Cybersecurity: Unlocked LIVE BLOG 2019

17 July 2019 by Charlotte Nuttall

17th July 13.00pm. Thanks for tuning in!

Well, that’s all we have time for folks. Thank you to our speakers and panelists, our sponsors Secarma and Commvault.

And, of course, thank you for tuning into this live blog – we hope you enjoyed being in on the action!

17th July 12.57pm. Practice makes perfect

Get someone, like a third-party security specialist, who can create scenarios and see how you would respond. Identify possible challenges, how you will respond to the public, accidental disclosures by staff and more. Think of red herrings that may come up.

“Do not wait until the infection is ‘significant’ – like 50% of your deployed machines. As soon as a machine is infected, you must start to fix the problem or it will get bigger.” – Holly Williams

17th July 12.50pm. How do you respond to breaches?

• Notify the ICO within 72 hours
• Notify data subjects directly and as soon as possible
• Make sure that you have enough information when notifying clients or be prepared to tell people that you’re investigating the problem

 

17th July 12.45pm. Finally, our data breaches workshop

Holly Williams, ex-military security specialist and Technical Director at Secarma is taking to the stage to deliver a data breach workshop for our Unlocked audience.

 

 

 

 

 

 

 

“It’s not a case of ‘if’, but ‘when’. Ransomware attacks are prominent right now. So, backup all your data, and then if anything happens you can restore it.” – Steve Nolan

17th July 12.42pm. The advantages of backups

• Cloud DR can lower costs
• Increases agility and reduces complexity
• Helps to mitigate compliance challenges
• Allows data to become more visible and actionable

17th July 12.36pm. AI and ML in backup and recovery

 

 

 

 

 

 

 

 

 

 

 

 

 

 

“66% of IT professionals estimate that their company only has access to half of its data (or less).” – Steve Nolan

17th July 12.28pm. The game has changed

The cyber-threat landscape is evolving and causing businesses of all sizes.

• We’re moving away from blanketed attacks to more targeted attacks.
• There are always new threats and growing levels of sophistication.
• As the rise of technology continues, there are even more new threat actors to contend with.

 

17th July 12.20pm. Hold on, back it up

Our next speaker is Steve Nolan, Systems Engineering Manager at Commvault UKI. Steve is here to talk about ransomware, disaster recovery (DR) and backups.

“You can never have too much data for a hacker to want to sift through it and find what they want. There is no such thing as obscurity in data. The number of terabytes will not put a hacker off.” – FC

17th July 12.11pm. FC’s top takeaways:

• Get the foundations right!
• Things take time to fix, but we are going to fix it.
• We can only mitigate threats, the cybercriminals are always finding new ways to get around the protection put in place.
• Hackers don’t care who you are, they will target millions of people and see who gets compromised – so don’t let it be your business.

17th July 11.50am. There are many ways to be hacked

GPS

Mobile

Fibre Optics

Telecommunications

Email

Wi-Fi

 

“Locks only keep honest people out. Even sophisticated security can bypassed.” – FC

17th July 11.42am. Let the talks recommence

Our second keynote speaker of the morning is the elusively named ‘FC’. A world-renowned ethical hacker and social engineer, let’s see what FC has to say about the state of cybersecurity.

 

 

 

 

 

 

 

17th July 11.15am. Be right back!

We’re taking a quick break now and giving our guests the chance to have their most pressing questions answered by security specialists in our 1-1 clinics.

We also hear there’s snacks. So, be right back!

 

“Make sure you have appropriate testing throughout the development life cycle. Get your board members to accept responsibility for the security of your organisation.” – Marc Avery

 

“Build in security so you can continuously test your systems as they develop and change. Data protection is a wider business discussion and every single person in your organisation is responsible.” – Holly Williams

 

“So many clients ring us in total panic and upset when their business experiences a breach. You have to invest in your security like you would any other part of your business. DDoS protection, WAFs and segregating your networks is essential.” – Josie Rickard

 

17th July 11.03. Our expert security panel

Our panel discussion on managing your reputation after a cyber-attack has begun! Unlocked guests welcome Marc Avery back onto stage, along with Holly Williams, Technical Director at Secarma, and Josie Rickard, Director of Account Management at UKFast.

 

 

 

 

 

17th July 11.00am. What can we do about phishing?

Stephen advises: “Focus on keeping up to date with vulnerabilities and employee training. Employees are the biggest threat to your business – if your awareness is poor then the technology is useless.

“Phishing as a Service has been developed by UKFast to simulate a phishing campaign, to help people train their employees. You can send a fake phishing email to your team and then see the results of who opened a link, who submitted data and see who and which departments are a risk and need more training.”

“14 billion phishing emails are sent every day, worldwide” – Stephen Crow

17th July 10.55am A word about phishing

Before we head into this morning’s panel, Head of Defensive Securities at UKFast Stephen Crow is welcomed to the stage for a quick Q&A about phishing.

 

 

 

 

 

17th July 10.49am Embedding security into your systems

• Design technology based on secure architecture.
• Build security into your programmes, communicate this with your team and use secure standards.
• Employ risk-based testing and consider security within use cases like WannaCry.
• Get the basics right, prioritise threats and vulnerabilities, and focus on detection and recovery.

17th July 10.39am. The challenges ahead

• Consumer focus on security is slowly decreasing
• Getting the basics right is still an issue
• Security skills and resources demand vastly outweighs supply
• Proliferation of technology continues to present risks

 

“Over a million devices are currently vulnerable to Blue Keep exploits – and that’s just the internet-facing servers.” – Marc Avery

17th July 10.28am. Talk number two

Next up is Marc Avery, Independent Cyber Advisor and Club CISO member. Marc is here to guide the audience through building security assurance in business and IoT.

 

 

 

 

 

 

 

“Security needs to be a fundamental part of every business process and board members must take an interest” – John Noble

17th July 10.10am. John’s advice

• Keep your software up to date
• A password is not enough – use multi-factor authentication
• Protect your administrator access
• Fix all configuration errors
• Understand your data and why you need to protect it
• Understand the risk in your supply chain and using third party services

 

“People are your biggest risk. We’ve got to get the culture right and you must understand where you need extra expertise to help you.” – John Noble

 

17th July 10.05am. The root causes of compromise

• Getting the basics wrong (failing to patch and update vulnerabilities)
• Complexity of networks (not understanding what data you need to protect and why)
• Legacy equipment
• Risks from your supply chain and trusted connections
• Mergers and acquisition (due to break down of cybersecurity team in interim periods)
• Outsourcing and third parties
• Underestimating cybersecurity risks

 

17th July 9.45am. The first keynote speaker of the day

John Noble, Director at the National Cyber Security Centre, takes to the stage to present his talk ‘ The seven root causes of compromise: What went wrong and why?’

 

 

 

 

 

 

17th July 9.40am. Nearly time to start!

Unlocked host Arlene Bulfin introduces the event as the guests settle in for the first of the morning’s talks.

 

 

 

 

 

 

 

 

17th August 9.14am. Nearly time to start!

Our Unlocked guests and speakers are arriving for what promises to be a jam-packed morning full of expert talks, panel discussions, a one-to-one clinic and a data breaches workshop. We can’t wait to get started!