[Music] according to social media every one of us has a porn star name if you don't know what yours is you need to take your the name of your first pet and the name of the road that you lived in when you were a child just take a moment turn to the person next to you and introduce your porn star self okay it's it's abusing isn't it can you back can I have your attention back please so I'm smokey pound as you could see it's amusing and this is why when you see this on Facebook
or whatever so many people engage with it there's lots of different variants there was one during the elections it was find out what your toe MP name is and they use variants like what's your mother's maiden name what school did you go to and the thing is what I've just asked you to do is turn to a stranger and share with them information that you will use for your password retrieval for things like your online banking and we're being tricked like this all the time and I want to talk to you about that this morning
18 months ago I was with Microsoft in reading and they had a speaker there from the FBI and he came out and he said there are two types of organization those that have suffered a cyber attack and those that will and then in the summer I was in Canada with Microsoft and the same guy from the FBI came out onto the stage and he started his talk and he said there were two types of organization and I thought I've come all this way to hear the same talk but this time what he said was there
are two types of organization those that have suffered a cyber attack and those that don't know they have and this changes things because we used to think that when a cyber attack happened it was on the day that you felt the pain but now what we understand is that these criminals are infiltrating our lives our workplaces our home and our use of computers to learn about you and to profile you and learn who you communicate with and who you bank with to be clear cybercrime means any criminal activity relating to or using computers and every
three seconds somebody suffers for my density theft online because of cyber crime it used to be that the biggest criminal activity in the world was the drug trade that's not the case any longer it's now cyber crime as you can see from the chart behind me this year it will cost four trillion dollars and the cost of cybercrime is rising by trillion dollars a year it's a huge problem and it affects every single one of us lots of people invest in traditional security in a hardware firewall in software protection in email filtering and so on
but our biggest risk and also our biggest line of defense are actually people and it's what we call the human firewall and I want to make you think about the human firewall this morning I wonder how much you value your security every year at Olympia there's an event called InfoSec where all information security experts from across Europe come together for two days for someone like me that's great fun last year whilst that was running they did a survey at Liverpool Street Station and they did it in the morning and they did it in the evening
and they were stopping commuters and the survey asked three questions and the three questions were what's your name what company do you work for and what's your network password thirty-four percent of people stopped filled out the form scary isn't it but it gets worse because those people who said no on your bike as you would hope everybody would these guys doing the survey was surrounded by boxes of Mars bars so anyone that said no they said what if I give you a Mars bar 70% of people stopped filled out the form now the cynic in
me thinks that some of those people will have lied they will have just filled out the form in order to get a Mars bar but some of those people will have given factual information and with cybersecurity it's a numbers game and actually they only need some of that information to be true so that's that's a case of people willingly giving that information away one of the issues is that every day you are unwittingly giving information away there's an organization called identity Ford dot uk' and what I'm about to show you is a stunt that they
did about two years ago to inform the public and what you're about to see is somebody stood outside a coffee shop and they're encouraging people to like the coffee shop on their Facebook app and in return for liking the coffee shop you get a free coffee and a free pastry now parked outside the coffee shop is a van with two people in it with laptops connected to the web and what you're going to see in the time that it takes to deliver a coffee just how much information can be found out about you purely by
you going on to Facebook and liking a page so take a look at this if you like our Facebook page we give you a free hot dream damien26 where do you see a marked women's college it's a psychologist the Great Ormond Street oh yeah we know everything about you Martin thank you nice to meet you Anna from Russia frightening stuff isn't it when I look at any organization and I consider their security I visualize it as a pipe and the pipes got lots of junctions and lots of joints and every one of those is a
person and when we're considering our human firewall the question is does the person who's at that joint know how to protect the pipe and know how to stop that security breach happening and I think one thing that's worth mentioning is that's not the job of one person one person cannot maintain that pipe it has to be everybody's responsibility and everybody needs to be aware of it we also need to make sure that we're openly talking about the latest scams I'm hearing about them all day every day but but people seem to be constantly surprised when
I point them out what if the scams is the it's called in the industry the Starbucks scam it's not specific to Starbucks and other coffee shops are also available but the way this works is you walk into a coffee shop and you take out your mobile device and you look for a Wi-Fi point and at the top of the list is a Wi-Fi point called Starbucks free Wi-Fi and you connect to it the thing is Starbucks don't call their Wi-Fi Starbucks free Wi-Fi and what you've actually connected to is a criminal who sat in the
corner of the coffee shop with his laptop broadcasting an Access Point and what he's then doing is he's taking information from your device he's taking your passwords and so on so you need to be aware of what we're connecting to I love Africa and I'm sure like me you two have a long-lost relative who lives there who's trying to get money out of out of their accountant into yours this type of cyber scam is known as phishing and whilst that particular one has been around now for nearly 10 years every month people still fall for
it but fishing has evolved and we've now got what we call wailing so whaling is a phishing attack aimed at the big fish in an organization and the way this typically plays out is an email comes supposedly from the MD or the CEO to the Accounts Department giving an instruction to transfer money from one account to another by the time I finished my talk three businesses in the UK will have suffered from a whaling attack and one of the problems is that when you talk to people where this happens the culture in the organization is
but it was the MD who told me to do it and it's more than my Jobs worth to not do what the MD says but actually we've got to change the conversation and we've got to change the culture because it should be the case that it's more than their jobs worth to transfer that money without actually having a phone call to say do you really want me to do this one in five businesses in the UK carry out any form of cyber instruction and many that do when you talk to them say what we have
a policy and we take it's in our it's in our employee handbook and we take people through it on their induction an intelligent person needs to hear something six times before they get it and not everyone you work with is intelligent Galileo said you can't learn anything that you don't know Harvard did a study that said when a business person wants to convey a message they put 85% of their effort into written word into policies the same study showed that on average three out of a hundred people received that message so having a policy about
cyber isn't good enough and unfortunately one of the big things is we have to trust less we have to talk to our colleagues we need to educate our children and teach them to be skeptical teach them not to be so trusting and if you get an email or a phone call and the alarm bells start ringing and it feels just too good to be true then as with so many things in life it probably is there is hope and I want to leave you with that hope today what we need to do is we need
to embrace the fact that cybersecurity is not an IT problem this is something that affects every single one of us and in an organization it needs to start at the very top of the organization and work its way down every single level we need to embrace training and education at every level for every person in the organization for every student in school at every level and we all need to be taking part in that ongoing learning and it needs to be an ongoing thing it's not a one-off case I guarantee you I could come here
and speak again next week and talk about whole load of new scams that don't exist today so that training needs to be regular and what we need to do is we need to build our human firewalls we need to build them high build them strong and stay safe thank you very much