My experience attending Manchester’s Future of Cyber Security Conference
My role at Grayce
I first joined Grayce as an Analyst on the Change+ Development Programme in 2018 where I completed projects in both Financial and Legal Services organisations. Having gained significant experience in Information Security during my time at a Magic Circle law firm, I officially transitioned to join Grayce’s Learning & Development Team as Tech+ Programme Coach after graduating from the Change+ Programme.
With a change management and information security background, I am responsible for subject matter expert mentoring within the Tech+ Development Programme, supporting the development journey of the Analyst community when it comes to software development, testing and information security.
Attending the Future of Cyber Security Conference
In my role, I’m always looking for opportunities to learn from other Tech experts, which is why I recently attended Manchester’s Future of Cyber Security Conference to hear more about how Grayce can evolve our cyber security strategy. The conference brought keynote speakers together to help businesses stay one step ahead of cyber criminals through insightful sessions. Now more than ever, cyber-attacks are a real concern for businesses across the globe, with 5.1 billion, known, public records stolen globally in 2021.
Tackling cyber security
Cyber security is often presented as a negative and scary concept. However, the event reiterated the importance that education has in making us all cyber security champions.
Adjusting Information Security culture to steer away from negative and fear-inducing terminology has amazing potential to put people into a proactive mindset and remove some of the shame associated with being a cyber-attack victim. By using positive language to reinforce the importance of reporting incidents, organisations can increase the number of employee-driven reports, giving greater transparency and encouraging wider cultural buy-in.
When it comes to information security, it’s also important to adopt a microlearning approach. By making learning continuous and open to everyone, not just SMEs, companies can make the topic more tangible and less daunting than it may first appear. It is common for organisations to make annual training on cyber security compulsory, but this doesn’t reflect what is a constantly evolving threat. Generally, if training is at yearly intervals, people are more likely to focus on day-to-day tasks rather than having it at the centre of their thinking. By shifting to a continuous learning approach, cyber security remains at the forefront of employees’ minds. Future of Cyber Security conference keynote speaker, Steven Mulhearn, noted that 62% of managers lack understanding on the importance of cyber security in the UK, evidencing the need for these shifts to be lead from top-down throughout organisations.
Business partnerships are another brilliant way to stay ahead of cyber threats. Sharing knowledge and capabilities can help organisations battle cyber criminals. Cyber-attacks often focus on low-risk/high-pay-off opportunities, by sharing our knowledge with other organisations, we increase the risk associated with certain attacks, deterring criminals who are looking for a “quick win.”
A clear takeaway from the conference was also the need for a job market revamp. Targeting people with a genuine passion for the industry who are strong advocates of continuous learning is critical for the future success of the field. It is inevitable that we will all have to learn new technical skills throughout our careers because of the dramatic pace of change, so teams need people with a passion for the industry who are aware that there is no end to the things you can learn.
At Grayce we are proud to be investing in people’s potential and are passionate about changing the way businesses harness graduate talent to help close the tech skills gap, through a wrap-around service model and comprehensive Development Programmes.
Reflecting on my experience
In my previous role within a Magic Circle law firm, we were equipped with all the best tools to address cyber security threats. As I’ve gained more experience, I’ve understood the importance of what the industry refers to as “defence in depth”. The fundamental principle of defence in depth is to be proactive defenders, rather than just reacting to attacks as they happen. Hackers often rely on psychological tricks to put people into what is called System 1 thinking, meaning a quick decision is made based on reactions generally disallowing reflection time. More proactive defence informs people of these psychological tricks and empowers them to protect the business.
An example of how cyber security is affected by larger social and economic trends is the recent news that 47% of individuals fell for phishing scams while working at home. When reflecting on my own role, I see the importance of connectivity as we work in a hybrid way. Keeping employees connected to the business and ensuring they still feel part of a wider team is one key way to reduce the risk of these remote phishing scams.
Overall, at Grayce we’re proud to be cultivating a culture where all employees feel empowered to be cyber security champions. And our Tech+ Analysts are promoting the same shift across our client base. We know that shame within the cyber security space is one of the main things that stops us from learning more. By creating a positive, open culture, together, we are taking the first steps towards deepened defence.