skip to Main Content

NEWS

Hottest information about 3rd Annual Cyber Security Summit

2 September 2020

PIOTR BORKOWSKI

Head, Red Team Operations & Cyber Security Testing

Standard Chartered Bank

3 Questions for Piotr Borkowski

What do companies need to implement to be able to establish Red Team Operations?

Establishing Red Team within an organisation is not something very simple. First of all, a company needs to achieve an appropriate level of cyber security maturity to be ready for this step. Defensive teams (monitoring, incident response, forensic etc.) as well as dedicated procedures and understanding of this type of activity should be in place first. Secondly, a company needs to ask itself a question – on what scale do we need to use Red Team Operations? If the answer would be (potentially) we need only one Red Team exercise a in a year/every two years then I would suggest to hire an external vendor rather than create an in-house team. We all need to remember that Red Teaming is one of the most sophisticated methods of security testing, with very few experts with relevant expertise and high salary expectations. Having one’s own Red Team without the actual need would not be economically justified.

How to effectively fight human error and employee negligence that is still a cause of some data breaches?

Human error continues to be number one cause of security incidents. Continued education and strengthening the awareness of the importance of the cyber security “hygiene” is crucial in addressing this problem. However, this will not be effective unless it’ is done in a smart way. Typical “e-learnings” for employees usually do not work properly. Following this kind of training an average employee is aware of the risks only for a couple of days, while we need them to be permanently aware and take appropriate actions. Communication regarding cyber security risks should be regular and based on some case studies/examples from real life. This is something that activates people’s imagination, maybe awakes some emotions, and thanks to that stays in their minds for a longer period of time. Moreover, we need to make sure managers and leaders set the right example while talking and walking the walk.

How to put in place protection strategies that deter attacks and ensure the security of information of your customers? How to gain and keep their trust?

In this context it is very important to engage many different stakeholders in this process. Security strategies are very important for the whole organisation as well as for their customers who expect their data to be kept safe by a bank or any other service provider/product supplier. A security strategy document should be created as a result of cooperation between security teams, business units who understand customers’ needs the best and support functions such as legal, compliance or marketing. A well-prepared cyber security strategy can be our competitive advantage, especially in times when cyberattacks are becoming more and more common thing with their scale growing every year. If wee’ are able to explain the importance of security measures to customers and demonstrate that we are adequately equipped to keep them safe, we will be able to win their trust. To be able to do it we need to have customer service and marketing people on-board.

Piotr Borkowski is Head of Red Team Operations and Cybersecurity Testing at Standard Chartered Bank. In his previous roles he was a manager at Deloitte Poland and expert in Governmental Computer Emergency Response Team in Poland. His areas of specialisation include offensive security, social engineering, OSINT, incident response.

26 August 2020

STEVE BROWN

Director, Cyber Security Cyber & Intelligence Solutions – Europe

Mastercard

3 Questions for Steve Brown

Does more connected devices mean more attacks? How to stay secure in the age of Connected Everything?

More connected devices ultimately means a bigger surface area for cyber criminals to exploit. It will often mean more devices with vulnerabilities, more devices with default security settings and therefore prone to exploitation.
To stay secure in a Connected Everything / IOT world requires diligence and education about such device usage. Fundamental security measures such as changing default settings/passwords to user unique passwords and two factor authentication can assist exponentially in securing domestic and business infrastructure and devices.

How are AI and ML helping in identifying threats? What needs to be implemented to make it even more efficient?

AI and ML assist in being able to analyse and interpret vast quantities of data in a far greater depth and with greater efficiency than a human resource ever could. In what is essentially a game of data, the ability to analyse and interpret, accurate, reliable information and intelligence is key to providing protection to a business and preventing attacks from happening in the first place – know your adversary, know your infrastructure and protect it.
There will however, always be a requirement for the human element. The natural investigative and inquisitive ability of cyber security professionals, the ability to ensure processes and protocols are written and practiced, can make the difference between a business surviving a cyber attack or not. To ensure better efficiency, the skills shortage in cyber security needs to be addressed to complement the emerging AI and ML technologies.

What does the future hold for cyber security? Will the developments be postponed or sped up due to the recent global situation?

They have to be sped up – criminals, organised crime groups and Nation States aren’t stopping, in fact they are capitalising on global events to launch further attacks and prey upon societal and technical vulnerabilities to maximise their gains. Recent attacks on Carnival, Garmin, Easyjet as well as attacks on healthcare providers and researchers demonstrate the lack of moralistic values that criminals have and the fact that a global pandemic only provides them with further opportunity.
Cyber security has to be seen as an investment and to be a core part of any business set up whether it is an SME or a multinational company. The relative losses that potentially stand to be made owing to data breach, incident response, business continuity costs, brand/consumer loyalty dwindling, consumer confidence plummeting, share price falling all impacting the bottom line mean that business should be ahead of cyber security in a proactive, preventative sense rather than a reactive one. Otherwise cyber security will remain on the periphery and always subject to lack of funding and therefore always leave a business prone to attack and data loss.

Steve Brown works as a Director, Cyber Security for Mastercard and he is an European lead for cyber security products and services. He is responsible for implementation and integration of Mastercard’s Cyber Security Framework including data breach detection and cyber risk assessment technologies and capabilities across all related stakeholders. Steve leads research of security and cyber innovation trends and threats in the consumer device, retail, ACH, payment card and broader financial services. He works with industry partners to determine and detail the cyber crime threat to Mastercard and its customers. He leads on engagement with European governments and customers to identify and mitigate those cyber security threats. Steve conducts cyber security capability gap analysis with a focus on external customers and delivers educational workshops to Mastercard employees and its customers, increasing the capability, capacity and knowledge to identify the threat of cyber crime and the relevant products and technologies to mitigate it.
Steve was also a part of the National Cyber Crime Unit for the National Crime Agency. He managed the UK’s strategic and tactical response to cyber crime with overall responsibility for the collection, management, analysis and assessment of intelligence on the cyber crime threat to UK. He ensured a proactive response to prevent and mitigate harm to UK individuals and business through assessed threat and risk management. He worked across Government and Industry to determine and detail the National and International response to Cyber Crime.
He was also embedded with the FBI Cyber Division as the UK Government’s Cyber Attaché to the USA. He was responsible for diplomatic and political relationships and negotiations relating to the investigation of cyber criminality affecting the UK and USA.

5 August 2020

CLAUDIO MIRTI

Data & AI Solution Specialist

Microsoft

3 Questions for Claudio Mirti

What are best practices for responsible AI?

The societal implications of AI and the responsibility of organisations to anticipate and mitigate unintended consequences of AI technology are significant. Considering this responsibility, organisations are finding the need to establish governing practices to guide their AI efforts, whether they are deploying third-party AI solutions or developing their own.

  • Choose a governance structure that best fits your organisation’s AI maturity, unique characteristics, culture, and business objectives
  • Encourage your governance system to develop a set of guiding ethical principles based on your organisation’s foundational values
  • Outline the specific role of your governance system within your organisation. Consider having them develop and implement policies, standards, and best practices, build a culture of integrity, provide advice, educate employees, help mitigate risks associated with AI systems, and respond to violations in a timely and consistent manner
  • Provide your governance system with the financial and human resources they need to affect real change within your organisation
  • Adapt your governance system(s) as your AI maturity and business objectives change and industry best practices improve

What role do humans play in the creation and use of AI?

Humans must decide how the AI model will be used and by whom, what training data to leverage, how that data is prepared, and which algorithms are selected. Humans must also decide on performance metrics for the AI system and monitor its performance over time.

Does more connected devices mean more attacks? How to stay secure in the age of Connected Everything?

Enabling highly secure and reliable communication between IoT applications and devices it is key. With our services, like Azure IoT Hub, we provide a cloud-hosted solution backend to connect virtually any device with built-in management and provisioning to connect and manage IoT devices at scale. This allows to retain the confidentiality.

Claudio Mirti has a customer-focused approach to leverage digital technologies to design and build innovative game-changing solutions. Also, he knows how data & AI can empower employees and ultimately help customers augment their business in new ways. Claudio works at Microsoft and is a founder of different courses in higher education in Switzerland and New York University with the focus on Design Thinking and AI.

29 July 2020

GUGLIELMO IOZZIA

Associate Director, IT & AI

MSD

3 Questions for Guglielmo Iozzia


What risk mitigation techniques have been proven not to be successful and why is that?

Any risk mitigation technique which is reactive (read as wait for bad things happening before acting) is destined to fail.


What is the number one must strategy in preventing attacks to Deep Learning networks?

Fighting fire with fire: Using deep learning or any AI-based strategy, as attackers are already leveraging DL and AI to attack DL networks. Traditional rule-based strategies do not fit this scenario.


What are the specifics of cyber security within pharmaceutical industry?

Unfortunately I cannot share details on this front. By the way, biotech manufacturing cyber security shares risks and mitigation strategies with any other manufacturing business.

Guglielmo is currently Associate Director at MSD Global and based in the new MSD Biotech facilities in Dublin (Ireland), where he is trying to unlock business value through ML/AI in the biotech manufacturing space, by using in particular computer vision. He was previously at Optum (UnitedHealth Group) Ireland dealing with projects in the PI (fraud, waste and abuse, claims processing) mostly, but also in general in the healthcare space. He has previously worked at IBM Ireland, part of cloud automation first and ethical hacking team then, where he switched his career path from test automation to analytics and machine learning/deep learning.

He is passionate, among other things, about AI and cyber security, not just for professional purposes, but also for personal initiatives and interest.

Starting from 2018 he is being invited to present at several international conferences such as DataWorks Summit, Google I/O Extended, Predictive Analytics World for Industry 4.0, CIO Conference Ireland and UK, Spark+AI Summit and many others. His first technical book “Hands-on Deep Learning with Apache Spark” has been released in January 2019 and his second one about XAI is expected to be released in 2021.

24 July 2020

HIMANSHU CHAUDHARY

Head of Security
Operation Center 4

Fujitsu

Cyber Security Leaders of the Week by Himanshu Chaudhary

The New Cyber Security Leader: The Role

How do you articulate the three-pronged approach of ‘people, processes and technology’?

People, processes and technology are the three important components of Security Operation Centers, if you lose one, the other two will fall automatically. A breakdown in any of the three core components will result in compliance failure, therefore it is absolutely necessary to ensure that these three components are well informed and aligned with the organisational security strategy. At Fujitsu, we focus on sustainable implementation of these components, which is complex, but should be the main goal of Cyber Security leaders.

  • People: My primary focus lies in enabling people to meet their goals and business requirements, where enablement refers to providing them with the required tools, a supportive platform and room for failure. Failing is not a problem, but not correcting your mistake and trying again is a problem. Providing the required tools not only refer to processes or technology, but also to knowledge. Security leaders should always focus on providing enough training and other knowledge building opportunities, by which it can be assured that people are not the weakest link in the security defences, as is often the case.
  • Processes: One thing I have learned in my professional experience is that successful processes are not the best looking or complex ones, but the simple ones. Despite the ever-increasing complexity and dynamics in organisations, security leaders should always focus on developing easy to understand and easy to implement processes. With easy to understand and implement processes, people will not waste crucial time in pulling up and understanding the process during critical times, and will have less probability for any compliance failure. From my perspective, good processes are the ones that naturally arise from clear thinking and are easy to manage.
  • Technology: Investing in technology helps in mitigating and defending against known or unknown threats and should be promoted in order to capture new market opportunities, improve operational excellence and acquire the ability to do more with less. Though it is important to remember that technology is just one component, which could potentially be bypassed by people, but we should also remember that technology is a crucial component that plays a main role in people enablement.

The Relationship with the Board (Customer)

How do you convey to the Customer the message that, with regard to cybersecurity, you can minimise the risk but you are never going to be 100 percent secure?

A well-informed and decisive customer or board will always understand that it is all about risk management, and there is no such thing as 100% secure. I constantly refer in my discussion with customers that our goal is to protect our customers from mass cyber-attacks or specific targeted attacks, but we cannot guarantee protection from every targeted cyber-attack, especially zero-day cyber-attacks. For missed targeted cyber-attacks we have security incident response or cyber threat hunting capabilities. But, in the end, it is just like a Whack-a-mole game, and suffering from a cyber security incident is not about if, but when. We have already heard multiple times about multi-billion dollar companies or national agencies suffering from security incidents, despite having the latest technology, the most skilled people and access to the highest grade of cyber threat intelligence. This already shows there is no such thing as “100% secure”, even for companies or agencies that have greater focus and bigger budgets for cyber security.

At Fujitsu, our cyber security strategy uses a multi-layer cyber security protection approach, combining security incident response, cyber threat hunting, digital forensic analysis, etc. capabilities. With a multi-layer protection approach we try to stop as many cyber-attacks as possible, but with advanced capabilities such as threat hunting, we try to remediate undetected threats.

When we talk about 100% security, we should also consider its impact on user experience and associated cost. For example, if we change the company password policy to use 16 character strong passwords (combination of uppercase, lowercase, number and 3 special characters), with a 30 day expiry and no re-use policy of last 24 passwords, this would certainly strengthen the security posture, but would impact user experience and result in extra cost because of the handling of more password reset requests. Therefore, when we talk about security, we should always look at a balanced triangle of user experience, cost and security, and should consider risk management instead of full proof security.

Creating a Cyber Security Culture Within the Organisation

Almost everybody agrees that organisations need a culture of security. How can security leaders help facilitate that type of culture?

According to CSO, “Phishing attacks account for more than 80% of reported security incidents” & “94% of malware is delivered via email”.

As we all know very well, the human factor is the weakest link in the entire security chain, and in overcoming this the security function in an organisation has a significant role to play, but responsibility of safeguarding an organisation and its data lies with everyone in the organisation, from employees to executives, including temporary employees and contractors. Creating an effective cyber security culture in an organisation takes lot of innovation and courage and cannot be achieved merely via annual web-based training. In order to influence people’s behaviour a mixed set of innovative measures should be taken, such as regular reminders, dry runs, short comedy visuals, awareness programs, awarding people for cyber hygiene, etc. It is all about grabbing people’s attention and influencing their hearts and minds. Many major security breaches I have handled started from a misstep by one person, therefore it is important to make each and everyone in organisation is aware of the consequences of their missteps.

Threat Landscape and the Biggest Challenges

What are the biggest challenges you face in the year ahead?

There are many known or unknown challenges we will face in coming year, the following are the ones which I predict based on my current role at Fujitsu:

  • Global Cyber Skills Shortage: Various reports have estimated that next year there will be a global cyber skills shortage of 3.5 million. This figure is about existing or upcoming vacancies, but when I look at existing cyber security professionals, I still encounter many of them with no deep understanding of cyber security or who have never hacked a single machine legally or illegally in their career. Cyber attackers think and operate in a certain way, and if we do not understand that, how can we protect our assets from them. In order to overcome such problems, new approaches must be considered, and the government, academia, institutions, businesses, etc. all have their role to play.
  • Cloud – Unknown Threat Landscape: According to Forbes, 83% of enterprise workloads will move to the cloud by the year 2020. Adoption of cloud services is growing multi-fold, and in 2020, it will not be any different. Cyber security leaders will need to get a grip of the Cloud threat landscape, and despite the many operational, business and commercial benefits, they will need to understand the risks to their businesses. Speed and momentum of cloud services adoption has created various concerns for cyber security leaders around container security, cloud storage, cloud sharing applications, identity theft, vulnerability management, etc.
  • Security Tools & Controls Usage: Many organisations already have various integrated security solutions or features, which they are failing to understand and take better advantage of. A greater understanding of these solutions is needed in order to make smarter investment decisions.
  • AI Security: According to studies, 2020 will see a rise in the use of adversarial attacks to exploit vulnerabilities in AI systems. AI models are insecure and vulnerable to attacks, for example, an AI learning to recognise cats could be tricked into believing that an image of a dog was also a cat, an exploit that could later be leveraged. It is also possible to extract parts of an AI model, leading to intellectual property theft, as well as the ability to craft “adversarial” AI that could manipulate the intended model.
  • Automation: It allows an organisation to collect data about security threats from multiple sources and respond to low-level security events without human assistance. At a granular level, the correct adoption of automation will help organisations map and really understand how to improve their business processes. By making correct use of their technology stack and associated APIs, early adopters will get faster and enhanced reporting and will improve their security posture through the reduction of Mean Time To Respond (MTTR) to threats, that could impact their reputation, operations and bottom-line.

Balance Between Innovation and Cyber Security

How can leaders balance security and innovation?

If we look at the innovation landscape in just the last few years, i.e. autonomous cars, virtual reality glasses, foldable screens, 3D printers, air taxis, 5G network, etc., we will realise that another big industrial revolution has already been started, and at this moment we are in middle of it, which will fundamentally change everything from the way we live to the way we work. When we talk about such innovations, we also talk about risks associated with these innovations, such as risk of accident with autonomous cars, risk of social disconnect with virtual reality glasses, medical risks with 5G networks, etc. In a similar way, we should consider innovation and cyber security together, just like two sides of coin.

At Fujitsu, innovation is at the centre of everything, but because of being a mature company with 84 years’ experience, we continuously measure risks while fostering innovation. In general, there are two types of innovation. First, is corporate innovation which focuses on capturing market opportunities or improving operational excellence, and then second is security solutions innovation, which focuses on capturing new capabilities or the ability to do more with less. Corporate innovation should be promoted in order to maintain a stronghold in the market, but when we talk about security solutions innovation, we should always ask, will this innovation help me in doing more with the same amount of people or will this innovation provide us a capability where we are already not covered by any other solutions? Nevertheless, whenever we talk about corporate innovation or security solution innovation, the responsibility of the cyber security leader is to provide fundamental building blocks, which have clear documented guidelines, policies and procedures, and then innovation can be fostered upon that.

The Need for Collaboration Within and Outside the Organisation

How important is information sharing within the sector to keep abreast of new threats and cybersecurity best practices?

Quote from Helen Keller, “Alone we can do so little, together we can do so much.”

Initially SOC’s used to be tools driven using a multi-layer tool approach, i.e. SIEM, IDS/IPS, FW, AV, etc. They were completely centralised and closed in nature, merely working based on the information available in the organisation. Later on, they realised the value of collaboration and information sharing, and then the term “Cyber Threat Intelligence” was coined. With “Cyber Threat Intelligence”, SOC moved from reactive to proactive and became intelligence driven SOCs. Now various SOCs around the world utilise collected information through various public or private feeds in order to block potential a cyber-attack proactively.

One classic example of the benefit of “Cyber Threat Intelligence” is the attack by the “Lazarus group”, which has targeted banks all over the world. “Lazarus group” was infamous for using the same tactics, techniques and procedures, such as using the same tools in order to launch phishing, DDoS and vulnerability exploits. This collected information was shared with all the banks proactively, and the banks that were fast enough in utilising the shared information, were able to protect themselves. Other banks that did not utilise the shared information suffered the fate of security breach and loss of a huge chunk of money. We can always work and come together like the military and sharpen our skills, just like how the military conduct joint service and multinational exercises in order to increase their skills and improve the ability to work collaboratively in a dynamic operational environment.

One thing that we all need to remember is that Cyber Threat Intelligence is not like plug-n-play, there is a massive amount of information available, which has been shared by thousands or millions of feeds. This collected information will need to be filtered first before getting passed for internal usage and getting used for finding suspicious activity within the network.

Closing Statement

Cyber threat landscape is evolving every day. Now we are doing more innovations than ever, Cyber Security solutions has evolved into much effective and efficient solutions than ever. But with that, we have also seen much more breaches than ever, companies has loosed much more money in security breaches or compliance issues than ever, etc. This means we have had various different challenges in past, and we will have challenges in future. Maybe scale or dimension of challenges will change, but with that our response should also change.

Cyber Security is a continuous evolving domain, and as Cyber Security leaders, we are and will continue to be challenged to understand bits and bytes of technology, while at the same time also expected to understand goals of the business.

Do not hesitate to reach out if you want further contact with me.

Originally published on cyberstartupobservatory.com

Himanshu Chaudhary is a Cyber Security expert who is passionate about everything surrounding Cyber Security, Innovation, Technology, and Business Development. Himanshu comes with 8 years of technical and team development experience, where in his current role as Head of Security Operation Center 4 at Fujitsu, he is responsible for developing & managing Cyber Threat Analysis, Cyber Threat Hunting, Cyber Threat Intelligence and Security Incident Response MSSP service for Fujitsu CEE region customers.

In his career, Himanshu has worked with many leading businesses, coming from wide range of industries, such as Automotive, Airlines, Banking, Ecommerce, Health, Information Technology, Insurance, Telecommunication, etc. During this time, Himanshu has worked on many domains, such as Penetration Testing/Vulnerability Assessment, Reverse Engineering, Cloud Security, Cyber Threat Analysis/Hunting/Intelligence, etc.

Himanshu holds Bachelor’s degree in Computer Science, Master’s degree in Computer Security, and wide range of professional certifications, such as OSCP, CEH, OCP and OCA.

Himanshu is also active in expanding and sharing his knowledge via various channels, such as attending or speaking at Conferences, visiting Universities as Guest Lecturer, writing blogs, etc. To invite me as a Speaker at your conference please reach out to me directly via LinkedIn.

16 July 2020

HILA MELLER

Vice President Security Europe

BT

Questions For Hila Meller

How to mitigate risks linked to connecting to Cloud?

The Cloud has enabled organisations to be more flexible and agile, but quite often organisations move to the cloud so quickly that their security has not kept up. This can mean that new attack surfaces are created, leaving them vulnerable.

Organisations need to take a proactive approach to cyber security and understand that a traditional security perimeter of their network no longer suffices. They instead require a framework that considers all security implications, with multiple layers of protection, and proactive threat monitoring and engagement.

Essentially, moving to the cloud means that you cannot have an impassable wall around your closed network, but must instead have layers of defences around a core network that contains your most important data and assets.

Would effective employee training be beneficial in mitigating human error and help with the Zero Trust approach?

Absolutely – organisations need to constantly work on improving their security posture, and improving the knowledge and capabilities of your employees is one of the most important parts of this. It is vital that security is considered a key topic for both business leaders and their employees, and that they not only understand the threats that affect your organisation, but how those threats also affect them and their data.

At BT, we have 3000 cyber security experts working to secure our business and our customers, and we have spent a lot of time and effort to ensure all of BT (from Board level down) understands the importance of security and the investment & strategy required to deal with the risks. Communication is vital when it comes to raising awareness of security and identifying risks, so we have a dedicated Security Group on Workplace to create a live feed of information and to call out any experiences people have.

Issuing company-wide mandatory training should be done to ensure employees are mindful of security, and as the scale of the threat grows, it is worth developing people’s training and skills. Especially now as remote working is reaching a new level of normality, businesses must consider not only how to keep their connections as secure as possible, but also communicate regularly with their employees, and maintain good cyber hygiene.

What does the future hold for cyber security? Will the developments be postponed or sped up due to the recent global situation?

The pandemic has massively changed the way we use technology, with many of us working from home and more of our daily lives being moved online, including learning, shopping and human connections. As a result, people have recognised even more that cyber security should no longer be an afterthought, and instead needs to be considered as an essential part of everything we do.

I think the global situation has elevated the need for a cyber security strategy to be implemented throughout organisations. Organisations need to be prepared to make essential risk-based decisions and work collaboratively both within the organisation and with network and security providers, to ensure there are rigorous plans ready for any unexpected situations.

Hila has more than 20 years of experience in the security world.
During her career, she has worked with some of the world’s best-known brands and international organisations to protect their IT estate and business assets, while taking them through digital transformation initiatives.
She is experienced in leading diverse international security teams and has done so for several large Fortune 500 companies. Hila has a bachelor’s degree in computer science and mathematics, and an executive MBA. She is a passionate public speaker and an enthusiastic advocate of diversity in technical fields.

14 July 2020

RYAN SMITH

Head of Global Cyber Detection and Response

Aviva

Questions For Ryan Smith

How to respond faster and easier in the world of intelligence-driven cyber security fighting the cybercrimes? What is your company doing to keep up with evolving cyber threats?

You respond better if you know your business. That is not just what your infrastructure looks like, but where and how your business operates. This may sound simple, but many global organisations will operate in dozens of jurisdictions, providing multiple services both in a B2B and B2C model. This inherently adds complexity which will always negatively affect your ability to respond.
Threat Intelligence can greatly support this understanding and potentially provide an early warning of your organisation being targeted. Speed is key during an incident, it may allow you to take correct action prior to a breach actually occurring or will limit the damage if it does.

How are AI and ML helping in identifying threats? What needs to be implemented to make it even more efficient?

Signatures and ‘known bad’ are no longer enough to protect your business. That does not mean that technologies that utilise this are no longer needed, but they will require supplementary technologies that use ML.
However, unfortunately ML tools are not enough by themselves. They can heavily reduce the need for staff to undertake less valuable or monotonous activities, but they still require SMEs to operate them and interpret the results.
The question is; have I not seen something in my business because it has not happened or because my ML tool has decided that I do not need to see it? This is a subject I will be covering in greater detail during my presentation.

Does more connected devices mean more attacks? How to stay secure in the age of Connected Everything?

Yes, unfortunately more devices do lead to more attacks. But although this increases the attack surface area of a business, arguably, the greater risk comes from the quantity of devices connected to the internet that an attacker can use. This is seen by organisations’ both large and small when responding to the more sophisticated DDOS, phishing and brute force events.
In order to stay secure in the age of ‘Connected Everything’, organisations’ need to understand their people, process, technology and most importantly, the business model. With an increased attack surface area and more devices for an attacker to use, the ability to respond quickly is pivotal. As organisations grow and become more complex, security teams will have to manage an increased amount of the false positive Cyber Events.
Knowing how your business operates, makes the difference between an appropriate response and failing to identify a material threat. This understanding allows you to respond at pace and the speed of your response will greatly affect the impact cyber events will have on your business.

Ryan is a Security Leader with over 15 years’ practical experience gained in both the public and private sectors, across multiple roles including; CISO, Senior Delivery Partner and currently as a Global Cyber Operational leader for a transnational FTSE 30 Company.
He is a security professional with sound knowledge of information risk, governance, compliance and responding to the increasing cyber security threat. Experienced in the commissioning, design, control and management of secure IT infrastructure on premise, in the cloud and for hybrid deployments.

FOR MORE INFORMATION ABOUT
SPEAKERS AND CASE STUDIES

Back To Top