It was not only what she said, but the emphatic way that Sharon Barber – chief security officer of Lloyds Banking Group said it, yesterday during LORCA Live, a week of cyber talks this week, listened to by Mark Rowe.
She said: “We will not go back to the way we were in February, March time; there will be much more working from home.” If so – and we have no reason to disbelieve that about Lloyds and other banks, who make up a fair chunk of the UK workforce – the implications are alarming for many: commuter railway lines, sandwich shops and other services, commercial real estate and the very urban geography of cities.
How corporates with so many more home-workers do security will also have to adapt; as Sharon Barber went on to say, interviewed inside Plexal, pictured, the London Stratford home of LORCA (the UK Department of Culture, Media and Sport – DCMS – backed London Office for Rapid Cybersecurity Advancement, launched in summer 2018 at the 2012 Olympics site to bring on cyber start-ups, to solve real-world challenges).
Part of that adapting will be against the cyber-attackers, who have themselves adapted – and don’t have any of the obstacles that legitimate businesses have.
Another LORCA Live speaker yesterday afternoon was Ciaran Martin, until very recently founding chief executive of the UK official National Cyber Security Centre (NCSC), who’s now after a civil service career entered academia. He said that one of the most depressing things about 2020 was ‘how horrible cyber criminals are’, playing on people’s fears about PPE, money and so on as they seek to extort and scam from victims. The cyber attackers’ methods are pre-covid: denial of service (DDoS), ransomware; that is, as before the pandemic, preying and relying on the human factor, of someone inadvertently clicking on a link that they shouldn’t’ve. How then, to have information security control, not inside corporate buildings, themselves with (as in a big bank’s case) hundreds of thousands of end-points, but in each individual worker’s home, each with (as Sharon Barber pointed out) their own circumstances?
To return to the speakers; another was Mivy James, head of consulting, UK government, at BAE Systems Applied Intelligence, an arm of defence contractor BAE. Describing the firm’s similar rapid move to home working to respond to lockdown, she made the same statement as Sharon Barber: “We all know we are never going to go back to the way we were in February 2020.”
What does that mean for cyber-security? From BT, chief security technology strategist Paul Crichard, gave a neat metaphor. The old model was to build ‘castle walls’, and have a ‘defensive posture’. In home working, that doesn’t work: “You can’t build a castle wall around everybody’s houses – it isn’t going to work.”
More in the October 2020 print edition of Professional Security magazine.
About LORCA Live
Day one, Monday, included a talk by Matt Warman, digital minister at DCMS. Visit https://www.lorcalive.co.uk/. Other speakers have been Lord Evans of Weardale, the former Director General of the Security Service; and Robert Hannigan, the former director of GCHQ, who chairs LORCA’s industry advisory board.
