On the 14th September, UKUPC held the first webinar in its planned series of events. Thank you to those who were able to attend.
Three expert speakers shared their knowledge and experience of attacks, along with their advice on mitigating and managing risk. We recorded the session and you can access the recording on YouTube. Please do circulate this to colleagues in your institution who may find it useful; we know this is not just an IT problem, so consider governance, HR, procurement and finance partners.
We asked each panellist what their one piece of take away advice should be:
Steve Kennett, Executive director, e infrastructure and senior information risk owner at Jisc, advised: "Don’t panic! Understand the risk to your organisation, be prepared and know who to contact. Talk to your technical team regularly. In the event of an attack – don’t forget your people, they will need your support"
Phil Webster Executive Director of Gallagher advised: "Contextualise your risk. Cyber and data protection insurance is often referenced as nice to have but it shouldn’t be a last thought; Risk profiles have changed and costs have changed, so procurement needs to start the conversation early with a good insurance buying strategy. Start with a clean piece of paper, link in with your risk register, and match your requirements with that. Also, use your broker, there are a huge range of policies out there, a broker will help you identify the good from the bad"
James Rockliffe, Director of Procurement at LSBU, advised: "Keep talking but listen well! This is no longer a mythical issue, there are persons throughout the country who sadly now have hard experience on this. Liaise with a really broad range of people, your colleagues, peers, purchasing consortia working groups and those who have been through this, there is a lot to learn"
We promised some resources too:
Jisc holds a wide range of information on its cyber security pages. Also, they share excellent insight into the cyber security landscape in HE and FE in a dedicated survey response document.
An article in John Chapman’s name was recently published on Wonhke Universities that fail to offer remote working risk widening the cyber skills gap.
A new webpage highlighting the Cyber Threat Intelligence services Jisc provides has been published in response to members asking what they do about dark web monitoring.
The National Cyber Security Centre has a wealth of useful information and advice on gaining buy in, incident response plans and policy.
Last but not least, from Gallagher, you can read their State of the Market document on Cyber & Data Protection Insurance which provides a neat summary of the challenges in the market and some potential solutions in approach.