[BreachExchange] Ransomware is helping make the cyber threat real

[Audrey McNeil]

http://www.computerweekly.com/news/450299069/Ransomware-is-helping-make-the-cyber-threat-real

Ransomware is helping make the cyber threat real, according to Keith
McDevitt, cyber resilience integrator, Scottish government.

“Ransomware has come along and kicked people right in the face, and now
they are taking action because it’s real. They have either have felt the
impact directly or they know of someone who has,” he told The Cyber
Security Summit in London.

>From an early age, McDevitt said people understand the risk of crossing the
road because they can see the big red bus looming down on them and it is
instinctive to step back to safety.

“But when it comes to cyber, they need to assess the risk of something they
cannot see, feel, smell or hear. This abstract threat means very little
when you can’t understand it,” he said.

McDevitt is part of the Scottish government’s initiative that complements
theUK Cyber Security Strategy and is aimed at taking local approach to
raising awareness about cyber risks, how to mitigate them and how to ensure
greater cyber resilience, particularly among the owners of small businesses
that make up 99.4% of the private sector in Scotland.

“It is difficult to manage a risk that you can’t describe, which is what
small businesses are up against,” he said, adding that the Scottish
government’s emphasis is on resilience rather than security.

“Security is negative and a turn off for many people, which is why we
believe the focus should be on the ability to adapt to, withstand and
recover from cyber attacks,” said McDevitt.

To do this, he said the Scottish government is working to develop citizens’
knowledge, skills and understanding and awareness of the risk, and on
citizens’ ability to then take steps to defend and recover.

“Engaging people in a language they understand in a very positive way is
part of the solution, in our view, because there is so much negativity,”
said McDevitt.

“Businesses are looking for the ‘good news stories’ about other businesses
in the same line of business who have got it right.”

The reality in Scotland, he said, is that most of the small businesses are
very small and most of their owners have not heard of the UK government’s
Cyber Essentials Scheme (CES), 10 Steps to Security guide, or Cyber
Streetwise campaign.

“This demonstrates that there is an issue about the message and the
communication. There is an issue about very busy people who live in the
real world, and sometimes we just need to get grounded on this,” said
McDevitt.

Because Scotland wants to do business online and the government sees online
business as the future, he said, it is essential that those businesses
operating online are doing so “with their eyes wide open”, especially small
businesses that are typically at the forefront of innovation.

“We need to talk to business in a much more enabling way, including the
benefits of getting it right,” he said. “The reality is that this is a
business risk, and businesses are used to managing risk, but they need help
in understanding what the real risk is.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160705/08a7e6fa/attachment.html>