PeepSec, the world’s first free, online summit on the people, culture and social aspects of cyber security, took place during London Tech Week between Monday the 11th and Friday 15th of June.
22 expert speakers offered actionable and practical advice on the most pressing issues facing the security industry today. You can still get immediate access to all 22 PeepSec talks by simply registering for free here.
For those who couldn’t make it, in Part 1 of this blog series, we gave you a summary of the excellent talks that took place in the first three days. (You can read all about that here).
Here’s what you missed on days four and five:
Day Four
PeepSec day four kicked off with a talk from Partner at international law firm Bird & Bird, Simon Shooter. As you might expect, Simon’s talk revolved around security in the legal sector. After explaining why law firms are such a target, he gave his views on what we can do to increase resilience in the sector, with a particular focus on increasing engagement in cyber security.
Simon also went on to discuss the recently introduced NIS Directive – and the inadvertent benefits that he expects to “cascade” outside of the sectors to which the Directive applies.
Inclusion and Security Awareness Training Specialist Stella then sat down to talk Oz Alashe (the CEO of CybSafe) through her views on the human aspect of cyber security. In a poignant moment, Stella highlighted how cyber security was now the responsibility of society as a whole – and one we’re currently neglecting.
We have to accept as a society that we have to take everybody’s privacy seriously. We can’t just post pictures of random strangers on the internet just because it’s a joke for us. They’re just a normal human being with a right to a private life. We need to leave them alone.
Stella, Inclusion and Security Awareness Training Specialist
Following Stella, Just Eat CISO Kevin Fielder offered a well-rounded discussion covering everything from making security engaging to how the security industry can improve its message to those outside of security. Of particular note were Kevin’s thoughts on engaging the C-suite and securing buy-in and budgets from the board, two age-old issues CISOs continually face.
If you go to the board saying, “We want to enable this,” rather than, “We want to stop this,” it gets you a completely different response.
Kevin Fielder, Just Eat CISO
Peter Wright, Managing Director of DigitalLawUK was next, and focused his advice on making cyber security engaging. Through real-world examples, Peter demonstrated how to get buy-in from indifferent workforces and, at the same time, how to influence the culture of an apathetic workforce to get people thinking about secure behaviour. Peter’s discussion also highlighted the importance of distributing guidance on social media usage – something he feels few companies are doing well.
Next to appear was Daniel Nunn, the Technical Lead for Technology and Cyber at the Financial Conduct Authority. In a chat with Oz Alashe, Daniel discussed his to-the-point views on what makes addressing the human aspect of cyber security so challenging especially in the financial sector, and how we might be able to overcome the challenges by learning how security professionals address the technological aspect of security.
We can’t just use the compliance approach. Actually, we need something measurable and effective so we can move on, rather than just ticking a box.
Daniel Nunn, Technical Lead for Technology and Cyber at the Financial Conduct Authority
The Federation of Small Businesses’ Martin McTague closed proceedings on day four by offering several unique insights into the security of small businesses.
As small businesses frequently supply larger organisations, their security is imperative as part of connected networks. And yet, as Martin points out, small businesses often turn a blind eye to security, seeing it as a concern for larger organisations. Martin offered some refreshing thoughts on why small businesses sometimes fail to take cyber security seriously and what small business owners, vendors and governments can do to improve the security of small businesses.
I think the psychology of your average small business owner is one of optimism. There’s massive optimism bias there. You wouldn’t go into business if there wasn’t. So there is a sense of being more tolerant of risk as a small business owner.
Martin McTague, Policy Director at the Federation of Small Businesses and small business owner
Day Five
PeepSec day five kicked off with a talk from Jon Townsend, CIO of the National Trust. Jon raised several thought-provoking points, which included questioning whether, with phishing as rife as it is, email is in fact still a good tool to use for collaboration with organisations.
As with other speakers, Jon also offered excellent advice on achieving something all CISOs strive for: a culture of security. Building on existing culture, Jon advised, is often a much simpler task than starting afresh and, actually, building on existing culture isn’t necessarily as difficult as some CISOs might think.
John Lewis Partnership’s Awareness and Education Manager, Victoria Guilloit, followed Jon, discussing how to overcome cyber frustration, cyber fatigue and cyber fear. On frustration, Victoria recommended ensuring systems support users in their efforts to remain secure. On fatigue, she pointed to highlighting the personal benefits of security. Victoria sees cyber fear as both a concern and a cause for hope.
Policy Advisor at The Law Society Tim Hill then treated PeepSec attendees to security advice from The Law Society. In Tim’s words, the advice on offer as part of The Law Society is practical, helpful and simple. Tim also made a point of denouncing the pervasive blame cultures that affect so many organisations today – particularly in light of GDPR, which often requires that certain incidents be reported within 72 hours of being recognised.
Any kind of blame culture is not the kind of culture you want.
Timothy Hill, Policy Advisor at The Law Society
The final talk of PeepSec day five came from Global Training, Awareness and Communications Director at Credit Suisse, Caroline Bansraj. With a background in marketing and communications, Caroline approaches the human aspect of cyber security from yet another unique angle. In a discussion with Oz Alashe, Caroline explained how security professionals can borrow techniques from marketers to place and keep cyber security front of mind in more and more users.
We need security to almost have the recall that big brands have.
Caroline Bansraj, Global Training, Awareness and Communications Director at Credit Suisse
In his closing statement, CybSafe CEO Oz Alashe reiterated what PeepSec was all about, before thanking all involved for giving up their time to talk about and share findings on the human aspect of cyber security.
PeepSec this year has been amazing. We’ve really enjoyed the community, we’ve enjoyed the support, we’ve enjoyed the feedback and we’re already looking forward to PeepSec 2019.
Oz Alashe, CEO & Founder, CybSafe
While PeepSec is over for this year, you can still access each of the 22 PeepSec talks for free by registering here.
The feedback for PeepSec has been fantastic. Join us in furthering the conversation surrounding the human aspect of cyber security, which we believe is going to be vital if we’re to address one of the most pressing issues facing our industry today.