CONNECT attended Jisc Security Conference 2019 in Newcastle and caught up with Mark Tysom, Cyber Security Product Manager for Jisc to learn more about the history of the conference and its growing importance for the organisation and its member base.
Now in its fourth year, how has the Jisc Security Conference evolved?
The first Jisc Security Conference took place in London in 2016, and its launch coincided with the creation, within Jisc, of a dedicated security division in response to the increasing cyber threat faced by our sector. Until then, security had been part of the programme of our Networkshop conference, but growing interest and focus on cyber security justified a dedicated event. The event has been going from strength to strength! 62 delegates attended the first conference in 2016, this year we had 330: a record number of participants from the UK Further Education (FE), Higher Education (HE) and Research sectors. The event’s two-day format comprises, on day-one, a small exhibition of cyber security vendors, whilst a more intimate set-up characterises day-two with presentations dedicated to our members, where Chatham House Rules apply.
How has the perception of cyber security changed in recent times?
Cyber security is not an IT issue, it’s a business issue. Our aim is to get cyber security on our members’ agendas at board level. Risks cannot be delegated away from executive management, which is legally accountable for cyber resilience and the costs incurred by cyber crime. Organisations need to ask themselves a series of questions about their levels of cyber risk and the resources (financial, human, information, technology) needed to meet their cyber risk management objectives.
What are the biggest cyber threats that Jisc’s members face?
Cyber threats are becoming more persistent and more sophisticated. The top risks for educational institutions include phishing, ransomware, IP theft (piracy), account hacking, credit card fraud and denial of service (DoS) attacks. Universities and colleges are at high risk of such threats because they typically have open, permissive, and highly distributed IT systems. These systems have very large numbers of users and deal with very valuable and sensitive information. Our 2019 cyber security posture survey results, which provide a snapshot of the cyber security landscape in HE and FE , confirm that phishing and social engineering remain the top listed threats, and despite evidence of increased investment in training (particularly for staff), human error remains a major problem and risk.
How does Jisc support its members in this area?
We are very proud of our dedicated Computer Security Incident Response Team (CSIRT), it is indeed one of the most valued elements of the Jisc subscription and helps protect the world-class Janet Network, which serves more than 18 million users. CSIRT services range from centralised coordination of reported security incidents, to monitoring and mitigation of DoS attacks as well as one-to-one advice on security systems, incident management and many more. The team looks after individual members and ultimately helps make the Janet Network a safer place.
Mark Tysom joined Jisc in 2005 and covered a variety of roles in Trust and Identity, before becoming Cyber Security Product Manager in 2016. An active member of the GÉANT community, he has been part of the steering committee of the GÉANT Special Interest Group on Management of Service Portfolios (SIG-MSP) since 2015. Mark is also a passionate runner and swimmer who ‘cannot get enough of the great outdoors’.