Protecting the Humber Region: Addressing Today’s Cyber Security Threats and Preparing for Tomorrow

The Humber region, like many areas, faces a rapidly evolving cyber threat landscape. As businesses across different sectors confront these challenges, there’s a growing recognition that a collective, informed response is essential. In this edition of Voices of the Humber, Chris Eastwood, Director at The Rybec Group (pictured left below alongside business partner Alistair Kennedy), shares his insights into the pressing cyber security threats and offers practical advice on how businesses in the Humber region can protect themselves both now and in the future.

The Rybec Group deliver bespoke cyber security consultancy, training, demonstrations, tabletop exercises, data protection, Information Security and GDPR consultancy to organisations in the Humber, and across the UK.

The Current Cyber Security Landscape

In today’s interconnected world, the cyber threat landscape is continually shifting. As Chris points out, “The threat landscape is forever evolving; new threats emerge daily on the global stage.” This evolution is heavily influenced by global conflicts, with cyber warfare now an integral part of modern warfare. The impact is felt far beyond the battlefield, affecting businesses worldwide, including those in the Humber region. “Cyber-attacks leverage vulnerabilities previously not identified, and these can be used by criminals to target anybody,” Chris explains.

One of the most significant challenges is the persistent risk posed by human error. “Human error contributes to around 90 percent of cyber incidents,” says Chris. While phishing is a well-known threat, it has evolved considerably. Attackers now employ sophisticated social engineering techniques, making it increasingly difficult to distinguish between genuine communications and fraudulent ones. “These attacks have become so intricate it is extremely hard to tell a phishing email or call apart from a genuine one,” Chris warns.

Industry-Specific Cyber Threats

Different industries within the Humber region face unique cyber security challenges. Chris highlights a growing concern: attacks on operational technology. “What we are seeing more of is attacks specifically on ‘operational technology.’ This is technology that controls a physical process, for instance, manufacturing equipment,” he notes. These attacks are particularly dangerous because they can cause significant disruption by shutting down equipment or causing it to malfunction.

Despite these risks, many businesses may not fully understand the value of their operational technology or how it can be exploited. “A better understanding of how this equipment can be exploited may help businesses understand the importance of a good cyber security posture,” says Chris. This highlights the need for ongoing education and awareness within specific sectors to ensure that all potential vulnerabilities are recognised and addressed.

Enhancing Cyber Security Posture

To protect against these ever-evolving threats, businesses must adopt a proactive approach to cyber security. Chris recommends starting with a gap analysis, which involves consulting with a cyber security expert to assess the current security posture and identify areas for improvement. “Following this, businesses should look at aligning themselves with a standard or framework such as Cyber Essentials, NIST, CAF, or ISO27001,” he advises. These frameworks provide a structured approach to improving security and managing it effectively.

Adopting such standards offers additional benefits beyond security. “Implementing one of these can also highlight any vulnerabilities they currently have and rectify them before they are exploited,” Chris says. Moreover, achieving certifications like Cyber Essentials can open new business opportunities, as some clients may only work with companies that have these assurances in place. “Cyber Essentials also provides you with free cyber insurance if you match their criteria,” he adds, underscoring the value of such certifications.

The Crucial Role of Cyber Security Awareness Training

Given that human error is a leading cause of cyber incidents, raising awareness among employees is crucial. “Cyber awareness is SO important,” Chris emphasises. He points out that many organisations opt for online learning modules, but these are often ineffective. “Let’s face it, if you’re asked to do online learning, how many times have you pressed play on a video and gone into the kitchen to make a drink, or clicked through it as fast as possible and then winged it with the answers?” he asks.

To truly reduce the risk of cyber incidents, Chris advocates for face-to-face training with an expert. “This way, it is not only more engaging, but it also highlights the importance of the training to all the employees and gives them a chance to ask questions on anything they don’t understand,” he explains. Understanding social engineering techniques and how social media can be exploited by attackers are key elements of effective cyber security awareness training.

Proactively Responding to Cyber Security Breaches

Even with the best preventive measures, breaches can still occur, making it essential for businesses to be prepared. “All businesses, no matter what size, should look at having an incident response plan, as well as disaster recovery and business continuity plans,” advises Chris. These plans help businesses respond effectively when an incident happens, minimising damage and ensuring a swift recovery.

Chris also provides practical advice on what to do immediately after discovering a breach. “They should never turn their device off, but they should disconnect it from the internet,” he says. Maintaining open lines of communication with the IT department or service provider is crucial during an incident to ensure that the right steps are taken promptly.

Addressing Remote Work Challenges

The shift towards remote work has brought new cyber security challenges, particularly in securing the environments where employees work. “Unsecure Wi-Fi, whether it’s home Wi-Fi or public Wi-Fi, is a great exploit for a cyber-criminal, so should be avoided when possible,” Chris warns. He recommends that businesses require the use of VPNs whenever employees are not on a secure network.

Additionally, Chris highlights the risks associated with using work devices for personal activities. “When using work devices at home, people get comfortable and begin conducting personal business on their work devices. This is a huge risk,” he says. Implementing strict policies and providing training on the specific vulnerabilities associated with remote work are essential steps in mitigating these risks.

Protecting SMEs in the Humber Region

Small and medium-sized enterprises (SMEs) are often targeted by cyber criminals, who may assume these businesses have fewer resources to dedicate to cyber security. “70% of the businesses attacked in the last 12 months were small to medium-sized businesses,” Chris reveals. However, SMEs don’t need to invest in expensive software to protect themselves.

He suggests starting by assessing where data is stored. “Is your client list saved locally, or is it backed up in the cloud? If you’re a one-man band and you lose access to your device, is there any information on there that you can’t access anywhere else?” he asks. For SMEs looking to invest in their security, a gap analysis or Cyber Essentials certification can be a small but impactful investment.

Preparing for Future Cyber Security Trends

Looking ahead, Chris identifies artificial intelligence (AI) and deep fakes as significant emerging threats. “There have already been cases of deep fakes tricking people into thinking they are talking to their colleagues, both over the phone or even in a Microsoft Teams call, and subsequently transferring money into the scammer’s account,” he explains. Staying informed about these emerging threats and ensuring that employees are continuously trained is the best defence against them. “Deep fakes have been around for a long time, but a lot of people aren’t aware of the dangers of them,” Chris adds, emphasising the need for ongoing vigilance.

The Rybec Group is one of those at the forefront of efforts to enhance cyber security awareness and resilience in the Humber region. “We work with companies of all different sizes to help them increase their posture and achieve certifications in cyber assurance,” says Chris. With a background in policing, specifically in the cyber-crime department, The Rybec Group brings a unique perspective to its work, understanding the mindset of cyber criminals and applying a critical eye to uncover even the smallest security gaps. “We have saved companies thousands of pounds by recommending certain processes are changed and have identified overlooked vulnerabilities,” Chris shares.

Empowering the Next Generation of Cyber Security Professionals

For those considering a career in cyber security, Chris offers valuable insights. “You don’t necessarily need a background in computing or networking to get into cyber security,” he says, highlighting that soft skills such as attention to detail, understanding risk, and the ability to communicate effectively are crucial in this field. He also recommends the “Certified in Cyber” (CC) course by ISC2 as an excellent starting point for those interested in pursuing a career in cyber security. “It’s a growing industry filled with great people, and we would highly recommend it to anyone who is interested,” Chris concludes.

Through expert insights like those shared by Chris Eastwood, "Voices of the Humber" aims to break down industry silos, foster collaboration, and empower communities across the region. Cyber security is a collective responsibility, and by enhancing our understanding and preparedness, we can create a more resilient and secure Humber region for all.

Fill out the form below to let us know which topic you would like us to cover in future editions.