Yorkshire Cyber Security Cluster Meeting Notes
Location: Shulmans, Leeds
Date: 11th September 2019
- The Yorkshire Cyber Security Cluster is a collaborative group of experts within the cyber security industry that are committed to reducing cyber crime in the Yorkshire region
- The cluster brings together SMEs, Governing bodies, Universities, Yorkshire Police and regional CISOs and those with a vested interest in cyber
- Collaboration, sharing of best practices and offer expert advice and guidance to one another and the local community
Visions of the Cluster:
- Make the best use of Yorkshire talent & skills
- Provide members with reputational and financial benefits
- Make Yorkshire more cyber resilient and reduce the impact of cybercrime within the region
- Share knowledge, best practices and learn from one another
The aims of the Cluster are two-fold:
- To support the members of the cluster by communicating National and International initiatives and trade opportunities, providing a networking platform to share ideas and best practice, encouraging collaboration and identifying partnership opportunities so that small cyber security specialist businesses in Yorkshire can find new ways to grow.
- To support the British Government’s commitment to Cyber Security (and UK Government’s Cyber Security Strategy) by building cyber security knowledge, skills and capabilities in the Region, to make businesses more resilient to cyber attacks and make the Yorkshire region one of the most secure places in the world to do business.
”Stock X Data Breach”
- A trainer and streetwear marketplace were subject to a breach on May 14, 2019.
- Criminals gained access to data including names, email and physical addresses, usernames, passwords and purchase histories from 6.8 million users.
- Those affected were not notified of suspicious activity until July 26th.
- They weren’t transparent about what had happened and first blamed the inconvenience of resetting passwords on “system updates”.
- The StockX database was originally being sold on the Apollon marketplace for $300. Since then, the username and password combinations have been found on hacker forums for as little as $2.15
“Hacker ordered to pay back nearly £1m in Bitcoin”
- Grant West stole £900,000 worth of cryptocurrency through phishing attacks
- Targeted hundreds of companies worldwide, including Argos, Uber and Sainsbury’s
- Had an SD card containing 78 million individual usernames and passwords along with 63,000 credit card details
- Cryptocurrency will be sold and given back to victims
- Paying back through bitcoin/other cryptocurrencies is described as being the first case of its kind
- Was sentenced to ten years and eight months in prison
”Massive unsecured Facebook database found”
- More than 419m Facebook IDs and phone numbers were stored in an online database that was not password protected and included included 133m records for users in the US, 18m records for users in the UK
- Facebook state the data was ‘old’ (April 2018) and has now been taken down
- Cybersecurity experts state that it is crazy that personal data of this magnitude can be on unprotected servers in 2019, but also highlights how data gets forgotten about and mistakes can happen
Michael Lea-Smith – Customer and Colleague Education Specialist, Yorkshire and Clydesdale Bank
- 84,000 clients last year thought that if they got a fraudulent text, email or phone call, they wouldn’t hand over their money. In fact between them, they handed over £354M.
- Approximately £193B from the UK economy is lost to financial crime, which is enough to double the NHS.
- “It is absolutely impossible to ever be 100% protected” – Do not buy into software that claims you will be 100% protected as it leads you into a false sense of security. As soon as you think you are invulnerable, you are vulnerable.
- It is all about being ready and prepared and be the least attractive target. He advised to train all your staff, review your cyber security defenses regularly and prepare for an incident.
Gary Hibberd – Professor of Communicating Cyber, Cyberfort
- Business continuity and business recovery within cyber security and information security needs to see more people being brave and pushing themselves beyond their normal boundaries.
- Within CIA (Confidentiality, Integrity and Availability, too much attention is put on confidentiality and integrity, rather than availability. People see availability as just having a plan, but these plans need to be more concise and be practiced so that people know how to put them into place in the event of a crisis. “Everyone has a plan… Until they are hit” – Mike Tyson
- People put focus on disaster recovery and see this as the danger zone, when in reality it is crisis management, as this is something people don’t test or rehearse and don’t know what to do if there is a major incident.
- What determines how you respond to a crisis situation is based on experience, our belief system and training, so regular drill tests and being able to stay level headed, positive and come up with solutions is essential to business continuity and disaster recovery.
- Drill tests are low cost, low risk and low complexity and get traction at a management level
Melanie Oldham – Chair of YCSC and CEO of Bob’s Business
- Global Cyber Alliance have created a community of people that can take action to support businesses and share information. They have developed a toolkit that can be adopted by small businesses that will give them a level of reassurance.
- They are wanting businesses and individuals to support cyber security at a national and international perspective by sharing their expertise.
- They are looking for information security professionals that can help the delivery of the tools and the session on 18th October 2019 at Sheffield Hallam University. They are also looking for organisations for sponsors to cover expenses of refreshments
Next YCSC Dates
- 20th November 2019, library @ the Lightbox in Barnsley, 5-7pm.
- 15th January 2020, TBC
- 18th March 2020, TBC