As the UK and US announce increased cooperation on cybersecurity 1, particularly around the banking sector, an expert from Coventry University has warned that financial firms need to focus more on the human element of cybersecurity, rather than just the technical safeguards.
Richard Benham, visiting professor in cybersecurity management at Coventry University, said: “Hacking social media channels is one thing, but it’s only a matter of time before a major institution such as a major bank or government service is brought to its knees by an online onslaught.
“A major breach in any one part of a bank’s critical network infrastructure could cause it to fail, setting in motion a potentially devastating ripple effect throughout the markets. When the Associated Press had its Twitter feed hijacked with a fake tweet reporting the bombing of the White House, within minutes the Dow Jones industrial average plunged 143 points. Imagine the economic effects of a genuine strike.”
According to Professor Benham, banks need to be subject to mandatory cybersecurity checks across the sector in the same way that they have had to pass ‘stress tests’ for financial resilience.
“Even something as straightforward as a denial-of-service attack can shut down the networks running cash machines for days at a time, as happened in South Korea in 2013. Despite a recent push to flag up the importance of cybersecurity matters at board level, banks are still not especially well prepared for even this sort of attack at the periphery – never mind one that goes for the jugular.
“Most employees, without proper training of the necessary ‘cyber-hygiene’ required at work, are a significant weak link. In most cases only a small number of people in the organisation are sufficiently expert in cybersecurity issues – a problem that doesn’t just affect banks.”
Prime minister, David Cameron, recently lent his support to the launch of Coventry University business school’s national MBA in cyber security, which was set up to tackle the skills gap in UK employers’ information risk management.
The online master’s degree is aiming to provide training to individuals and businesses to help them manage online security threats.
Students of the distance-learning qualification, which can be studied part-time, will learn about the financial, legal and reputational risks related to cyber attacks and will be taught how to make informed decisions around information security management issues.
The postgraduate course, whose first intake starts this month, will also cover technical content relating to network security, but will focus largely on the management of strategic aspects of cyber risk including human resource, digital security audits, big data and international cyber law.
Professor Denise Skinner, executive dean of Coventry University’s faculty of business, environment and society, said: “As a university that prides itself on innovation and producing qualifications that meet real industry needs, we were delighted to receive the Prime Minister’s support when we launched the National MBA in Cyber Security in November as we pursue our aim to become one of the UK’s centres of excellence for cybersecurity management.
“Professor Benham’s comments regarding the human aspects of cybersecurity are timely, and will make us all consider the vulnerabilities to UK business and how we can enhance our knowledge and shore up our cyber defences.”