Securing public and private cyberspace: Procurex Wales

cyber security

A recent report from McAfee and the Center for Strategic and International Studies in Washington, DC estimated that globally cyber crime costs $400 billion a year. Here – ahead of his talk at Procurex Wales – Paul Clarke, Managing Director of cyber security firm Xenubis, tells BiP journalist Julie Shennan how the threat is evolving and what the supply chain can do to tackle it.

Xenubis is a global IT firm that provides intelligence and security solutions to identify cyber espionage and criminal activity across the physical, human and digital dimensions. Managing Director Paul Clarke is a passionate advocate of cyber awareness, speaking at events such as DPRTE and Procurex Wales on the topic.

Mr Clarke’s concern is well reasoned; earlier this year internet service provider (ISP) Beaming surveyed over 500 UK firms and found that one in eight had suffered malware attacks costing an average of £10,516 to manage.

Mr Clarke noted: That is only the cost that we know of; a lot of companies don’t make their breaches or attacks public knowledge. This cost also does not count the effects on reputation and customer confidence.”

He went on to explain that globally cyber crime was outpacing traditional crime.

He said: “It is bigger than the global drugs trade. Cyber crime is more convenient to criminals than analogue crime; they don’t have to leave home or smuggle anything, so there is no way that the criminals are going to stop committing it.”

Hacktivist culture is also making cyber breaches easier to commit.

Mr Clarke warned: “Cyber attackers’ skills and tools are more advanced than ever; you can go to the Dark Net now and get a hackers kit which comes equipped with a fully managed helpdesk, allowing people with no experience to attempt a breach. So the threat is not now just from state-sponsored activists, it is also from organised criminals and collectives, such as Anonymous, who might have other motives.”

This increasing range of hacker types, Mr Clarke observed, is facilitated by the mobilisation of the Internet of Things. “The increasing connectivity of smartphones will in turn provide an increased marketplace for criminals,” he cautioned.

“So if you are thinking of making your business mobile-responsive then you need to think about cyber risk and cyber security. This threat is not going to go away; it is just going to get more advanced.”

Mr Clarke speaks from years of experience – having worked as a security advisor to government, as a private cyber security consultant and as a former Serviceman. However, he explained that the facts of the cyber threat were plain for all to see.

He said: “There is a lot of information out there on cyber breaches; TalkTalk, LinkedIn and the Panama Papers data leak all show how common cyber attacks are. Every bit of information in the news shows that the cyber threat is real and will affect most people at some point.”  

SMEs, Mr Clarke added, are no exception.

He emphasised: “SMEs, especially non-finance SMEs, might be tempted to think that they are too insignificant to be targeted, but this not the case. Money is going lost in normal transactions and through breaches of customers’ emails.”

With that in mind Mr Clarke urged suppliers of all sizes to invest in good cyber security.

He said: “The threat is real; it’s a case of when not if an attacker will target your company. Companies need to approach the topic of cyber security, understand how cyber threats manifest themselves in their business and how they can protect themselves at the highest level possible.”

This means prime contractors examining their whole supply chain and identifying any soft spots that hackers could target. “Attackers will target the easiest route into this supply chain, so it is up to the prime contractors to ensure that their partners are protected,” he explained.

Mr Clarke also urged the CEOs of all companies to take ownership of their organisation’s cyber security.

He said: “CEOs must start from the top down and implement education, training and awareness to ensure that everything possible is being done to protect data, money and reputation.

CEOs and senior executives need to understand that it is up to them to protect their own and their customers’ data by mitigating risk. Ministers are now discussing the consequences for company leaders who do not protect their data, such as fines from regulatory boards.”

While cyber security failures could be cause for punishment, cyber vigilance could equally be cause for reward, with the Government’s Cyber Essentials Scheme (CES) recognising responsible organisations.

Mr Clarke explained: “If you want to be on government supply chains you need to ensure you are signed up to the Cyber Essential programme. You must also ensure your IT team have the relevant external tools – to understand where the cyber threat come from and how to mitigate the threat – and if the IT team don’t have these tools then they must outsource them.”

Mr Clarke recognises the UK cyber skills shortage, saying not enough operational and academic training is currently on offer – to the right people – to tackle the cyber threat head-on. However, he remains optimistic that the public and private sectors can work together to make up this shortfall.

He concluded: “Government should work with the private sector to help suppliers raise awareness, increase compliance with Cyber Essentials and increase access to cyber protection tools.”

For more information come to see Mr Clarke speak at Procurex Wales Digital Procurement Zone    on 6 October 2016.

P4H 2016 review

P4H 2016The air was electric with possibility at the NEC, Birmingham on 13 July for this year’s P4H conference and exhibition. Representatives from both the public and private sectors descended on the venue from across the UK to learn about the latest developments in healthcare procurement, network with their peers and build new and lasting business relationships. Here, BiP Solutions journalist Domhnall Macinnes recounts some of the events of the day.

Opportunity began in the keynote arena at P4H 2016 – The Procurement Event for Health, held on 13 July at the NEC, Birmingham.

Kicking off the keynote speeches was meeting chair Professor Duncan Eaton, Executive Advisor at the All-Party Parliamentary Health Group, who launched the audience into an enthralling series of addresses which set the tone for the day and encapsulated the value of P4H, attracting delegates from all corners of the venue.

Professor Eaton said: “The event today intends to bring together those from the procurement world and suppliers to listen and talk and be informed and contribute to the future of health procurement. This keynote arena is a major part of the programme. We’ve put together a range of speakers to tell us about current initiatives and their views of the future.”

Renowned names in procurement such as Managing Director of Marc1 Ltd Colin Cram proceeded to inform the packed arena about emerging developments in the healthcare procurement landscape. Mr Cram’s talk, entitled ‘Brexit – The challenges and opportunities for NHS procurement’, was one not to be missed.

Following his speech, Mr Cram commented: “What I’d really like for people to take from my speech today is that they need to raise their game in procurement. Instead of looking at ways of just saving procurement costs and reducing prices, see what opportunities and what products there are available that will help reduce NHS costs overall.”

He continued: “All of the smaller companies find it almost impossible to engage with NHS hospitals as they’d have to try and sell to them one by one. Small companies do not have the resources to do so.

“I reckon that if procurement people took advantage of the opportunities out there – doing things differently – the potential savings for the NHS and the benefits to patients would be immeasurable.”

Professor Eaton also introduced Pat Mills, Commercial Director, Department of Health, who delivered a stimulating address enititled ‘NHS Procurement – The National Programme’. Mr Mills discussed the value of making savings within the NHS and the immeasurably valuable things that could be done with these savings.

Later in an interview, he reflected on his speech: “The key message I would like people to take away with them today is about money. Money is critical. We want to go about making savings, and procurement is a great way of doing that. The procurement community as a whole in general can deliver maybe £1 billion worth of savings. That’s two hospitals a year. But we’ve got to work together.”

Within the event’s dedicated buyer and supplier zones, stakeholders from across the public and private sector took advantage of the various hubs offering networking and advice. At the Best Practice Case Study Zone, delegates were offered a unique opportunity to learn from the past successes of others through explanatory presentations. Nick Hodgson, Supplier Development Advisor for the Royal Devon and Exeter NHS Foundation Trust, was at the zone co-presenting on the Savings Swap Shop, a programme which has enabled ten NHS trusts in the south west of England and beyond to save in excess of £850,000 through sharing ideas for efficiencies in procurement.

Mr Hodgson said: “It’s important for people to attend events such as P4H for the same principle as our message today. It’s about collaboration – getting together and realising that everyone in different hospitals and different organisations is actually working on the same projects. So they may have a better way of working on things which can help us save time, find efficiencies and ultimately save money as well.”

On the arena floor, partners, exhibitors and sponsors networked throughout the day with stakeholders, meeting delegates at their stands to plant the seeds of blossoming new relationships.

Naomi Clews, Senior Category Lead at the Crown Commercial Service, mused on the vital role P4H plays and why the CCS acted as an official partner to the event: “We absolutely want to make ourselves visible to as many suppliers and customers, especially within the NHS, as possible. Bringing buyers and suppliers together is really important. It’s the only way that we can learn and innovate and get better for our customers in the NHS. The information that we gain at P4H is the information that we take back to redevelop some of our strategies.”

Building upon this year’s success, next year’s event promises to deliver even more opportunities to buyers and suppliers in the healthcare sector. With yet another busy schedule of engagement, advice and professional development, P4H will return in summer 2017.

 button (4)

BiP Solutions Limited is a company registered in Scotland with Company Number SC086146 and VAT number 383030966 and having its registered office at Medius, 60 Pacific Quay, Glasgow, G51 1DZ.

Select a page to copy this section to:

Select where in the level you want it inserted: