LORCA’s cohort two challenges: why we picked user-centric security and securing supply chains //01.10.18
Author: Lydia Ragoonanan, director, LORCA
Here at LORCA we’ve just launched an open call for our second cohort. We asked our Innovation Forum (made up of cross-industry representatives) to help us shape the focus of cohort two by asking them what their biggest cybersecurity challenges were. Of all the important themes we discussed, two stood out in particular: user-centric security and supply chain security.
So as we begin hearing from companies interested in joining our second cohort, I thought I’d share more about why these two challenges are such a priority.
User-centric security: making it easy for employees to be the first line of cyber defence
Staying safe online is hard work. As more and more devices come online, the number of passwords, updates, and other security features we need to be aware of and act upon is increasing. Beyond this are the screeds of pages we’re often asked to understand before agreeing to terms and conditions to use many services.
And because there’s so much to take in, people can become blasé about security and the risks involved. We’re also fallible, so even if we try to do the right thing we sometimes get it wrong. Employees can feel overwhelmed, and then apprehensive about taking advantage of digital services that might provide great benefits.
At the same time, over half of the data breaches reported to the Information Commissioners Office (ICO) since GDPR came into force have been as a result of phishing (attempts to get users to unwittingly give malicious actors access to unauthorised information or systems). What’s more, the ICO has reported that data breaches have increased by 75% in the last two years (but only 12% of those breaches were as a result of malicious attacks).
Against this backdrop, our Innovation Forum believes that supporting technical solutions to make it easy for staff and suppliers to be safe online is a key challenge.
In particular, we’re searching for solutions that:
- use employee awareness and behaviour (across widely varying organisational functions) more effectively as a common layer of cyber defence
- improve user interface design (for workplace applications, as an example) to encourage transparent and secure decision-making
- achieve a shift in perception (for example, through technology or other means) so that employees are viewed as a cybersecurity asset rather than the weakest link.
Securing supply chains
The second focus area looks to an emerging challenge: supply chain risk.
There are a range of factors coming together that are increasing the size and scale of the risk when it comes to the cybersecurity of supply chains – as evidenced by the recent NotPetya ransomware attack.
For one, organisations are increasingly relying on cloud providers while more and more devices become digitalised. And it’s no longer only software providers that industry needs assurance from, but a range of suppliers who may rely on – and have access to – core operational systems. All this means it’s not possible to transfer all accountability for protecting information to third party suppliers – organisations need to take action themselves.
However, given how complex our globalised supply chains can be, this is easier said than done. Vulnerabilities can be inherent (for example, they can be part of original code), or can be introduced later across the chain. A key issue is the cost and time it takes to inspect the increasing array of elements in the chain. Just 13% of businesses set standards for suppliers – despite the fact that 53% of businesses say online services are core to their operations.
We clearly need new technologies and processes to manage the flows of data and make the cyber risk management of supply chains more effective, scalable, and sustainable.
As we begin to recruit members for our second LORCA cohort, we’re particularly interested in companies with solutions that:
- increase the levels of assurance among supply chain partners (including cloud providers) that are often dispersed and disparate
- customise cyber risk management for sector-specific supply chain requirements, standards, and frameworks
- adapt governance, risk and compliance processes to address the wide range of current and emerging cybersecurity threats faced by global supply chains
We’re really excited to see what solutions are out there to address both of these challenges. If you have a commitment to growing your business in the UK and are an innovative, revenue-generating company that wishes to scale, do apply!