Yorkshire is waging a war on criminals who could wreak havoc on the UK s economy. Sometimes it pays to be slightly paranoid . In an age when crippling cyber-attacks can be launched from a teenager s bedroom, there is much to be said for creating a chain of distrust to protect yourself and your colleagues. A Yorkshire seminar about the rise of ransomware a type of malicious software designed to block access to a computer system until a ransom is paid heard that many firms still needed to take tougher action to vet files and data that could have been sent by criminals. Earlier this year, more than 300,000 computers in 150 countries were infected with the WannaCry ransomware virus after a cyber-attack crippled organisations, government agencies and global companies. The NHS was also badly affected . Some 47 trusts in England including a number in Yorkshire and 13 Scottish health boards were compromised when the virus targeted computers with outdated security.
This crisis provided food for thought when experts in the field of cybersecurity gathered at the Leeds head office of smart telecommunications business aql, whose CEO, Dr Adam Beaumont, is the regional business champion for CiSP, the Cyber Information Sharing Partnership. CisP is a national initiative operated by CERT, the Computer Emergency Response Team, which is part of the Cabinet office. One of the speakers, Thomas Chappelow, the director of Leeds-based Nimbox, a provider of cloud-based secure file collaboration and storage tools, said companies could make ransomware attacks pointless by securing data in a chain of distrust . He said companies should never take for granted where a file has been. Stuart Hyde, the regional leader for CiSP, who was appointed by aql, said there was every likelihood of further attacks, although not necessarily of the same type as the attack which hit the NHS. He said: It s a call out to say these types of attacks can occur and there are lots of things you can do to protect yourself.
Attacks do take place in Yorkshire and the Humber, but luckily we ve got quite a good level of skills to be able to tackle some of those. A number of Yorkshire firms are doing their bit to thwart cybercriminals of all sizes. The Leeds-based technical marketing agency SALT.agency has expanded its services into cybersecurity by releasing a CyberScanner service. CyberScanner is a tool designed by SALT.agency s in-house team which has the ability to scan and analyse websites to test thousands of security vulnerabilities. John Ward, director of operations at SALT.agency, said: Yorkshire is a diverse and forward-thinking region that s attracting some of the most talented people in the industry . It stands the chance of becoming a leader in cybersecurity.
However, he warned that many sizeable businesses were still being complacent about the issue. He said: There s always going to be some sort of hole in the net that will let in the sharks and of course, the bigger the net, the more damage there is going to be. He believes that many leading professionals are unaware of the risks of using unsecure wifi in public places. He recalled: A member of our team set out to simply capture all the wifi signals in a well-known coffee shop in Leeds, to see what we could discover . We found about 85 per cent of all the traffic that came from laptops was unprotected, so we could see exactly which websites they were visiting, and over 72 per cent of the mobile traffic was the same. Although the majority of people were looking at websites like the BBC and LadBible, two per cent contained sensitive information including websites, passwords and other personal information.
Although a number of people use VPN apps (virtual private networks) to communicate, there are still a surprising amount of people who don t. There might only be a handful of companies dedicated to cybersecurity throughout the region, but it s the damage prevention that will really help the economy grow . Cybercrime cost UK businesses 29bn last year and that s not acceptable . Businesses close and people lose their jobs because of preventable security flaws and mild negligence . Take those issues away and we re set for a bright future. David Wall, professor of criminology at Leeds University, believes that smaller SMEs sometimes lack computer security awareness.
He said: Nation-state attacks tend to be on infrastructure, like utilities and other services . Britain seems to be well equipped to counter such attacks, although you do not hear about many of these. Businesses and organisations can be attacked, but they do seem to have, or they are developing, business continuity plans . The recent WannaCry ransomware attack was a major wake-up call with regard to cyber-attacks in the region. Prof Wall believes Yorkshire has built up a critical mass of talented people who can send cybercriminals packing. He added: We have a history of developing experience in this area . Don t forget that we have had a number of major online banking and finance businesses in the region for many years, and the security experience from these has helped motivate others to think about cybersecurity. We have also had the two main universities in Leeds working on different aspects of cyber-security. It is now 20 years since Leeds University first started researching and teaching cyberlaw and cybercrimes, subjects that have remained popular ever since.
Leeds Beckett has recently developed a cybersecurity unit in its computing department and there is also expertise in Sheffield Hallam University. David Porter, the cybercrime investigator at Yorkshire & Humber Regional Cybercrime Team, added: The businesses I have interacted with across the region take cybersecurity seriously, and invest heavily in their systems, processes and people to safeguard personal data, business infrastructure and their clients. Recent events in the UK have tested organisations and businesses, but it s a testament to their approach to cybersecurity that there has been minimal impact in Yorkshire.
Yorkshire s businesses are increasingly exposed to cyber-attacks, accidental breaches, and an ever-changing regulatory environment, according to Thomas Chappelow of Nimbox, which specialises in protecting confidential data. Mr Chappelow said: According to the Government s 2017 Cyber Security Breaches Survey, just under half of all UK businesses admitted at least one cybersecurity breach or attack in the last 12 months . This number rises to two-thirds among medium-sized and large firms . In short, cyber-breaches affect most businesses. We are living in an age of big data , whether we re prepared for it or not . We re all collecting more and more data, without necessarily adapting our business systems and processes to protect.
We started our company in Yorkshire, because we saw an opportunity to tap into the huge pool of both qualified and aspiring and I dare say, underused cyber-professionals in the region . In Leeds, we have access to three university cybersecurity centres, filled with academics who produce valuable research into the issues we re all facing; a vibrant technology hub; and a specialist police unit that helps businesses to fight back against the tide of attacks.
Three arrests have been made after a group of trespassers sneaked into Doncaster airport and climbed into the cockpit of a plane. Police were called in after a group, describing themselves as ‘urban climbers’, filmed themselves breaching airport security to get into the cockpit of a plane. The group got into an empty hangar to climb into the plane. Footage of the incident and photographs were shared online. Airport officials admitted the incident when the footage emerged. The authorities were informed and airport bosses stressed that the ‘safety and security of our passengers’ remained their ‘number one priority’. A South Yorkshire Police spokesman said: “Police have this morning arrested three men in relation to an incident at Doncaster Sheffield Airport.
“The men, all aged 19, from Ilford, Rugby and Sheerness, have been arrested on suspicion of endangering the safety of an aircraft.
“The men have been arrested in relation to a report of trespassing at the airport, made to police on Sunday, November 20.
“They remain in custody at this time being questioned by specialist officers.”
On 3 November Stephen and Brett Stocks of Fort Security plead guilty and were sentenced for working without a licence at Sheffield Magistrates Court. An investigation began when the South Yorkshire police arrested an unlicensed Door Supervisor in December 2015. The unlicensed operative admitted the offence but refused to state who had employed him. Further enquiries revealed that he worked for Fort Security. It was during this investigation that it became apparent that Stephen Stocks was responsible for supplying two unlicensed security operatives in June to the Eroica Festival in Derbyshire.
Our Head of Formal Investigations Nathan Salmon said:
These individuals were brought to the attention of the SIA in 2014. They were warned; however it would appear that these warnings were ignored and offending continued. This resulted in a further investigation which concluded with their successful conviction.
Further enquiries revealed that Brett Stocks, the son of Stephen Stocks, was also managing and supervising an operative on this contract, despite not having any type of SIA licence. Brett Stocks has never held an SIA licence and this amounts to a Section 3 offence under the Private Security Industry Act 2001 (PSIA). During the investigation, it also became clear that Brett Stocks acted as a manager and supervisor to a security operative supplied to Eroica Festival, despite being unlicensed.
He denied supplying, supervising, or managing anyone, and stated that he had no business connection to Fort Security. Stephen Stocks was also formally interviewed. Other than confirming he was the father of Brett Stocks, he maintained his right to silence. In addition, when we requested further information under section 19 of the PSIA (2001) Stephen Stocks did not cooperate and this information remains outstanding. Stephen Stocks was found guilty of supplying unlicensed security operatives, a Section 5 PSIA (2001) offence and for failing to provide information as requested under section 19 PSIA (2001).
He was fined 600, and ordered to pay a 60 Victim Surcharge and costs of 3,000.
Brett Stocks was found guilty of acting as a manager or a supervisor of a security operative engaged in licensable conduct, a Section 3 PSIA offence (2001). He was fined 500 and ordered to pay a victim surcharge of 50 and costs of 1,300.
- The Security Industry Authority is the organisation responsible for regulating the private security industry in the United Kingdom, reporting to the Home Secretary under the terms of the Private Security Industry Act 2001. The SIA’s main duties are: the compulsory licensing of individuals undertaking designated activities; and managing the voluntary Approved Contractor Scheme.
- For further information about the Security Industry Authority or to sign up for email updates visit www.sia.homeoffice.gov.uk.