Barclays’ Paul Gillen knows a thing or two about cyber security. Now head of cyber security operations for the bank, the former detective cut his teeth as a forensic computing expert in the 1990s. More recently he was the head of operations at Europol’s European Cybercrime Centre. If he says cybercrime is the biggest threat there is to every organisation, it’s time for organisations to listen.
“If I go back to my police days, it’s true that cybercrime is one of the trickiest crimes to deal with. Up to the age of the internet, you had to turn up to the location and commit the crime. Cybercrime can be committed from the comfort of your basement or bedroom,” he warns.
Far from scare-mongering, however, Gillen believes that fear has an adverse effect on the preparedness of businesses, making them back away from becoming as cyber secure as possible. This is partly down to the fact that so much content that’s written about the subject is by people who are trying to sell cyber security services. First and foremost, he believes organisations need to take ownership of the threat themselves.
“I think taking matters into your own hands is vital,” says Paul Gillen, adding: “If you’re thinking about cyber security after you’ve had a breach, you’re already in trouble; you’re panicking and in a frenzy, so you’re not able to take advice in, and it’s not the time to start. Being threat-centric is very important. Identifying where you do business, what sector you’re in and what the threat to your sector is beforehand will stand you in good stead. You can’t protect against everything; to use Frederick the Great’s famous saying: ‘He who defends everything, defends nothing’. But knowing what your most valuable IT elements are, who is using them, what the access is, and then using the best possible security possible around them is an important step.”
Knowing how cyber criminals are likely to strike is also valuable information. With the most common vector of attack still being email, vulnerabilities are often down to human error. It’s not that employees are acting in a careless or ignorant way, it’s more that people are busy. Cyber criminals and hackers are exploiting this, as well as the element of urgency staff feel when they are confronted with a phishing email asking them to act quickly.
Business identity theft is, therefore, very real. With this in mind, Barclays, in partnership with Hitachi, has developed a biometric reader for its clients to help UK businesses combat identity fraud. By using finger vein reading technology, employees can easily access their online bank accounts and authorise payments, without the need for pins, passwords of authentication codes – all of which can be easily used by fraudsters.
A patchwork of adequate tools, therefore, should be part of every business’ armoury, combined with thorough analysis of the threat landscape. This is something Barclays’ Paul Gillen calls ‘situational awareness’. “You need to identify your most valuable networks, and who has access to them, as well as the tools you have and the industry you’re in. On top of that, you need to analyse the attacks that your tooling is detecting automatically – this is the true picture of your threat environment. Good situational awareness is what I believe is the cornerstone to having a solid cyber security programme,” he says.
Gillen believes businesses across the world are acutely aware of the cyber threat and its potential impact; mindsets have shifted and the ‘it’ll never happen to us’ attitude is fading. Practical, ordered steps involving analysis of the threats to your particular business, and the use of the most appropriate security tools ahead of time, he argues, are the strongest lines of defence for businesses – and their clients.
The Reuters editorial and news staff had no role in the production of this content. It was created by Reuters Plus, part of the commercial advertising group. To work with Reuters Plus, contact us here.