Travo Cyber Summit: Firms warned they are still not getting cyber basics right

Travo Cyber Summit: Firms warned they are still not getting cyber basics right

Cyber expert Liz Banbury of business insurance firm Hiscox and industry body ISC2 said everyone needs to raise the bar in information and cyber security as attackers become more sophisticated and technology more powerful

Companies still need to get the basics right on cyber security while criminals get more and more sophisticated in their attacks, last week's Travolution Cyber Summit was told.

Liz Banbury, chief information security officer at Hiscox and London chapter president of cybersecurity professionals group ISC2, said everyone has a role to play in combatting cyber.

By following best practice in areas like password management in both corporate and private life we are “raising the bar inch by inch” for the bad actors online to hurdle.

However, she said “the future is coming more quickly than I would have liked” with threats involving Artificial Intelligence and quantum computing set to hit within a decade.

Banbury cautioned that even all forms of recently introduced two-factor authentication have already been compromised unless they involve biometrics. 

“The travel industry needs to secure ever expanding business and digitisation strategies which span multiple new technologies and an ever increasing list of external supply chains," she said.

“Attackers on the other hand just need to spot one weakness. Information and cyber security needs to constantly mature to ensure that our threat landscape is secure.”

Phishing emails remain the most commonly used tactic by fraudsters. But travel is also vulnerable to QR codes being compromised, Internet of Things vulnerability and ransomware and malware which saw a rise during the COVID pandemic of over 150%.

Banbury likened the battle against the cyber criminals to the parkour game Chase Tag where opponents try to avoid being caught in an assault course of obstacles.

“We are jumping though hoops in order to work out what we need to do to put in a minimum business plan for security and to think about the future.”

Although there are free resources aimed at small to medium sized businesses in the London area by the Cyber Resilience Centre, Banbury said the stats are “scary” with four in ten businesses in the city have been subjected to a successful attack.

As well as countering the ever-evolving threat, travel businesses also have to work within industry regulatory frameworks to make sure they are compliant with mandated best practice.

Looking to the future Banbury highlighted three areas that will be relevant in the next 10 years: Two-factor authentication, AI and quantum computing.

“A lot of companies still do not have two-factor authentication in place and if they do you are maybe sent the code in a text message.

“In the last six months this has been compromised. Attackers have already worked out ways to compromise multi-factor authentication bar biometrics.”

Banbury said a recent Uber attacks and one on Lloyds Insurance were both due to two-factor authentication being compromised.

As “user fatigue” sets in over the additional level of security, the security industry is looking to move away from using push notifications.

Banbury added: “AI is becoming a part of our lives without us understanding how it’s becoming a part of our lives.

“The key area of concern here is AI, by default, is self-learning, like a child learns from its parents.

“There are parents who teach computers to make decisions for the good of mankind, but the flip side is computers being taught to make decisions for negative reasons without us having any control.”

Quantum computing means the emergence of machines, like Google’s Sycamore, with the power of 100 super computers today. It is expected to become mainstream by 2028/30.

Banbury said this is likely to have a fundamental impact on how companies are able to trust its clients, staff and suppliers. 

“What this means is encryption methods, trying to get your company to put in place multi-factor authentication could well be blown out of the water and won’t work because quantum computing will be able to smash the algorithms in seconds.

“My feeling is we are going to have to flip everything on its head and where everything is placed in a trust zone because quantum computing is going to force us to change the way we think about cyber.”