Digital Cheshire Masterclass – Cybersecurity with ex-military specialist Holly Williams
Holly has worked in technology and cybersecurity since 2007. Having spent five years as a site security officer with the British armed forces, including a seven-month deployment in Afghanistan, Holly has gone on to lead several information security teams whilst working with a wide range of public and private sector organisations providing information security consultancy and delivering cybersecurity talks nationwide.
At Digital Cheshire, our masterclasses are led by industry experts such as Holly, so you receive the best and most up to date knowledge to benefit your business. Holly will be delivering our masterclass, ‘Building and Breaking Security: Common Cybersecurity Challenges and How to Beat Them’, giving you expert insight into a threat all businesses face.
We decided to catch up with the cybersecurity specialist to get her thoughts on the matter and find out more about her Digital Cheshire masterclass.
Cyber-attacks and SME’s
Cyber-attacks on smaller enterprises are less frequently talked about, not always receiving the same media and public attention as attacks on some higher profile organisations. Yet, when you look at SME’s, 39% have reported a cyber-attack or a breach in the last 12 months, a figure higher than many would expect. A common misconception being that attackers only target large companies or specific companies like financial organisations, but a lot of smaller companies are at risk too.
“The masterclass is to help small and medium size enterprises gain skills to better operate as businesses. The thing that I’m doing specifically, my background is in ethical hacking, is talking about cyber security. I’m doing two workshops on how attackers break in to small enterprises and how those small enterprises can better defend themselves.” Holly began.
Being aware of the types of breaches
Cyber security and breaches can be many things, and businesses can implement a variety of safety measures to ensure they are protected. From something as simple as an employee sending confidential data to the wrong person, right up to somebody specifically targeting an organisation to breach them, the scale and impacts of a breach are vast and wide ranging.
“Many are the things people would expect – weak passwords, missing software, those kinds of things. But a lot of what we are focusing on in the workshops isn’t really that stuff because we presume people know it. We will be looking at it from the attackers’ point of view – what are they targeting and how does it work. So that the understanding is increased for organisations, identifying if, for example, they need specific software, or some kind of awareness training. They can then make an informed decision about what they need.”
Considering your options before you have a problem
Preventing an attack before it even happens is the ideal situation for any organisation, but the reality is different. A lot of organisations don’t consider cyber security until they’ve had or are having a problem
“They’ve maybe had a minor breach and it has kicked them right back, and now they want to pay attention to it and to cyber security, to prevent it happening again in the future. But what we do is, we go into organisations and we assess their software risks, we look through their web platforms, their end user devices etc and find out where the vulnerabilities are that attackers would target, the idea being that if the organisation finds out about them first, they can fix them.” Holly continued.
More businesses going online linked to rising number of attacks
The last eighteen months has seen an increase in cyber-attacks, with evidence suggesting that the increasing online presence of businesses is offering more opportunities to the attackers.
“There has definitely been an increase in cyber-attacks, but that doesn’t mean cyber-attacks have meaningfully changed in any way. I see a lot of businesses talking about things like covid related phishing attacks, malicious emails, and those kinds of things, and yes malicious emails have existed for a long time, this is just a different iteration of the same attack. So, I wouldn’t say the attacks have necessarily changed but there’s a lot more of them.”
Holly has been working in cyber security for fifteen years, since 2007, the same year the first iPhone was released.
“It’s a long time ago but, in actuality, not a lot has changed. Cyber criminals still look for the same things. A software vulnerability known as SQL injection was first documented in 1998, it was then used to compromise TalkTalk in 2015. So yes, things change but a lot has remained the same. New attacks are developed but the old attacks don’t tend to ever go away.” Holly said.
“During the workshops it’s going to be an overview of cyber security for SME’s. Telling the businesses what their options are, so they can make informed decisions.”
Increased access to hacking tools for attackers
Cyber-attackers have access to more information than ever before, with the tools they use becoming more widespread and easier to access. A growing online market and increasing numbers of unprotected SME’s has fuelled the number of attacks without the need for major developments in the hacking tools being used.
“This is something really interesting and I have a module in the workshop about this. About how attacks are getting more sophisticated but not in the way you would expect. There’s a lot more automation and there’s a lot more hacking tools that are more widely available these days, so it isn’t that attacks are getting more sophisticated or that something new is happening, but it is that the attacks now have a lower barrier to entry and they are easier to perform.”
“one of the things automation gives the attackers, is the advantage of speed. So, some of the organisations can’t respond fast enough because automation is allowing the attackers to move faster.”
“Generally, the cyber security protections that most organisations need, especially at the SME scale, aren’t that complicated and there’s not many of them. But the problem is that companies haven’t thought about it so they haven’t done some of the basic things to protect themselves. Or it might be the case that within their teams they don’t have the expertise, so they need to go to a service provider or go to a consultancy to help them. But then the problem remains, how do you find the consultancy, how do you find the expert if you don’t yourself know what you’re looking for.”
The benefits of the workshop are that we cover all those things that you and your business need to be aware of. We can talk about some of the pros and cons. Every organisation has different challenges too, maybe they have a budget restriction or time restriction, or maybe their team is small, so different approaches fit different companies.” Holly finished.
If you’re an SME in the Cheshire, Warrington or Halton area that has the ambition to digitally adapt and grow, the Digital Cheshire programme is here for you. Our fully funded programme will support you develop your digital approach and guide you on your digital transformation journey.
Broomhall village embraces full fibre connectivity
Residents in Broomhall, near Nantwich, have received a huge leap forward in digital connectivity following the successful rollout of gigabit broadband services to the area.Read more
More than 250 businesses attend Digital Cheshire masterclasses
More than 250 businesses in Cheshire, Warrington and Halton have benefitted from masterclasses delivered as part of Digital Cheshire’s business support programme.Read more