top of page
Writer's pictureJared Thompson

Cyber Security Review: What lessons have our businesses learnt?

2021 was an evolving and challenging year for everyone in cyber security, with 2022 set to bring even more challenges. We asked a selection of leading cyber security professionals from the North West’s cyber security & tech community to share their insights from the last 12 months.


What has been their highlights from the last 12 months, what attitudes have changed with businesses? And what do they think has been the biggest lessons we’ve all learnt?


What have been some of the professional highlights in 2021?


Neil Jones Managing Director of the North West Cyber Resilience Centre says “Seeing regional Cyber Resilience Centres referenced throughout the HM Government National Cyber Strategy 2022 has to be the highlight of the year, if not my career.”


“I started my Cyber Resilience journey in late 2018 when it was just a concept and with no idea how to build a not-for-profit partnership from scratch and make it a reality. I then launched the NWCRC in 2019 as the first centre in the country and a pathfinder to the National Police Chiefs Council. In 2020 the Home Office saw the potential and funded the establishment of a national network of regional CRCs and as we sit here today we have eight sister sites across England & Wales complimenting the police cyber protect network as part of Team CyberUK. We have achieved far more than I ever expected and built something which will have a lasting legacy within policing and our communities.”


Joanna Goddard, partner of the Business Resilience International Management (BRIM) said:

“My highlight of 2021 was the launch of National Cyber Resilience Centre Group, as a strategic development of the successful Cyber Resilience Programme to make UK SMEs and supply chain more cyber resilient with the Rt Hon Damian Hinds, Security Minister.”

Whilst Graham Thomson, Chief information security officer at Irwin Mitchell has a was this year was recognised as Team Leader of the Year at the British Ex-Forces in Business Awards. The award underlines Irwin Mitchell’s commitment to the forces community, both in acting for clients and recruiting ex-service personnel. Graham comments “It was an honour just to be nominated, but to win when there was such high competition from a long list of very capable and impressive people was amazing.”


Graham also spoke to a former RAF navigator on fast jets and battlefield helicopters who became the first transgender officer to serve openly in the UK Armed Forces and caught up with a former commander who recently headed up the cyber warfare group. “It was certainly a night to remember.”


Over at the University of Manchester, Professor Emma Barrett OBE describes the launch of our University of Manchester Centre for Digital Trust and Society as her highlight of 2021. “This was an important milestone in a programme of work that started more than four years ago, to bring together and develop our digital trust and security research and teaching.” The original idea for the centre was a fairly traditional understanding of cyber security, but this soon developed to deal with all of the various aspects of digital harm. “We now see cyber security as part of a set of broader issues relating to trust, trustworthiness, and resilience of human - technical systems.”


Other highlights have included Kevin Crichton of Bergerode Consulting who was accepted on a Cyber Security Management MBA and Harman Singh of Cyphere who has successfully set up his new business “with a successful first year with new customers and services.” Sam Tunney of BrightHR tells us that helping "countless businesses navigate the often tricky legislative updates, has been an incredible professional highlight – not just in 2021, but of my entire career. "


What have been the biggest change in attitudes and lessons we’ve all learnt about Cyber Security in 2021?


Sam Johnson of Risk Box talks about remote working and flexibility which has been a big topic for many businesses. “Businesses are now in a position to be multifunctional whether in a fixed workplace or everyone scattered, sometimes Worldwide. This has shifted their attitude to protecting this work environment and asking more questions. We’ve seen an uptake in people considering transferring the risk with a cyber and data insurance policy.”

“Flexibility for businesses means they are becoming less reliant on individuals and more focussed on being a collective driving force. Automation and set processes are key in ensuring services are still being supplied to the same high standard.” - Sam Johnson of Risk Box

MJ, Senior Cyber Security Consultant of the North West Cyber Resilience Centre says “Businesses understand and accept cyber as a real risk rather than a nice thing to do. Communication across departments is more important now than ever and making sure your board is aware of any vulnerabilities is key.”


Neil Jones (NWCRC), Graham Thomson (Irwin Mitchell) and Joanna Goddard (BRIM) all felt that charities and small businesses have increased their understanding of cyber security. Joanna and Neil have seen the change first hand from small businesses through the Cyber Resilience Centre network, Neil said “We are starting to now see smaller businesses take cyber security seriously and invest in awareness training and testing. Previously this was the preserve of much larger businesses who could afford an InfoSec team, a CISO and a Security Operations Centre but thankfully, professional cyber security services are now much more affordable and accessible.“


Don’t forget you can businesses in Greater Manchester can access our fully-funded support through our Business Resilience Program - which includes training, membership and 1-2-1 support.


Graham explains “At the Law Society they ran some roundtables to gather thoughts from industry experts and has since put together material and newsletters aimed at improving awareness in the sector. This is a great step forward but there is some way to go to help Chambers and others involved in the UK legal industry be a lot more cyber secure.”


With the UK's proposed landmark Online Safety Bill, Graham says:

“Cyber space, particularly social media, despite its wonderful merits, has also been such a nasty sewer for far too long and people have had enough. This bill if it passes will be a good step in the right direction. I’m sure in a good few years’ time we will look back at the early days of the internet and social media and think how crazy and reckless we were for so long. It’ll be a bit like how we think back to when wearing seat-belts in cars were not mandatory.”

Rosie Anderson of Honeypot Digital has seen more cyber be discussed more at a board level “mainly due to the increase of ransomware and big breaches that make mainstream media, businesses of all sizes are now taking cyber security seriously. It’s so important for businesses to use patching and know what and where businesses critical assets are.” Harman also saw the board level change “Just like legal, financial, operational or regulatory risks, cyber is taking centre stage in the boardrooms. Many improvements, such as new security and privacy regulations, are being discussed.”


Sam Tunney of BrightHR says that with their clients "Cyber security has been viewed very differently by business owners over the past 12 months. There has been much more emphasis placed upon ensuring the security of documents and devices, particularly with more individuals than ever operating from alternative locations. As businesses are reliant upon internet connections they cannot control, it’s essential to ensure that security is as effective as possible in order to prevent potential risks and threats by attackers and hackers."


Barnaby Dathan of Code Your future say that with their trainees and graduates they've seen "a growing interest in Cyber Security both as an issue that affects people's day to day but also as a career option. It is a route that our trainees increasingly see as a strong career option."


He continues "With so many companies having to respond to new challenges and the demand for tech skills I've seen lots of organisations becoming more flexible and creative when it comes to talent. There are some incredible people out there working hard to get into tech through a multitude of pathways and it's great to see companies embrace that. As the demand for tech talent continues to grow I think embracing the many routes into the industry and supporting those organisations which facilitate it is only going to benefit companies and the industry as a whole."


Professor Emma Barrett OBE of the University of Manchester has noticed the themes of diversity and inclusion in cyber practice “the discussion has become both broader – considering diversity in all its forms – and more urgent in the last 12 months. Opportunities to get involved in Manchester’s cyber ecosystem are proliferating but skills remain in short supply so organisations that hang onto outdated stereotypes about who makes a good cybersecurity professional are already struggling.”


To combat this Emma says “organisations need to be creative and broadminded when recruiting staff – looking for potential and not solely relying on qualifications and experience. Retention can often be a bigger problem than recruitment, so organisations need to celebrate and nurture diversity, take a hard look at their promotion and reward structures to ensure equality of opportunity, and listen to and take seriously what their employees say about their work experiences, even if that’s sometimes tough to hear and act on.”


Over the last two years, we've seen working life for many change overnight with the lockdown. Businesses have had to transform digitally or lose out. All our contributors have agreed that this increased flexibility has meant the way we work has improved and enhanced productivity. We look after our people much better, offering flexibility, choice and improving the work-life balance.


Graham Thomson says "Many businesses went from having a small number of offices to having as many offices as staff – home offices. Online shopping went through the roof (64% of UK people will do the majority of their Christmas shopping online this year according to YouGov), great news for online retailers but also for scammers and fraudsters."


"All of that needed securing and maintaining, and while many did a great job, some businesses went backwards, removing security settings in favour of easy access, as they were unprepared, oblivious, or complacent, of the risks."


"But now that all that hard work and rapid change has happened, we are the better for it. Better because we had no choice but to adapt, and then having to take the threats seriously because they were so clearly there and relentless. Better because digitisation is progress and some industries, like legal, had been falling behind, but not anymore. And better because home working is now largely accepted as ok and productive, and it gives people so much more choice in how to balance life and work in the modern world, which is so much better for wellbeing."


Sam Tunney of BrightHR reminds us that employees are also re-evaluating "their needs and requisites when it comes to their role within a business." Having a flexible office environment is what the vast majority of staff are looking for and it's our job to make sure they're safe when working.


Is your business looking for further support in 2022?


The Cyber Resilience Centre can assist you with Security Awareness Training for your staff - either in the office or in the boardroom. The key to our tailored security awareness training is we equip all your employees with a level of awareness to combat the online threats they face daily. Employees need to be taught what clues to look for that indicate threats, and how to respond when they see them. Enquire and learn how we can train your staff today.

Comments


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page