The document discusses implementing a layered approach to cyber security, with each layer reinforcing the others, such as educating staff, implementing email security, perimeter security with next generation firewalls, and endpoint protection. It emphasizes that no single security product can adequately address all threats and recommends working with security vendors to deploy technologies that work together as a complete solution. Education of staff is highlighted as the first line of defense against many common threats like phishing.
26. Managed Services
⢠Phishing Service
⢠Internal Vulnerability Scanning
⢠External Vulnerability Scanning
⢠Web Application Testing
⢠Web Compliance Testing
⢠Security Benchmarking (CIS20, ISO)
⢠Crisis Management Service (Table top Service)
27. Solutions
⢠All Flash Arrays
⢠End Point Security
⢠Backup and Restoration
⢠Insider Threat Detection
⢠Server and Storage
⢠SIEM Solutions
⢠Firewall
⢠Et al.
39. AGENDA â Up NextâŚ
12.00-12.20 Welcome, SâŚ. is for Eric Langley
12.20-12.40 GUEST SPEAKER - Martin Beaton Langley
Cyber Security Cluster Coordinator for Scotland
ScotlandIS
12.40-14.10 Lunch & meet the Exhibitors Hempel
14.10-14.30 Customer Panel Langley
14.30-15.00 BREAKOUT SESSION 1
Stream A â IoT Secure Future Langley
Stream B â Phishing with a fine line⌠Mercer
15.00-15.15 ---- Break ----- Hempel
15.15-15.45 BREAKOUT SESSION 2
Stream A â Onions anyone? Seric's view on layered security Langley
Stream B â Phishing with a fine line⌠Mercer
15.45-16.15 BREAKOUT SESSION 3
Stream A â IOT Secure Future Langley
Stream B â Are you Cyber Ready? â A Boardâs Eye View Mercer
16.15-16.30 WRAP UP Langley
16.30-18.00 Networking drinks/ Prize Draw Hempel
40. Public funded routes to cyber
security and world domination
Martin Beaton, Cyber security cluster coordinator
Thursday 13th September
Seric
Spotlight on Technology
41. 7th year of working with cyber cluster
1330 FLOPS
1980
2.2 GIGAFLOPS
2000
3.5 TERAFLOPS
2018
Business Dev Network Integrator Cluster coordinator
2012 2018
Faster computer currently:
IBM Summit â 200 PETAFLOPS
Human Brain â 1 EXAFLOP
(1000 PETAFLOPS)
42. Action Plans
Public sector
action plan
⢠John Swinney
wrote to all
public bodies
requiring cyber
resilience by
late 2018
⢠Some funding
was made
available
Private and third
sector action plan
⢠Industry
encouraged to
get secure and
force cyber
resilience onto
their supply
chain
⢠Cyber catalysts
chosen and
supported by SG
Learning and Skills
action plan
⢠Ensure that
citizens and
industry is
protected
⢠Ensure that
Scotland has the
talent supply
needed to grow
Economic
opportunity action
plan
⢠Creation of a
CMO
⢠Funding to
promote
innovation
⢠Funding for a
new cyber
voucher scheme
2015 Scottish Cyber Security Strategy Plans (4/5)
44. Demand
0
100
200
300
400
500
600
May June July Aug Sept Oct Nov Dec Jan Feb Mar April May
Monthly Scottish Cyber Essentials Count
2018 2017 Linear (2018) Linear (2017)
Cyber
essentials
Cyber
essentials
+
May 2017 239 17
May 2018 426 62
78%
increase
265%
increase
Cyber essentials
demand over
last two years
45. Accessing grants tend to require..
⢠Business plan (but they can help you with this)
⢠Relationship with Business Gateway or Account managed
⢠OrâŚ. You could even be on their High growth Pipeline..!
⢠You need to be starting a company which will achieve a minimum of £5m
valuation within 3 year of have revenues of ÂŁ5m within 5 years..
46. Voucher scheme
⢠£500k available to help companies
become cyber secure
⢠Probably no need to be account
managed
⢠21 Scottish Cyber certifying
companies will have a share of
(possibly) around ÂŁ1000 vouchers.
⢠Scotland currently falling behind rest
of the UK in cyber essentials
certificates.
⢠In 2014 InnovateUK ran a £5000
voucher scheme. Initially struggled to
give the money away.
⢠In 2016 SE ran a £1500 voucher
scheme. Initially slow to give money
away!
⢠In 2017 HIE ran a voucher scheme
Scotland will be the only region in the UK with a cyber essentials voucher
scheme
47. Financial Incentives Landscape
Time to Market
Prototype
Development
Experimental
Development
Pre-competitive
Development
Academic
researchBasic Research
Pure & Orientated
Applied Research
Strategic & Specific
Pre- Production
Production
R&D Tax
Relief
SMART
R&D
Grant
Industry
Research
Patent
Box
Env Aid
Produce Scale Up
SIB â Equity
Debt
Seek &
Solve
Creative
Industry Relief
TrainingRSA
48. Improving security funding
Making account managed companies resilient reduces risk to
Scottish Enterprise and makes companies more âinvestableâ
⢠For account managed companies
⢠Support to improve security posture
⢠Typically available at 30-50% of costs
50. Cyber Security Company Growth (91 and
growing fast)
6
11
28 28
34
5
10
32
47
57
0
10
20
30
40
50
60
2012 2014 2016 2017 2018
Goods Services
The growth of Scotlandâs cyber
security industry has been rapid over
6 years.
Scotland is one of the most innovative
countries in the world and are leaders
in many areas of technology including
renewables, life sciences, photonics
and the digital economy.
51. SMART: SCOTLAND
⢠6 â 36 months duration
⢠Available to SMEs Only
⢠Funds up to 70% of eligible costs for grants up to £100k
⢠Funds up to 35% of eligible costs for Grants up to £600k
⢠Must be highly innovative and Carry Risk
⢠Must be technically challenging
⢠Typical turnaround is 10-12 weeks
https://www.scottish-enterprise.com/support-for-businesses/funding-and-grants/growing-your-business/smart-
scotland-grant
52. Large
Customer
Supplier
(SME)
Scottish
Enterprise
1. Large customer
needs a solution:
â˘Not available on
market
â˘Not something they
would develop
in-house
2. SME proposes project
for:
â˘Solution not available on
market
Has:
â˘Know-how to develop
solution
â˘Skills or potential to
commercialise solution
3. SE looks for:
â˘Level of innovation and market
potential
â˘Project contract between Customer
and Supplier
?
Seek and Solve
Similar to Inogesis a
London based virtual
technology group
54. Innovation vouchers
⢠Between £5k and £10k
⢠Covers academic project costs and is paid directly to the University or
College
⢠Company contributes equal value in cash or kind
⢠Follow on voucher worth £20k
https://interface-online.org.uk/how-we-can-help/funding/standard-innovation-vouchers
55. Innovation Loan
⢠UK Gov have £10m in loans to help businesses make innovation a
commercial reality
⢠Any area of technology
⢠Opens 17 September 2018
⢠Closes 14th November 2018
⢠For 100% of eligible project costs
⢠Project can last up to 5 years
⢠Presume it needs to be paid back at some pointâŚ.
56. DSTL, Defence and Security Accelerator
⢠Themed Competitions
⢠Predictive Cyber Analytics, up to £1m funding available
⢠PAST â Autonomous last mile resupply
⢠PAST - improving crowd resilience
⢠PAST - the future of aviation security
⢠PAST - finding explosives hidden in electrical items
⢠Open calls for innovation
⢠Anything to improve the defence and security of the UK
⢠Can be concept, product or service at various levels of maturity
⢠Focus area: Matching passengers with their x-ray trays during airport
screening
⢠Focus area: Assistive technology for rail staff
⢠Defence - £30- 90k
⢠Security, no limit but £150k is a guide
57. Seed Haus
⢠Leith based investors/incubator
⢠Typically provide 6 months funding to allow âentrepreneurs mortgages
to be paidâ
⢠Cohort 3 recruitment now open
⢠Several cyber companies already present
58. Civtech & CANDO Innovation
⢠Public and private sector brought together
⢠Funded by public sector
⢠Purpose is to bring innovation to public sector
⢠3 month accelerator programme
⢠Contract values up to £250k
61. Phishing with a fine lineâŚ
Stuart Macdonald - MANAGING DIRECTOR
stuart.macdonald@seric.co.uk @stuart_seric
SEPTEMBER 13TH 2018 â THE CORINTHIAN
76. Layered approach to security
Layer 1
Layer 2
Layer 3
Layer 4
Breadth of Problem
Depth
of Problem
77.
78.
79.
80. ⢠User Awareness and Education Prevail â Are you doing that?
⢠Human-Powered Intelligence Trumps Automation - Using it?
⢠Attack Sophistication is increasing
⢠A layered approach is necessary
⢠Will it pass the GDPR test?
Is your current strategy
effective and defensible?
81.
82. ⢠Phishing is a highly effective and common method (of delivery)
⢠It is targeted and not going awayâŚ
⢠What sort of Phishing would it be?
⢠Your staff need educatedâŚ
⢠You may need to demonstrate that you educated them
Relative likelihood
83. ⢠Throughout the employment lifecycle (Training/Enablement)
⢠Targeted: who, where and with what! (Testing)
⢠Defensible in the Context of GDPR (Business or Individual failure?)
⢠A part of your layered approach (Another layer to your defences)
⢠Educating, Informing & Trending your outcomes⌠(What do you do?)
Is your current strategy
effective and defensible?
ďź
ďź
ďź
ďź
ďź
Sericâs Managed
Service
84. ⢠Train and Enable your staff
⢠Test your staff
⢠Get some data in the drawer on what you did
⢠Layer your approach
⢠Call us if it is time consuming and expensive
Our solution and yours
92. Confidential in Confidence 92
Layered approach to security
1. Education of staff
2. Business Process
3. Email security
4. File and Application protection.
5. Perimeter security
6. Endpoint Security
93. Confidential in Confidence 93
Layered approach to security
1. Education of staff â The first line of defence is making sure that staff
are trained and know what to look out for, email is still the biggest
threat to a business.
2. Email security / Office 365 protection â Using Trend Micro Hosted
Email security and Trend Micro Application Control, both of these
products will work in conjunction with Microsoft ATP in Office 365.
3. Perimeter security â While Firewalls are good, they are not the only
defence required. Our weapon of choice is the Sophos XG and Sophos
Intercept X offering.
4. Endpoint Security â Trend Micro Complete Endpoint Security or Smart
Protection Complete for on Hybrid use or Sophos Unified Threat
management and Sophos Central for Cloud endpoint protection
94. Confidential in Confidence 94
Education of Staff
Staff education and awareness is key to increasing the front line of defence within any
organisation.
NCSC Step 5 in their 10 Steps to Cyber
1) Removable media â Employee Education
2) Handling of sensitive data â Business Process
3) Failure to report incidents â Business Process
4) External Attack - Phishing
5) Insider Threat â Technology protection
95. Confidential in Confidence 95
Business Email Compromise (BEC)
Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and
have suppliers abroad. Corporate or publicly available email accounts of executives or high-level
employees related to finance or involved with wire transfer payments are either spoofed or
compromised through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of
thousands of dollars in losses.
In May 2017, the FBI issued a notice claiming that BEC scams had cost businesses an estimated $5bn
over the previous three years, with losses rising 2370% from January 2015 to December 2016 alone.
Based on the FBI 5 recognised attacks:
ďˇ The Bogus Invoice Scheme- Companies with foreign suppliers are often targeted with this tactic, wherein
attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by
fraudsters.
ďˇ CEO Fraud- Attackers pose as the company CEO or any executive and send an email to employees in
finance, requesting them to transfer money to the account they control.
ďˇ Account Compromise-An executive or employeeâs email account is hacked and used to request invoice
payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.
ďˇ Attorney Impersonation- Attackers pretend to be a lawyer or someone from the law firm supposedly in
charge of crucial and confidential matters. Normally, such bogus requests are done through email or
phone, and during the end of the business day.
ďˇ Data Theft â Employees under HR and bookkeeping are targeted to obtain personally identifiable
information (PII) or tax statements of employees and executives. Such data can be used for future
attacks.
96. Confidential in Confidence 96
Seric work with Security vendors to ensure weâre able to deploy the best fit technology as part of the layered
defences.
Whether that be:
Trend Micro believe that there is no silver bullet, that there is no one product to rule them all.
Or
Sophos â who believe their next Gen Firewalls and Endpoint protection works as a complete solution, again, no
one product to rule them all!
Email Security
97. Confidential in Confidence 97
Seric work with Security vendors to ensure weâre able to deploy the best fit technology as part of the
layered defences
We are agnostic when it comes to perimeter firewalls, there are many variations out there! â but you
must have NetGen, meaning the following capabilities
1) IPS/IDS â Intrusion protection / Intrusion detection.
2) Application Aware
3) Threat Protection
Perimeter Security
98. Confidential in Confidence 98
Seric work with Security vendors to ensure weâre able to deploy the best fit technology as part of the
layered defences
Our preferred choice of vendors are Sophos and Trend Micro :
Endpoint Security
100. Confidential in Confidence 100
Business Challenge
St Helens and Knowsley Health Informatics wanted to shift its approach to IT
security and minimise the number of suppliers and products they were using
(including antivirus, network, email and web protection). The objective was to
become more efficient with their time, and to reduce costs. The team also
wanted to implement more effective solutions â a number of their existing
products werenât providing them with the level of protection they expected
and they wanted to reduce potential vulnerabilities impacting their security
setup. StHK HIS was ultimately looking to build a good, solid solution that was
flexible enough to cope with the everchanging NHS environment.
Technology Solution
The StHK HIS project team, headed up by Senior IT Project Manager and began the consolidation exercise.
Rob began discussing his challenges with ITHealth and agreed that Sophos solutions were ideal alternatives
to the disparate product set the organisation was using at the time.
Together, ITHealth and StHK HIS looked at all the separate systems to fully identify the requirements and a
suitable technical solution ITHealth, armed with all the information they needed, then created a proposal
that included Sophos UTM (Unified Threat Management) and Sophos Central (cloud-based endpoint and
server management console), providing the consolidated solution and costs StHK HIS required.
StHK HIS went ahead with the proposal and implementation began in July 2017. Sophos and ITHealth
honoured their initial pricing during this time.
StHK HIS has now implemented eight Sophos UTMs; four are providing security for the internet connections
and four provide security for the N3 connections, the national broadband network for the NHS. Sophos
Central has also been installed, replacing Microsoft System Center Endpoint Protection (SCEP) and providing
a unified console for managing all Sophos products.
109. Click to edit Master title style
Client Confidential 109
ď§ Networks of connected Smart devices
ď§ Artificial Intelligence
ď§ Blockchain
ď§ Unprecedented Growth
110. Click to edit Master title style
Client Confidential 110
ď§ Almost 30-years since we started connecting âthingsâ to the
internet!
ď§ Now, IoT is all around us.
ď§ Weâve all interacted with, or encountered IoT devices today!
111. Click to edit Master title style
Client Confidential 111
112. Click to edit Master title style
Client Confidential 112
ď§ Where did it all startâŚ
113. Click to edit Master title style
Client Confidential 113
ď§ First Internet Connected Toaster
ď§ TCP/IP
ď§ SNMP
ď§ Powered on over the internet
1990
ď§ Internet Connected Fridge
ď§ RFID Scanning
ď§ Barcode Scanning
ď§ $20,000 USD
2000
ď§ Internet connected wearable camera
ď§ Invented by Steve Mann
1999
ď§ âInternet of Thingsâ born
ď§ First coined by Kevin Ashton
ď§ Humans out-populated by internet
connected âthingsâ for the first time.
1999
ď§ Lightbulbs / Smart Home Devies
2000+
ď§ Smart TVs
2000+
ď§ Internet-connected CCTV
2000+
ď§ Fitness Trackers
ď§ Wearable Tech
2010+
ď§ Smart Home Controls
2010+
ď§ Autonomous Vehicles
2010+
ď§ Smart Cities
2010+
ď§ Smart Motorways
ď§ Hard Shoulder Control
ď§ Variable Speed Limits
ď§ Sensors / Warnings
2015+
114. Click to edit Master title style
Client Confidential 114
116. Click to edit Master title style
Client Confidential 116
ď§ Low-cost solutions to complex problems.
ď§ Rasberry Pi, IoT Development kits.
117. Click to edit Master title style
Client Confidential 117
ď§ Next generation are IoT aware
ď§ Inventors of the future encouraged by IoT coding kits
ď§ http://www.curiouschip.com/
118. Click to edit Master title style
Client Confidential 118
ď§ Even a ÂŁ5 âbuttonâ is IoT
ď§ Amazon Dash Button â one touch ordering
ď§ Can be repurposed (modded) asâŚ
ď§ Wireless doorbell
ď§ Panic Alarm
ď§ Garage door remote
ď§ DOMINOS PIZZA BUTTON!
119. Click to edit Master title style
Client Confidential 119
IoT is growing at an incredible rate!
Guesses?
125. Click to edit Master title style
Client Confidential 125
126. Click to edit Master title style
Client Confidential 126
ď§ Mirai Botnet, October 2016
ď§ Targets IP Cameras with Telnet service running.
ď§ Logs-in with known default credentials.
ď§ Connects back to Command & Control server.
ď§ New devices are infected
127. Click to edit Master title style
Client Confidential 127
ď§ 50,000 CCTV IoT devices
infected.
ď§ DDoS Traffic Peaked at over
1Tbps.
ď§ Internet down in Europe, East
and West Coast USA.
ď§ Largest Botnet ever recorded.
128. Click to edit Master title style
Client Confidential 128
Botnets are one of the fastest growing and fluid threats facing cyber
security experts today and introduced the 1Tbps DDoS era
- ENISA Threat Landscape 2017
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017
129. Click to edit Master title style
Client Confidential 129
ď§ IoT infected by Mirai was poorly
designed.
ď§ Default passwords in production.
ď§ Telnet from the Internet.
ď§ Plenty more IoT examples whereâŚ
ď§ Secure by Design principles not used.
ď§ No Threat Modelling or Security
Development Lifecycle.
130. Click to edit Master title style
Client Confidential 130
ď§ Biometric SmartLock (ÂŁ99)
ď§ Zamac 3 Zinc Alloy Body
ď§ âVirtually Unbreakableâ
131. Click to edit Master title style
Client Confidential 131
ď§ Biometric SmartLock (ÂŁ99)
âŚtwists open with a screwdriver.
ď§ Zamac 3 Zinc Alloy Body
âŚmelts at 300°C
ď§ âVirtually Unbreakableâ
âŚeaten by boltcutters!
132. Click to edit Master title style
Client Confidential 132
ď§ Bluetooth MAC address reveals Key
and Serial Number.
ď§ Can be Geolocated
ď§ See Tapplock write-up by IoT
security researcher Ken Munro
@TheKenMunroShow
133. Click to edit Master title style
Client Confidential 133
ď§ Can be remotely hacked
ď§ Unauthenticated Bluetooth
pairing.
ď§ Re-program Caylaâs responses
ď§ Concealed Transmitter
ď§ BANNED in Norway & Germany!
ď§ University of Abertay, Ethical
Hacking students have published
findings.
@AbertayHackers
144. ď§ IoT Asset Inventory
ď§ IoT Network Architecture
ď§ Teardown / Penetration Testing
ď§ Firmware version checks
ď§ Network Monitoring
ď§ SIEMâŚif it records logs, we can monitor.
How SERIC can
helpâŚ
149. Confidential in Confidence 149
What is a Table Top
exercise?
⢠Simulated Exercise
⢠Key personnel with emergency management
roles
⢠Aims to practice response and learn
150. Confidential in Confidence 150
Purpose
Acknowledge Cyber gap at top level
Clarify roles & responsibilities
Staff preparedness
Test response plans
Low stress / safe environment
Continuous Learning - People and
IT change!
151. Confidential in Confidence 151
10 Steps: A Board Level ResponsibilityChallengesIs this not ITâs responsibility?
NO, this is a organisational responsibility as well as a legal
responsibility for directors.
Is this not the boardâs responsibility?
NO, no this is a organisational responsibility with each team
being accountable for their actions.
Is this not the DPOâs responsibility?
WRONG, DPO inform and advise, they are not responsible.
No-one is going to hack us!
WRONG, hackers are creative and can extract data and use this
against you to exploit the situation for monetary gains.
Weâre really secure and have never been hacked.
PROVE IT, oversight and 3rd party evidence is best practice to
ensure your security and integrity.
Whatâs the worst that can happen?
LOTS, See Section 198 Liability of Directors - DPA 2018, Brand
damage, etc
152. Confidential in Confidence 152
10 Steps: A Board Level ResponsibilityBenefits
Clarification of priorities
BOARD & IT priorities and decisions become better aligned
and coordinated.
Improves âcritical thinkingâ
FOCUSES thinking and prioritisation in âstressedâ situations.
Establish clear preparedness
PRACTICE & PREPARE for responses and understand what will
be required from the organisation.
Team Building
WORKING as a collective team to ensure a robust and effective
response is achieved.
157. Confidential in Confidence 157
Threat landscape
Professionalism
Financial scale
Predictions
Why is Cyber
Important?
Average cost to UK and time to resolve incident:
Malware: ÂŁ1.57 million â 6.4 days
Web-based attacks: ÂŁ1.52 million â 22.4 days
Denial-of-service (DoS) attacks: ÂŁ1.31 million â 16.8 days
Malicious insiders: ÂŁ960,000 â 50 days
Malicious code: ÂŁ960,000 â 55.2 days
Phishing and social engineering: ÂŁ960,000 â 20 days
Stolen devices: ÂŁ700,000 â 14.6 days
Ransomware: ÂŁ520,000 â 23.1 days
Botnets: ÂŁ260,000 â 2.5 days
158. Confidential in Confidence 158
Threat landscape
Professionalism
Financial scale
Predictions
Why is Cyber
Important?
Average cost to UK and time to resolve incident:
Malware: ÂŁ1.57 million â 6.4 days
Web-based attacks: ÂŁ1.52 million â 22.4 days
Denial-of-service (DoS) attacks: ÂŁ1.31 million â 16.8 days
Malicious insiders: ÂŁ960,000 â 50 days
Malicious code: ÂŁ960,000 â 55.2 days
Phishing and social engineering: ÂŁ960,000 â 20 days
Stolen devices: ÂŁ700,000 â 14.6 days
Ransomware: ÂŁ520,000 â 23.1 days
Botnets: ÂŁ260,000 â 2.5 days
160. Confidential in Confidence 160
Phase 1 â The Alert
Reactive actions from external alert
- IT user reporting ransomware
- Customer reporting issue
- 3rd party reporting issue
i. What would worst case be for the
Execs?
ii. What are our response priorities?
iii. What is our communications
strategy?
161. Confidential in Confidence 161
Phase 2 â The Escalation
Data Breach
⢠Personal Identifiable Information (PII)
⢠Personal / Sensitive (GDPR/DPA)
Ransom demand
Denial of Service
Risk to customers / staff / others
i. What would the impact of data loss
be?
ii. Legally what do we need to do?
iii. Can we shut down, what are the
impacts? CALMAC DATA BREACH
162. Confidential in Confidence 162
Phase 3 â The Communication
ICO 72 Hours â non-negotiable
-----------------------------------------
Shareholders
Employees
Customers
Press
Partners
NOT ME DATA BREACH
i. How does this change our response
strategy?
ii. How are our board communicating?
163. Regular Exercise keeps you fit Possibility vs. Probability
Physical/People/Cyber Incidents The Greater Good
Learnings