best practice and industry insights; access to our digital publication “UKCSA News”; access to our quarterly member briefing events; access to regular updates, discussion, and research from the world of cybersecurity; access to our programme of events and webinars; access to exclusive discounts from a variety of vendors and organisations that offer items such as cyber insurance, certifications and training, industry events and more.

Moreover, members will receive access to an introductory service where, if you need a particular product or service in cybersecurity, we will be happy to facilitate an introduction to them.

There are also a range of discounts on lead generation and content marketing services and, coming soon, there will be access to a member-exclusive jobs board.

Can you tell us about any events that the UKCSA will be involved in over the next 12 months?

All our events this year will take place virtually due to the ongoing COVID-19 pandemic situation, with the hope that we will be able to hold our events next year in a hybrid format of face-to-face and virtual.

We have a full programme of events planned to include: webinars on key topics and themes; fireside chat discussions; member networking and briefing meetings; a one-day summit event on 6 July and our two-day annual conference on 24 and 25 November.

In addition to this, we will have a presence at this year’s National Cyber Security Expo on 7 and 8 September and the International Cyber Security Expo on 28 to 29 September where we will be launching “Safer Cyber Spaces”, a documentary that we are currently producing with ITN Productions. Also, our CEO & Founder will be speaking at other key events throughout the next year to raise awareness of the UKCSA and the work we are doing.

How do you think the COVID-19 pandemic has impacted the UK cyber landscape?

According to Sky News, only 9% of people in the UK say they want to go back to “normal” after this crisis passes. The pandemic has trigged some cultural changes for the better, including in the way we work.

Cyber-criminals seized on the opportunity that the rapid change to homeworking during the pandemic presented, and organisations are finally starting to sit up and take note about the growing cyber-threat and understanding the impact an attack can have on their business, not just financially, but from a reputational damage perspective too.

There has been a massive rise in the amount of phishing campaigns since the pandemic hit, which attempt to obtain sensitive information such as usernames, passwords and credit card details. These are now masquerading as Coronavirus updates, offering information around mask availability and vaccine development. Scammers also use these interactions to infect PCs with malware – illicit software that captures user interactions, steals sensitive data and can even recruit zombie PCs into bot networks. This has been particularly frightening during the pandemic because these criminals are taking advantage of people’s desire to help others during a crisis.

There is no doubt that the pandemic has not only increased the number of cyber-attacks, but also seen organisations and businesses start to take their cybersecurity much more seriously.

What would be your main advice for mitigating and preventing cyber-attacks?

There are some easy and affordable ways that organisations can reduce their exposure to the more common types of cyber-attack on systems that are exposed to the Internet. We follow some of the controls contained in Cyber Essentials and from the NCSC, which include:

• Boundary firewalls and internet gateways – establish network perimeter defences, particularly web proxy, web filtering, content checking and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the internet.
• Malware protection – establish and maintain malware defences to detect and respond to known attack code.
• Patch management – patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs.
• Whitelisting and execution control – prevent unknown software from being able to run or install itself.
• Secure configuration – restrict the functionality of every device, operating system and application to the minimum needed for business to function.
• Password policy – ensure that an appropriate password policy is in place and followed.
• User access control – include limiting normal users’ execution permissions and enforcing the principle of least privilege.

If your organisation is likely to be targeted by a more technically capable attacker, we advise putting in place these additional controls that are set out in the 10 Steps to Cyber Security from the NCSC: security monitoring – to identify any unexpected or suspicious activity; user training education and awareness – staff should understand their role in keeping your organisation secure and should report any unusual activity; security incident management – put plans in place to deal with an attack as an effective response will reduce the impact on your business.

How can people find out more information about the UKCSA?

To find out more about the UK Cyber Security Association and how to join, please visit www.cybersecurityassociation.co.uk or contact us via [email protected] and one of our team will get in touch.