The document discusses the increased risk of insider threats amid the COVID-19 pandemic, emphasizing the necessity for organizations to equip their IT staff with both technical and soft skills to address these challenges. It advocates for the implementation of apprenticeship programs as a means to develop well-rounded cyber security professionals capable of mitigating the heightened risks posed by remote working and cybercriminal exploitation. The author argues against the exclusive hiring of university graduates, highlighting the benefits of diversifying the workforce through apprenticeships.

1. 8
Network Security April 2020
FEATURE
Are your IT staff ready
for the pandemic-driven
insider threat? Phil Chapman
Obviously the threat to human life is
the top concern for everyone at this
moment. But businesses are also starting
to suffer as productivity slips globally
and the workforce itself is squeezed.
The UK Government’s March budget
did announce some measures, especially
for small and medium-size enterprises
(SMEs), that will make this period
slightly less painful for organisations.
However, as is apparent from the tank-
ing stock market (the FTSE 100 has
hit levels not seen since June 2012) the
economy and pretty much all businesses
in the country (unless you produce hand
sanitiser) are going to suffer. There is no
time like now for the UK to embrace
its mantra of ‘keep calm and carry on’
because that is what we must do if we’re
going to keep business flowing.
For the IT department at large there is
lots of urgent work to do to ensure that

2. the business is prepared to keep running
smoothly even if people are having to
work remotely. The task at hand for cyber
security professionals is arguably even
larger as Covid-19 is seeing cyber criminals
capitalising on the fact that the insider
threat is worse than ever, with more people
working remotely from personal devices
than many IT and cyber security teams
have likely ever prepared for.
This article will argue that the cyber
security workforce, which is already suf-
fering a digital skills crisis, may also be
lacking the adequate soft skills required
to effectively tackle the insider threat
that has been exacerbated by the pan-
demic. It will first examine the insider
threat, and why this has become so
much more insidious because of Covid-
19. It will then look into the essential
soft skills required to tackle this threat,
before examining how organisations can
effectively implement an apprentice-
ship strategy that generates professionals
with both hard and soft skills, includ-
ing advice from the CISO of globally
respected law firm Pinsent Masons, who
will provide insight into how he is mak-
ing his strategy work. It will conclude
that many of these issues could be solved
if the industry didn’t rely so heavily on
recruiting graduates and rather looked
towards hiring apprentices.

3. The insider threat
In the best of times, every cyber-pro-
fessional knows that the biggest threat
to an organisation’s IT infrastructure
is people, both malicious actors and
– much more often – employees and
partners making mistakes. The problem
is that people lack cyber knowledge and
so commit careless actions – for exam-
ple, forwarding sensitive information to
the wrong recipient over email or plug-
ging rogue USBs into their device (yes,
that still happens). Cyber criminals
capitalise on this ignorance by utilising
social engineering tactics ranging from
the painfully simple, like fake emails
from Amazon, to the very sophisticated,
such as CEO fraud. A contact from
the industry that works at one of the
world’s largest consultancies recently
relayed a case of CEO fraud where a
cyber criminal hacked into a CEO’s
email server to learn the syntax he used.
The hacker then sent a carefully crafted
redemption request to the CEO’s fund
manager and was able to steal £5m.
“Hackers are producing
scams taking advantage of
the Covid-19 pandemic –
with Check Point finding that
coronavirus-related domains
are 50% more likely to install
malware onto your system”

4. Remote working adds a new layer of
complexity to the problem. In 2018,
CybSafe claimed that 32% of organisa-
tions surveyed had experienced a cyber
attack as a direct result of an employee
working outside of the businesses’ secu-
rity perimeter.1 This statistic is prob-
ably conservative in contrast to what
the reality would be now, with The
International Workplace Group report-
ing last year that 50% of employees
globally work away from the office at
least two and a half days a week, which
seems high, and this is shifting closer to
the 100% mark, albeit temporarily.2
Working remotely brings up the same
problems as bring your own device
(BYOD) – if your users are working on
a personal device, is this device secured
with a company-sanctioned level of
anti-virus software and password pro-
tection technologies? Then, personal
device or well-secured work device
Phil Chapman, Firebrand Training
As this article is being written it’s mid-March. The situation
likely will have
changed significantly by the time you read this, as it does by
the day and even
the hour. The World Health Organisation (WHO) has declared
Covid-19 to be
a global pandemic and the UK Government has stepped up its
response from the

5. ‘contain’ to the ‘delay’ phase. Public spaces and transport are
noticeably quieter
and many workplaces are getting emptier as staff members work
from home.
April 2020 Network Security
9
FEATURE
aside, what network are they connect-
ing to? Are they relying on a virtual
private network (VPN) or their home
Internet service provider (ISP) capabil-
ities, which could be more vulnerable
to infiltration than your well-fortified
internal network? As well, being physi-
cally away from the organisation usually
results in a slower response to regular
health-checks such as patching, updates
and upgrades, so it must be a priority
for businesses to establish regular and
planned activities to ensure that all of
this is looked after.
Taking advantage
To make matters worse, hackers are
producing scams taking advantage of
the Covid-19 pandemic – with Check
Point finding that coronavirus-related
domains are 50% more likely to install
malware onto your system.3 Some
attackers have even designed specif-
ic websites that encourage visitors to

6. download an application that will keep
them updated on the latest Covid-19
news. When you download the file, a
map of how the disease is spreading
pops up, but a malicious binary file
(using software known as AZORult)
has been installed in the background.
AZORult is known to steal victims’
browsing history, cookies, ID, pass-
words and crypto-currencies.4 The situ-
ation is so dire that even the WHO has
provided a six-step guide as to what to
look out for, which includes verifying
email addresses, heightened awareness
around providing personal identifiable
information (PII), not feeling pressured
to supply and respond in these times
of urgency and reporting anything that
doesn’t feel right.5
Cyber security teams must make sure
that strict measures and policies are in
place to ensure the highest level of secu-
rity when staff are working from home.
And if this isn’t a common practice
already, now is the time to implement
it – and quickly. Top strategies include
requiring multi-factor authentication to
log into company portals, and requiring
all personal devices to be equipped with
employer-provided security software
and the latest software updates prior to
permitting any access to remote systems.
But, of equal importance is ensuring that
staff are equipped with the essential cyber

7. skills needed to avoid scams – and that
they follow company policy because they
understand why strict measures are in
place. And, funnily enough, to deal with
and teach people, you need people skills!
Hard and soft skills
Before discussing the importance of peo-
ple skills, it must be acknowledged that
something the cyber security workforce
is missing is people. UK cyber security
is now worth £8.3bn and is staffed by
43,000 full-time employees.6 However,
despite this, as we’re all aware, there are
not enough people to fortify organisa-
tions against cybercrime, with the average
data breach costing businesses £3m.7
The International Information System
Security Certification Consortium, or
(ISC)² – a non-profit specialising in train-
ing and certifications for cyber security
professionals – found the global skills
gap grew by 33% in 2019. Some 65% of
firms have a shortage of cyber staff and
the UK needs to increase its workforce by
291,000 people to plug the gap.8
Many organisations will assume that,
because the job is technical, cyber secu-
rity professionals must have a university
degree to qualify. However, this simply
isn’t the case and is part of the reason
why we are struggling to fill the cyber
security skills gap – there aren’t enough
cyber security graduates to defend
against the UK’s cyberthreat. The solu-

8. tion lies with an incredibly underes-
timated group of people. Apprentices
become fantastic cyber security profes-
sionals, who have the technical skills that
graduates have, as well as arguably better
soft skills because their learning process
requires them to get real-world experi-
ence working with people.
Apprentices gain a deep understand-
ing not just of the network, but also the
Weekly registrations of coronavirus-related domain names,
mostly by spammers and other cyber
criminals. Source: Check Point Software.
Cyber criminals have exploited copies of the genuine John
Hopkins University Covid-19 map on
sites designed to deliver malware. Source: Reason Security.
10
Network Security April 2020
FEATURE
business and its culture. This means that,
when putting a cyber security policy
together, they can develop something that
is bespoke to their business. It also means
education and general cyber security com-
munications can take place in the com-
pany’s tone of voice, via the medium that
employees are most likely to read. This
sounds simple, but sadly many businesses

9. view education, policy and communica-
tion as an afterthought. And, as discussed
earlier, this is especially important at
the moment when remote working and
Covid-19-themed hacks are making the
organisation especially vulnerable.
Of course, technical knowledge is crit-
ical. Professionals must understand sys-
tems architecture and be able to identify
attacks and implement relevant defences
(as well as mitigate against issues). But
apprenticeships can still come out tops
because they enable individuals to imple-
ment new skills immediately, allowing
them to put into practice what they’ve
learned. Apprenticeships must not be
underestimated – they are arguably the
best option out there to develop the
truly rounded professionals that the
modern workforce needs.
The cost of
apprenticeship training
A business concern may be that the dif-
ference with an apprentice is that the
organisation has to help train an indi-
vidual from scratch as there is a chance
they’ll have no cyber security knowledge
whatsoever. This is a legitimate con-
cern because apprenticeships do require
investment in time and money, but
arguably no more than a good graduate
scheme would.
“Your organisation may have

10. a recruitment rule, such as
only hiring from red brick
universities, but to find
apprentices from all walks of
life you need to move away
from traditional funnels”
To expand on this, the average cost of
an apprentice for a company amounts to
£18,000 for a one-year programme. With
that, each apprentice will study towards
three to four vendor certifications, as well
as getting a full year’s worth of mentoring
while working and developing those all-
important practical skills at the same time.
This approach exposes them to every
nook and cranny of your systems while
at the same time equipping them with
the skills they need to spot threats from
within. Aside from this being far less than
you’d pay for the average graduate, with
salaries starting around the £28,000 a
year mark, apprenticeships are valuable in
another, less-obvious way – retention.
Paying for apprenticeship qualifications
also doesn’t need to come from your
precious HR budget. The Apprenticeship
Levy is a compulsory UK tax on organi-
sations whereby those with an annual pay
bill in excess of £3m keep aside 0.5% of
the bill minus an additional annual ‘levy
allowance’ of £15,000 which they must
spend on apprenticeships.9 Basically,
organisations have a pot of money which,

11. for many, goes untouched when it could
be used to bring in new apprentices or
upskill existing employees.
Implementing an
apprenticeship strategy
In terms of implementing these schemes
so as to have a strategy that produces the
most well-rounded cyber-professionals,
Christian Toon, CISO at Pinsent Masons,
believes that training apprenticeships are
a key part of a wider, layered approach to
cyber defence within the organisation.
With regards to bringing in apprentices
for the first time, he says: “It’s important
to broaden your recruitment approach.
Your organisation may have a recruitment
rule, such as only hiring from red brick
universities, but to find apprentices from
all walks of life you need to move away
from traditional funnels. Look out for peo-
ple showing a willingness to learn – some
of the best apprentices I have found have
been via online forums like Twitter. Put a
post out via your organisation’s profile and
see what sort of responses come back to
you – you will soon find that people who
aren’t necessarily qualified but have a real
passion for technology will emerge.”
Once you’ve found apprentices and
brought them into your organisation,
Toon acknowledges that there can be
challenges, but flexibility is key.

12. “Organisations must make allowances
for the development of people and of
course this takes time and resources,”
he says. “Especially if you are hiring
younger people who have never worked
in an office before, patience is absolutely
essential and setting aside time for your
apprentices to spend time studying as well
as learning practical skills is key. In terms
of giving them real-world experience,
there are two ways to do this efficiently.
“First, allow them to help on tasks where
they will see a demonstrable change – for
example, blacklisting domains. Second, give
them projects to work on independently:
even better if these projects allow them
to break something. I recently challenged
an apprentice to work on a vulnerability
assessment because with the rise of the IoT
we’ve seen some new wifi networks pop
up on our network. The apprentice had
to scan and identify the networks, profile
Apprentices gain a deep understanding not just of the network,
but also the business and its culture.
April 2020 Network Security
11
FEATURE
them to see what data was beaconing from

13. them to identify their owners and finally, if
compliant with the Computer Misuse Act,
they could try to break any networks that
weren’t meant to be there.”
He concludes with a call out to the
industry.
“I don’t come from a traditional uni-
versity-educated background,” he says,
“so may be more passionate than others
about the importance of supporting
young people who want to get into
digital roles but may find university an
inaccessible route. Training more people
doesn’t just benefit them, it benefits
the entire industry. As Jack Lemmon
said: ‘No matter how successful you get,
always send the elevator back down’.”
The cyber security industry must start
valuing apprenticeships as equal to, if
not better than, a university degree. This
argument may be controversial, especially
seeing as the majority of the cyber secu-
rity populace at this stage probably do
come from a university background. We
most definitely should not stop hiring
graduates but it is of critical importance
that we widen the hiring pool to also
include apprentices, and those from other
departments that have upskilled via digi-
tal apprenticeships.
This unique way of learning the trade
equips people with both the hard and soft

14. skills needed to fight insider threat-centric
cybercrime, which is especially important
at the present when Covid-19 is pushing
more people than ever to work remotely.
We will get through this tricky period and
the cyber-challenges it is throwing at us, as
long as we don’t ignore the cyber security
skills gap and keep educating fantastic pro-
fessionals who can defend the UK and the
world against mounting cybercrime.
About the author
Phil Chapman is a senior cyber security
instructor for Firebrand Training (https://
firebrand.training/uk) who predominant-
ly helps train UK law enforcement. He
has 13 years’ experience as a Microsoft
Certified Trainer and security specialist
and five years’ experience as a military
instructor. Before becoming a trainer he
spent 23 years in both the Ministry of
Defence and the Royal Air Force.
References
1. Jones, Connor. ‘A third of cyber
attacks exploit unsecure remote
working’. ITPro, 20 Dec 2018.
Accessed March 2020. www.itpro.
co.uk/security/32617/a-third-of-
cyber attacks-exploit-unsecure-re-
mote-working.
2. Murphy, Hannah. ‘How remote
working increases cyber security

15. risks.’ Financial Times, 8 Dec 2019.
Accessed March 2020. www.ft.com/
content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9.
3. Mix. ‘Coronavirus domains 50%
more likely to infect your system
with malware’. The Next Web, 6
Mar 2020. Accessed March 2020.
https://thenextweb.com/securi-
ty/2020/03/05/coronavirus-do-
mains-malware-infect/.
4. Mehta, Ivan. ‘Hackers are using
coronavirus maps to infect your
computer’. The Next Web, 11
Mar 2020. Accessed March 2020.
https://thenextweb.com/securi-
ty/2020/03/11/hackers-are-us-
ing-coronavirus-maps-to-in-
fect-your-computer/.
5. ‘Beware of criminals pretending
to be WHO’. The World Health
Organisation, 2020. Accessed March
2020. www.who.int/about/commu-
nications/cyber security.
6. Warman, Matt. ‘UK’s boom-
ing cyber security sector worth
£8.3 billion’. UK Department for
Digital, Culture, Media & Sport,
30 Jan 2020. Accessed March 2020.
www.gov.uk/government/news/
uks-booming-cyber security-sec-

16. tor-worth-83-billion.
7. Caines, Jason. ‘Kaspersky reveals
magnitude of British business
cyber-complacency’. Software
Testing News, 14 Feb 2020.
Accessed March 2020. www.soft-
waretestingnews.co.uk/kaspersky-re-
veals-magnitude-of-british-busi-
ness-cyber-complacency/.
8. Green, Chris. ‘Cyber security skills
gap reaches all-time high’. Firebrand
Training Blog, 18 Nov 2019.
Accessed March 2020. https://blog.
firebrand.training/2019/11/cyber
security-skills-gap-reaches-all-time-
high.html.
9. ‘Guidance: Apprenticeship funding:
how it works’. Education & Skills
Funding Agency, 13 Mar 2020.
Accessed March 2020. www.gov.uk/
government/publications/apprentice-
ship-levy-how-it-will-work/appren-
ticeship-levy-how-it-will-work.
Essentials for selecting a
network monitoring tool
Cary Wright
In 2020, we’re already seeing
threats morph more and more rap-
idly. Standardised attack methods are

17. being automatically synthesised into
multiple, even individually customised
attack vectors based on results from prior
attacks. Rapidly changing attacks custom-
ised to individuals are relegating standard
signature-based threat detection to basic
Cary Wright, Endace
Enterprises are increasingly aware of how essential it is to have
efficient tools in
place to monitor for cyber security and performance issues.
However, the selection
process can be daunting and some organisations are not clear on
the key features
to look for in a network-monitoring tool.
https://firebrand.training/uk
https://firebrand.training/uk
http://www.itpro.co.uk/security/32617/a-third-of-
cyber%20attacks-exploit-unsecure-remote-working
http://www.itpro.co.uk/security/32617/a-third-of-
cyber%20attacks-exploit-unsecure-remote-working
http://www.ft.com/content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9
http://www.ft.com/content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9
http://www.ft.com/content/f7127666-0c80-11ea-8fb7-
8fcec0c3b0f9
https://thenextweb.com/securi-ty/2020/03/05/coronavirus-
do-mains-malware-infect/
https://thenextweb.com/securi-ty/2020/03/05/coronavirus-
do-mains-malware-infect/
https://thenextweb.com/securi-ty/2020/03/05/coronavirus-
do-mains-malware-infect/

18. https://thenextweb.com/securi-ty/2020/03/11/hackers-are-
us-ing-coronavirus-maps-to-in-fect-your-computer/
https://thenextweb.com/securi-ty/2020/03/11/hackers-are-
us-ing-coronavirus-maps-to-in-fect-your-computer/
https://thenextweb.com/securi-ty/2020/03/11/hackers-are-
us-ing-coronavirus-maps-to-in-fect-your-computer/
https://thenextweb.com/securi-ty/2020/03/11/hackers-are-
us-ing-coronavirus-maps-to-in-fect-your-computer/
http://www.who.int/about/commu-nications/cyber%20security
http://www.who.int/about/commu-nications/cyber%20security
http://www.gov.uk/government/news/uks-booming-
cyber%20security-sector-worth-83-billion
http://www.gov.uk/government/news/uks-booming-
cyber%20security-sector-worth-83-billion
http://www.soft-waretestingnews.co.uk/kaspersky-re-veals-
magnitude-of-british-busi-ness-cyber-complacency/
http://www.soft-waretestingnews.co.uk/kaspersky-re-veals-
magnitude-of-british-busi-ness-cyber-complacency/
http://www.soft-waretestingnews.co.uk/kaspersky-re-veals-
magnitude-of-british-busi-ness-cyber-complacency/
http://www.soft-waretestingnews.co.uk/kaspersky-re-veals-
magnitude-of-british-busi-ness-cyber-complacency/
https://blog.firebrand.training/2019/11/cyber%20security-skills-
gap-reaches-all-time-high.html
https://blog.firebrand.training/2019/11/cyber%20security-skills-
gap-reaches-all-time-high.html
http://www.gov.uk/government/publications/apprentice-ship-
levy-how-it-will-work/appren-ticeship-levy-how-it-will-work
http://www.gov.uk/government/publications/apprentice-ship-
levy-how-it-will-work/appren-ticeship-levy-how-it-will-work
http://www.gov.uk/government/publications/apprentice-ship-
levy-how-it-will-work/appren-ticeship-levy-how-it-will-work
http://www.gov.uk/government/publications/apprentice-ship-
levy-how-it-will-work/appren-ticeship-levy-how-it-will-work
http://www.itpro.co.uk/security/32617/a-third-of-
cyber%20attacks-exploit-unsecure-remote-working

19. http://www.itpro.co.uk/security/32617/a-third-of-
cyber%20attacks-exploit-unsecure-remote-working
http://www.gov.uk/government/news/uks-booming-
cyber%20security-sector-worth-83-billion
https://blog.firebrand.training/2019/11/cyber%20security-skills-
gap-reaches-all-time-high.html
https://blog.firebrand.training/2019/11/cyber%20security-skills-
gap-reaches-all-time-high.htmlAre your IT staff ready for the
pandemic-driven insider threat?The insider threatTaking
advantageHard and soft skillsThe cost of
apprenticeship trainingImplementing an apprenticeship
strategyReferences