SlideShare a Scribd company logo

Spotlight on Technology 2018

•
•
C
Craig Devlin

The document discusses implementing a layered approach to cyber security, with each layer reinforcing the others, such as educating staff, implementing email security, perimeter security with next generation firewalls, and endpoint protection. It emphasizes that no single security product can adequately address all threats and recommends working with security vendors to deploy technologies that work together as a complete solution. Education of staff is highlighted as the first line of defense against many common threats like phishing.

Technology
1 of 163
Download to read offline
September 12th 2018 #SOT18
Client Confidential 2
Client Confidential 3
AGENDA 12.00-12.20 Welcome, S…. is for Eric Langley 12.20-12.40 GUEST SPEAKER - Martin Beaton Langley Cyber Security Cluster Coordinator for Scotland ScotlandIS 12.40-14.10 Lunch & meet the Exhibitors Hempel 14.10-14.30 Customer Panel Langley 14.30-15.00 BREAKOUT SESSION 1 Stream A – IoT Secure Future Langley Stream B – Phishing with a fine line… Mercer 15.00-15.15 ---- Break ----- Hempel 15.15-15.45 BREAKOUT SESSION 2 Stream A – Onions anyone? Seric's view on layered security Langley Stream B – Phishing with a fine line… Mercer 15.45-16.15 BREAKOUT SESSION 3 Stream A – IOT Secure Future Langley Stream B – Are you Cyber Ready? – A Board’s Eye View Mercer 16.15-16.30 WRAP UP Langley 16.30-18.00 Networking drinks/ Prize Draw Hempel
Client Confidential 5
S… is for Eric! Stuart Macdonald
Client Confidential 9 Who are We Seric SmartSTEMs
Security User Group
Managed Services • Phishing Service • Internal Vulnerability Scanning • External Vulnerability Scanning • Web Application Testing • Web Compliance Testing • Security Benchmarking (CIS20, ISO) • Crisis Management Service (Table top Service)
Solutions • All Flash Arrays • End Point Security • Backup and Restoration • Insider Threat Detection • Server and Storage • SIEM Solutions • Firewall • Et al.
Strategy • Business Continuity Planning • Cyber Strategy • Cloud Strategy • Compliance Planning • Cyber Education
Audit, Assessment, Compliance & Training • GDPR Compliance • Cyber Essentials / CE+ • CIS20 / NIST • Penetration Testing • ISO27001 • PCI-DSS • Staff Awareness
Our quiet wins… • Managed service clients • Cyber Board Exercises • Incident response • Arcserve • Pure • Lenovo • SIEM • Practical GDPR
Thankyouverymuch #Uhuhuh #Bananaman #SOT18
AGENDA – Up Next… 12.00-12.20 Welcome, S…. is for Eric Langley 12.20-12.40 GUEST SPEAKER - Martin Beaton Langley Cyber Security Cluster Coordinator for Scotland ScotlandIS 12.40-14.10 Lunch & meet the Exhibitors Hempel 14.10-14.30 Customer Panel Langley 14.30-15.00 BREAKOUT SESSION 1 Stream A – IoT Secure Future Langley Stream B – Phishing with a fine line… Mercer 15.00-15.15 ---- Break ----- Hempel 15.15-15.45 BREAKOUT SESSION 2 Stream A – Onions anyone? Seric's view on layered security Langley Stream B – Phishing with a fine line… Mercer 15.45-16.15 BREAKOUT SESSION 3 Stream A – IOT Secure Future Langley Stream B – Are you Cyber Ready? – A Board’s Eye View Mercer 16.15-16.30 WRAP UP Langley 16.30-18.00 Networking drinks/ Prize Draw Hempel
Public funded routes to cyber security and world domination Martin Beaton, Cyber security cluster coordinator Thursday 13th September Seric Spotlight on Technology
7th year of working with cyber cluster 1330 FLOPS 1980 2.2 GIGAFLOPS 2000 3.5 TERAFLOPS 2018 Business Dev Network Integrator Cluster coordinator 2012 2018 Faster computer currently: IBM Summit – 200 PETAFLOPS Human Brain – 1 EXAFLOP (1000 PETAFLOPS)
Action Plans Public sector action plan • John Swinney wrote to all public bodies requiring cyber resilience by late 2018 • Some funding was made available Private and third sector action plan • Industry encouraged to get secure and force cyber resilience onto their supply chain • Cyber catalysts chosen and supported by SG Learning and Skills action plan • Ensure that citizens and industry is protected • Ensure that Scotland has the talent supply needed to grow Economic opportunity action plan • Creation of a CMO • Funding to promote innovation • Funding for a new cyber voucher scheme 2015 Scottish Cyber Security Strategy Plans (4/5)
Scottish Enterprise support to help become resilient
Demand 0 100 200 300 400 500 600 May June July Aug Sept Oct Nov Dec Jan Feb Mar April May Monthly Scottish Cyber Essentials Count 2018 2017 Linear (2018) Linear (2017) Cyber essentials Cyber essentials + May 2017 239 17 May 2018 426 62 78% increase 265% increase Cyber essentials demand over last two years
Accessing grants tend to require.. • Business plan (but they can help you with this) • Relationship with Business Gateway or Account managed • Or…. You could even be on their High growth Pipeline..! • You need to be starting a company which will achieve a minimum of £5m valuation within 3 year of have revenues of £5m within 5 years..
Voucher scheme • £500k available to help companies become cyber secure • Probably no need to be account managed • 21 Scottish Cyber certifying companies will have a share of (possibly) around £1000 vouchers. • Scotland currently falling behind rest of the UK in cyber essentials certificates. • In 2014 InnovateUK ran a £5000 voucher scheme. Initially struggled to give the money away. • In 2016 SE ran a £1500 voucher scheme. Initially slow to give money away! • In 2017 HIE ran a voucher scheme Scotland will be the only region in the UK with a cyber essentials voucher scheme
Financial Incentives Landscape Time to Market Prototype Development Experimental Development Pre-competitive Development Academic researchBasic Research Pure & Orientated Applied Research Strategic & Specific Pre- Production Production R&D Tax Relief SMART R&D Grant Industry Research Patent Box Env Aid Produce Scale Up SIB – Equity Debt Seek & Solve Creative Industry Relief TrainingRSA
Improving security funding Making account managed companies resilient reduces risk to Scottish Enterprise and makes companies more ’investable’ • For account managed companies • Support to improve security posture • Typically available at 30-50% of costs
Scottish Enterprise support to cyber security economic opportunity innovation actions
Cyber Security Company Growth (91 and growing fast) 6 11 28 28 34 5 10 32 47 57 0 10 20 30 40 50 60 2012 2014 2016 2017 2018 Goods Services The growth of Scotland’s cyber security industry has been rapid over 6 years. Scotland is one of the most innovative countries in the world and are leaders in many areas of technology including renewables, life sciences, photonics and the digital economy.
SMART: SCOTLAND • 6 – 36 months duration • Available to SMEs Only • Funds up to 70% of eligible costs for grants up to £100k • Funds up to 35% of eligible costs for Grants up to £600k • Must be highly innovative and Carry Risk • Must be technically challenging • Typical turnaround is 10-12 weeks https://www.scottish-enterprise.com/support-for-businesses/funding-and-grants/growing-your-business/smart- scotland-grant
Large Customer Supplier (SME) Scottish Enterprise 1. Large customer needs a solution: •Not available on market •Not something they would develop in-house 2. SME proposes project for: •Solution not available on market Has: •Know-how to develop solution •Skills or potential to commercialise solution 3. SE looks for: •Level of innovation and market potential •Project contract between Customer and Supplier ? Seek and Solve Similar to Inogesis a London based virtual technology group
Non SE Grants to create cyber security companies
Innovation vouchers • Between £5k and £10k • Covers academic project costs and is paid directly to the University or College • Company contributes equal value in cash or kind • Follow on voucher worth £20k https://interface-online.org.uk/how-we-can-help/funding/standard-innovation-vouchers
Innovation Loan • UK Gov have £10m in loans to help businesses make innovation a commercial reality • Any area of technology • Opens 17 September 2018 • Closes 14th November 2018 • For 100% of eligible project costs • Project can last up to 5 years • Presume it needs to be paid back at some point….
DSTL, Defence and Security Accelerator • Themed Competitions • Predictive Cyber Analytics, up to £1m funding available • PAST – Autonomous last mile resupply • PAST - improving crowd resilience • PAST - the future of aviation security • PAST - finding explosives hidden in electrical items • Open calls for innovation • Anything to improve the defence and security of the UK • Can be concept, product or service at various levels of maturity • Focus area: Matching passengers with their x-ray trays during airport screening • Focus area: Assistive technology for rail staff • Defence - £30- 90k • Security, no limit but £150k is a guide
Seed Haus • Leith based investors/incubator • Typically provide 6 months funding to allow ‘entrepreneurs mortgages to be paid’ • Cohort 3 recruitment now open • Several cyber companies already present
Civtech & CANDO Innovation • Public and private sector brought together • Funded by public sector • Purpose is to bring innovation to public sector • 3 month accelerator programme • Contract values up to £250k
What else…?
The end! Martin Beaton Cyber security cluster coordinator Martin.beaton@scotlandis.com
Phishing with a fine line… Stuart Macdonald - MANAGING DIRECTOR stuart.macdonald@seric.co.uk @stuart_seric SEPTEMBER 13TH 2018 – THE CORINTHIAN
ENISA Threat Landscape Report 2017
Layered approach to security Layer 1 Layer 2 Layer 3 Layer 4 Breadth of Problem Depth of Problem
• User Awareness and Education Prevail – Are you doing that? • Human-Powered Intelligence Trumps Automation - Using it? • Attack Sophistication is increasing • A layered approach is necessary • Will it pass the GDPR test? Is your current strategy effective and defensible?
• Phishing is a highly effective and common method (of delivery) • It is targeted and not going away… • What sort of Phishing would it be? • Your staff need educated… • You may need to demonstrate that you educated them Relative likelihood
• Throughout the employment lifecycle (Training/Enablement) • Targeted: who, where and with what! (Testing) • Defensible in the Context of GDPR (Business or Individual failure?) • A part of your layered approach (Another layer to your defences) • Educating, Informing & Trending your outcomes… (What do you do?) Is your current strategy effective and defensible?      Seric’s Managed Service
• Train and Enable your staff • Test your staff • Get some data in the drawer on what you did • Layer your approach • Call us if it is time consuming and expensive Our solution and yours
Thankyouverymuch #Uhuhuh #GonePhishing #SOT18
Welcome to Seric’s Annual Spotlight on Technology Event #SOT18 #SERICCANHELP
Onions anyone? Let’s talk about layers…. Craig Fairlie – Technical Consultant Craig.fairlie@seric.co.uk @craigf1873 PREPARED FOR SOT18
Confidential in Confidence 88 Who are We Seric SmartSTEMs
Confidential in Confidence 89 Layered approach to security Multi-faceted Security People Process Technology
Confidential in Confidence 90 Layered approach to security Overlayed Layer 1 Layer 2 Layer 3 Layer 4 Breadth of Problem Depth of Problem
Confidential in Confidence 91 League table 2016/2017 ENISA Threat Landscape Report 2017
Confidential in Confidence 92 Layered approach to security 1. Education of staff 2. Business Process 3. Email security 4. File and Application protection. 5. Perimeter security 6. Endpoint Security
Confidential in Confidence 93 Layered approach to security 1. Education of staff – The first line of defence is making sure that staff are trained and know what to look out for, email is still the biggest threat to a business. 2. Email security / Office 365 protection – Using Trend Micro Hosted Email security and Trend Micro Application Control, both of these products will work in conjunction with Microsoft ATP in Office 365. 3. Perimeter security – While Firewalls are good, they are not the only defence required. Our weapon of choice is the Sophos XG and Sophos Intercept X offering. 4. Endpoint Security – Trend Micro Complete Endpoint Security or Smart Protection Complete for on Hybrid use or Sophos Unified Threat management and Sophos Central for Cloud endpoint protection
Confidential in Confidence 94 Education of Staff Staff education and awareness is key to increasing the front line of defence within any organisation. NCSC Step 5 in their 10 Steps to Cyber 1) Removable media – Employee Education 2) Handling of sensitive data – Business Process 3) Failure to report incidents – Business Process 4) External Attack - Phishing 5) Insider Threat – Technology protection
Confidential in Confidence 95 Business Email Compromise (BEC) Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and have suppliers abroad. Corporate or publicly available email accounts of executives or high-level employees related to finance or involved with wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of thousands of dollars in losses. In May 2017, the FBI issued a notice claiming that BEC scams had cost businesses an estimated $5bn over the previous three years, with losses rising 2370% from January 2015 to December 2016 alone. Based on the FBI 5 recognised attacks:  The Bogus Invoice Scheme- Companies with foreign suppliers are often targeted with this tactic, wherein attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.  CEO Fraud- Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.  Account Compromise-An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.  Attorney Impersonation- Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters. Normally, such bogus requests are done through email or phone, and during the end of the business day.  Data Theft – Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements of employees and executives. Such data can be used for future attacks.
Confidential in Confidence 96 Seric work with Security vendors to ensure we’re able to deploy the best fit technology as part of the layered defences. Whether that be: Trend Micro believe that there is no silver bullet, that there is no one product to rule them all. Or Sophos – who believe their next Gen Firewalls and Endpoint protection works as a complete solution, again, no one product to rule them all! Email Security
Confidential in Confidence 97 Seric work with Security vendors to ensure we’re able to deploy the best fit technology as part of the layered defences We are agnostic when it comes to perimeter firewalls, there are many variations out there! – but you must have NetGen, meaning the following capabilities 1) IPS/IDS – Intrusion protection / Intrusion detection. 2) Application Aware 3) Threat Protection Perimeter Security
Confidential in Confidence 98 Seric work with Security vendors to ensure we’re able to deploy the best fit technology as part of the layered defences Our preferred choice of vendors are Sophos and Trend Micro : Endpoint Security
Confidential in Confidence 99
Confidential in Confidence 100 Business Challenge St Helens and Knowsley Health Informatics wanted to shift its approach to IT security and minimise the number of suppliers and products they were using (including antivirus, network, email and web protection). The objective was to become more efficient with their time, and to reduce costs. The team also wanted to implement more effective solutions – a number of their existing products weren’t providing them with the level of protection they expected and they wanted to reduce potential vulnerabilities impacting their security setup. StHK HIS was ultimately looking to build a good, solid solution that was flexible enough to cope with the everchanging NHS environment. Technology Solution The StHK HIS project team, headed up by Senior IT Project Manager and began the consolidation exercise. Rob began discussing his challenges with ITHealth and agreed that Sophos solutions were ideal alternatives to the disparate product set the organisation was using at the time. Together, ITHealth and StHK HIS looked at all the separate systems to fully identify the requirements and a suitable technical solution ITHealth, armed with all the information they needed, then created a proposal that included Sophos UTM (Unified Threat Management) and Sophos Central (cloud-based endpoint and server management console), providing the consolidated solution and costs StHK HIS required. StHK HIS went ahead with the proposal and implementation began in July 2017. Sophos and ITHealth honoured their initial pricing during this time. StHK HIS has now implemented eight Sophos UTMs; four are providing security for the internet connections and four provide security for the N3 connections, the national broadband network for the NHS. Sophos Central has also been installed, replacing Microsoft System Center Endpoint Protection (SCEP) and providing a unified console for managing all Sophos products.
Confidential in Confidence 101
Confidential in Confidence 102
Confidential in Confidence 103
Confidential in Confidence 104
Confidential in Confidence 105
Confidential in Confidence 106
IoT: Secure Future? Spotlight on Technology 2018 #SOT18 #SERICCANHELP
Ross Monteith Cyber Consultant ross.monteith@seric.co.uk
Click to edit Master title style Client Confidential 109  Networks of connected Smart devices  Artificial Intelligence  Blockchain  Unprecedented Growth
Click to edit Master title style Client Confidential 110  Almost 30-years since we started connecting ‘things’ to the internet!  Now, IoT is all around us.  We’ve all interacted with, or encountered IoT devices today!
Click to edit Master title style Client Confidential 111
Click to edit Master title style Client Confidential 112  Where did it all start…
Click to edit Master title style Client Confidential 113  First Internet Connected Toaster  TCP/IP  SNMP  Powered on over the internet 1990  Internet Connected Fridge  RFID Scanning  Barcode Scanning  $20,000 USD 2000  Internet connected wearable camera  Invented by Steve Mann 1999  “Internet of Things” born  First coined by Kevin Ashton  Humans out-populated by internet connected ‘things’ for the first time. 1999  Lightbulbs / Smart Home Devies 2000+  Smart TVs 2000+  Internet-connected CCTV 2000+  Fitness Trackers  Wearable Tech 2010+  Smart Home Controls 2010+  Autonomous Vehicles 2010+  Smart Cities 2010+  Smart Motorways  Hard Shoulder Control  Variable Speed Limits  Sensors / Warnings 2015+
Click to edit Master title style Client Confidential 114
Client Confidential 115
Click to edit Master title style Client Confidential 116  Low-cost solutions to complex problems.  Rasberry Pi, IoT Development kits.
Click to edit Master title style Client Confidential 117  Next generation are IoT aware  Inventors of the future encouraged by IoT coding kits  http://www.curiouschip.com/
Click to edit Master title style Client Confidential 118  Even a £5 ‘button’ is IoT  Amazon Dash Button – one touch ordering  Can be repurposed (modded) as…  Wireless doorbell  Panic Alarm  Garage door remote  DOMINOS PIZZA BUTTON!
Click to edit Master title style Client Confidential 119 IoT is growing at an incredible rate! Guesses?
Client Confidential 120
Click to edit Master title style Client Confidential 121
Click to edit Master title style Client Confidential 122 “Two Trillion” Seric CEO, Stuart Macdonald
Click to edit Master title style Client Confidential 123
Client Confidential 124
Click to edit Master title style Client Confidential 125
Click to edit Master title style Client Confidential 126  Mirai Botnet, October 2016  Targets IP Cameras with Telnet service running.  Logs-in with known default credentials.  Connects back to Command & Control server.  New devices are infected
Click to edit Master title style Client Confidential 127  50,000 CCTV IoT devices infected.  DDoS Traffic Peaked at over 1Tbps.  Internet down in Europe, East and West Coast USA.  Largest Botnet ever recorded.
Click to edit Master title style Client Confidential 128 Botnets are one of the fastest growing and fluid threats facing cyber security experts today and introduced the 1Tbps DDoS era - ENISA Threat Landscape 2017 https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017
Click to edit Master title style Client Confidential 129  IoT infected by Mirai was poorly designed.  Default passwords in production.  Telnet from the Internet.  Plenty more IoT examples where…  Secure by Design principles not used.  No Threat Modelling or Security Development Lifecycle.
Click to edit Master title style Client Confidential 130  Biometric SmartLock (£99)  Zamac 3 Zinc Alloy Body  “Virtually Unbreakable”
Click to edit Master title style Client Confidential 131  Biometric SmartLock (£99) …twists open with a screwdriver.  Zamac 3 Zinc Alloy Body …melts at 300°C  “Virtually Unbreakable” …eaten by boltcutters!
Click to edit Master title style Client Confidential 132  Bluetooth MAC address reveals Key and Serial Number.  Can be Geolocated  See Tapplock write-up by IoT security researcher Ken Munro @TheKenMunroShow
Click to edit Master title style Client Confidential 133  Can be remotely hacked  Unauthenticated Bluetooth pairing.  Re-program Cayla’s responses  Concealed Transmitter  BANNED in Norway & Germany!  University of Abertay, Ethical Hacking students have published findings. @AbertayHackers
Client Confidential 134
Click to edit Master title style Client Confidential 135 “I hacked your doorbell”
Client Confidential 136
Client Confidential 137
Click to edit Master title style Client Confidential 138
Client Confidential 139 IoT Hacking Tools
Client Confidential 140 WiFi PineappleUbertooth One IoT Hacking Tools
Client Confidential 141 IoT Hacking Tools
Client Confidential 142 IoT Hacking Tools
Client Confidential 143 IoT Research
 IoT Asset Inventory  IoT Network Architecture  Teardown / Penetration Testing  Firmware version checks  Network Monitoring  SIEM…if it records logs, we can monitor. How SERIC can help…
Don’t wait for the utopian nightmare! #SERICCANHELP
Ross Monteith Cyber Consultant, Seric Systems ross.monteith@seric.co.uk CiSP: RossM6@sericsystems
Are you Cyber Ready? A Board’s Eye View
Confidential in Confidence 149 What is a Table Top exercise? • Simulated Exercise • Key personnel with emergency management roles • Aims to practice response and learn
Confidential in Confidence 150 Purpose Acknowledge Cyber gap at top level Clarify roles & responsibilities Staff preparedness Test response plans Low stress / safe environment Continuous Learning - People and IT change!
Confidential in Confidence 151 10 Steps: A Board Level ResponsibilityChallengesIs this not IT’s responsibility? NO, this is a organisational responsibility as well as a legal responsibility for directors. Is this not the board’s responsibility? NO, no this is a organisational responsibility with each team being accountable for their actions. Is this not the DPO’s responsibility? WRONG, DPO inform and advise, they are not responsible. No-one is going to hack us! WRONG, hackers are creative and can extract data and use this against you to exploit the situation for monetary gains. We’re really secure and have never been hacked. PROVE IT, oversight and 3rd party evidence is best practice to ensure your security and integrity. What’s the worst that can happen? LOTS, See Section 198 Liability of Directors - DPA 2018, Brand damage, etc
Confidential in Confidence 152 10 Steps: A Board Level ResponsibilityBenefits Clarification of priorities BOARD & IT priorities and decisions become better aligned and coordinated. Improves ‘critical thinking’ FOCUSES thinking and prioritisation in ‘stressed’ situations. Establish clear preparedness PRACTICE & PREPARE for responses and understand what will be required from the organisation. Team Building WORKING as a collective team to ensure a robust and effective response is achieved.
Stage 1 - Cyber Awareness
Confidential in Confidence 154 BA ICO
Confidential in Confidence 155 Threat landscape Professionalism Financial scale Predictions Why is Cyber Important?
Confidential in Confidence 156 Threat Landscape & Predications
Confidential in Confidence 157 Threat landscape Professionalism Financial scale Predictions Why is Cyber Important? Average cost to UK and time to resolve incident: Malware: £1.57 million – 6.4 days Web-based attacks: £1.52 million – 22.4 days Denial-of-service (DoS) attacks: £1.31 million – 16.8 days Malicious insiders: £960,000 – 50 days Malicious code: £960,000 – 55.2 days Phishing and social engineering: £960,000 – 20 days Stolen devices: £700,000 – 14.6 days Ransomware: £520,000 – 23.1 days Botnets: £260,000 – 2.5 days
Confidential in Confidence 158 Threat landscape Professionalism Financial scale Predictions Why is Cyber Important? Average cost to UK and time to resolve incident: Malware: £1.57 million – 6.4 days Web-based attacks: £1.52 million – 22.4 days Denial-of-service (DoS) attacks: £1.31 million – 16.8 days Malicious insiders: £960,000 – 50 days Malicious code: £960,000 – 55.2 days Phishing and social engineering: £960,000 – 20 days Stolen devices: £700,000 – 14.6 days Ransomware: £520,000 – 23.1 days Botnets: £260,000 – 2.5 days
Stage 2 – The Scenario
Confidential in Confidence 160 Phase 1 – The Alert Reactive actions from external alert - IT user reporting ransomware - Customer reporting issue - 3rd party reporting issue i. What would worst case be for the Execs? ii. What are our response priorities? iii. What is our communications strategy?
Confidential in Confidence 161 Phase 2 – The Escalation Data Breach • Personal Identifiable Information (PII) • Personal / Sensitive (GDPR/DPA) Ransom demand Denial of Service Risk to customers / staff / others i. What would the impact of data loss be? ii. Legally what do we need to do? iii. Can we shut down, what are the impacts? CALMAC DATA BREACH
Confidential in Confidence 162 Phase 3 – The Communication ICO 72 Hours – non-negotiable ----------------------------------------- Shareholders Employees Customers Press Partners NOT ME DATA BREACH i. How does this change our response strategy? ii. How are our board communicating?
Regular Exercise keeps you fit Possibility vs. Probability Physical/People/Cyber Incidents The Greater Good Learnings

Recommended

Fintech 2017 Edinburgh (Day 2)
Fintech 2017 Edinburgh (Day 2)Fintech 2017 Edinburgh (Day 2)
Fintech 2017 Edinburgh (Day 2)Ray Bugg
 
EXECInsurtech Review-Old
EXECInsurtech Review-OldEXECInsurtech Review-Old
EXECInsurtech Review-OldThe Digital Insurer
 
Digital Value presentation Blockchain Technology Conference Melbourne
Digital Value presentation Blockchain Technology Conference Melbourne Digital Value presentation Blockchain Technology Conference Melbourne
Digital Value presentation Blockchain Technology Conference Melbourne Steve Daws
 
Blockchain 2Gether - EthEDU Training & Education
Blockchain 2Gether - EthEDU Training & EducationBlockchain 2Gether - EthEDU Training & Education
Blockchain 2Gether - EthEDU Training & EducationSlideCentral
 
Jon Kingsbury from Knowledge Transfer Network (KTN)
Jon Kingsbury from Knowledge Transfer Network (KTN)Jon Kingsbury from Knowledge Transfer Network (KTN)
Jon Kingsbury from Knowledge Transfer Network (KTN)wired_sussex
 
BT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationBT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationGrace Kermani
 
Jack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSJack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSAMETIC
 
The IOT scenario in the digital age
The IOT scenario in the digital ageThe IOT scenario in the digital age
The IOT scenario in the digital ageSreenivasa Akshinthala
 

Recommended

Fintech 2017 Edinburgh (Day 2)
Fintech 2017 Edinburgh (Day 2)Fintech 2017 Edinburgh (Day 2)
Fintech 2017 Edinburgh (Day 2)Ray Bugg
 
EXECInsurtech Review-Old
EXECInsurtech Review-OldEXECInsurtech Review-Old
EXECInsurtech Review-OldThe Digital Insurer
 
Digital Value presentation Blockchain Technology Conference Melbourne
Digital Value presentation Blockchain Technology Conference Melbourne Digital Value presentation Blockchain Technology Conference Melbourne
Digital Value presentation Blockchain Technology Conference Melbourne Steve Daws
 
Blockchain 2Gether - EthEDU Training & Education
Blockchain 2Gether - EthEDU Training & EducationBlockchain 2Gether - EthEDU Training & Education
Blockchain 2Gether - EthEDU Training & EducationSlideCentral
 
Jon Kingsbury from Knowledge Transfer Network (KTN)
Jon Kingsbury from Knowledge Transfer Network (KTN)Jon Kingsbury from Knowledge Transfer Network (KTN)
Jon Kingsbury from Knowledge Transfer Network (KTN)wired_sussex
 
BT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationBT Global Services - Our approach to Innovation
BT Global Services - Our approach to InnovationGrace Kermani
 
Jack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSJack Wolosewicz, CYBERUS LABS
Jack Wolosewicz, CYBERUS LABSAMETIC
 
The IOT scenario in the digital age
The IOT scenario in the digital ageThe IOT scenario in the digital age
The IOT scenario in the digital ageSreenivasa Akshinthala
 
IOT Launchpad TechnologyStrategyBoard
IOT Launchpad TechnologyStrategyBoardIOT Launchpad TechnologyStrategyBoard
IOT Launchpad TechnologyStrategyBoardTechCityUK
 
Superfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business
 
QIB Q2 2020: Investment Funds
QIB Q2 2020: Investment FundsQIB Q2 2020: Investment Funds
QIB Q2 2020: Investment FundsBriony Phillips
 
QIB Q3 2019 People-powered investment
QIB Q3 2019 People-powered investmentQIB Q3 2019 People-powered investment
QIB Q3 2019 People-powered investmentBriony Phillips
 
KTN Digital & Creative Business Briefing, February 2020
KTN Digital & Creative Business Briefing, February 2020KTN Digital & Creative Business Briefing, February 2020
KTN Digital & Creative Business Briefing, February 2020The Knowledge Transfer Network Creative, Digital & Design
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Ray Bugg
 
QIB Q1 2021: Angel Investment
QIB Q1 2021: Angel InvestmentQIB Q1 2021: Angel Investment
QIB Q1 2021: Angel InvestmentBriony Phillips
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 
Creative, Digital & Design Business Briefing - August 2015
Creative, Digital & Design Business Briefing - August 2015Creative, Digital & Design Business Briefing - August 2015
Creative, Digital & Design Business Briefing - August 2015The Knowledge Transfer Network Creative, Digital & Design
 
IoT Scotland 2016
IoT Scotland 2016IoT Scotland 2016
IoT Scotland 2016Ray Bugg
 
Accessing European Research and Innovation Funding Seminar for SMEs : EEN
Accessing European Research and Innovation Funding Seminar for SMEs : EENAccessing European Research and Innovation Funding Seminar for SMEs : EEN
Accessing European Research and Innovation Funding Seminar for SMEs : EENInvest Northern Ireland
 
Creative & Digital Business Briefing - November 2016
Creative & Digital Business Briefing - November 2016Creative & Digital Business Briefing - November 2016
Creative & Digital Business Briefing - November 2016The Knowledge Transfer Network Creative, Digital & Design
 
Peter Karney: Intro to the Digital catapult
Peter Karney: Intro to the Digital catapultPeter Karney: Intro to the Digital catapult
Peter Karney: Intro to the Digital catapulthuguk
 
CirrusNetworksLibertyResourcesPresentationMay2015
CirrusNetworksLibertyResourcesPresentationMay2015CirrusNetworksLibertyResourcesPresentationMay2015
CirrusNetworksLibertyResourcesPresentationMay2015Andrew Haythorpe
 
Quarterly Investment Briefing (QIB): Q2 2019 Regional Investment
Quarterly Investment Briefing (QIB): Q2 2019 Regional InvestmentQuarterly Investment Briefing (QIB): Q2 2019 Regional Investment
Quarterly Investment Briefing (QIB): Q2 2019 Regional InvestmentBriony Phillips
 
IoTUK Launch Event
IoTUK Launch EventIoTUK Launch Event
IoTUK Launch EventIoTUK
 
Women in Innovation: Building Success - Expanding your horizons
Women in Innovation: Building Success - Expanding your horizonsWomen in Innovation: Building Success - Expanding your horizons
Women in Innovation: Building Success - Expanding your horizonsKTN
 
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC Maurizio Pilu
 
ISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
ISCF Commercialising Quantum Technologies Tech Projects Competition BriefingISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
ISCF Commercialising Quantum Technologies Tech Projects Competition BriefingKTN
 
Creative, Digital & Design Business Briefing - September 2015
Creative, Digital & Design Business Briefing - September 2015Creative, Digital & Design Business Briefing - September 2015
Creative, Digital & Design Business Briefing - September 2015The Knowledge Transfer Network Creative, Digital & Design
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

More Related Content

Similar to Spotlight on Technology 2018

IOT Launchpad TechnologyStrategyBoard
IOT Launchpad TechnologyStrategyBoardIOT Launchpad TechnologyStrategyBoard
IOT Launchpad TechnologyStrategyBoardTechCityUK
 
Superfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business
 
QIB Q2 2020: Investment Funds
QIB Q2 2020: Investment FundsQIB Q2 2020: Investment Funds
QIB Q2 2020: Investment FundsBriony Phillips
 
QIB Q3 2019 People-powered investment
QIB Q3 2019 People-powered investmentQIB Q3 2019 People-powered investment
QIB Q3 2019 People-powered investmentBriony Phillips
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Ray Bugg
 
QIB Q1 2021: Angel Investment
QIB Q1 2021: Angel InvestmentQIB Q1 2021: Angel Investment
QIB Q1 2021: Angel InvestmentBriony Phillips
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016Dale Butler
 
IoT Scotland 2016
IoT Scotland 2016IoT Scotland 2016
IoT Scotland 2016Ray Bugg
 
Accessing European Research and Innovation Funding Seminar for SMEs : EEN
Accessing European Research and Innovation Funding Seminar for SMEs : EENAccessing European Research and Innovation Funding Seminar for SMEs : EEN
Accessing European Research and Innovation Funding Seminar for SMEs : EENInvest Northern Ireland
 
Peter Karney: Intro to the Digital catapult
Peter Karney: Intro to the Digital catapultPeter Karney: Intro to the Digital catapult
Peter Karney: Intro to the Digital catapulthuguk
 
CirrusNetworksLibertyResourcesPresentationMay2015
CirrusNetworksLibertyResourcesPresentationMay2015CirrusNetworksLibertyResourcesPresentationMay2015
CirrusNetworksLibertyResourcesPresentationMay2015Andrew Haythorpe
 
Quarterly Investment Briefing (QIB): Q2 2019 Regional Investment
Quarterly Investment Briefing (QIB): Q2 2019 Regional InvestmentQuarterly Investment Briefing (QIB): Q2 2019 Regional Investment
Quarterly Investment Briefing (QIB): Q2 2019 Regional InvestmentBriony Phillips
 
IoTUK Launch Event
IoTUK Launch EventIoTUK Launch Event
IoTUK Launch EventIoTUK
 
Women in Innovation: Building Success - Expanding your horizons
Women in Innovation: Building Success - Expanding your horizonsWomen in Innovation: Building Success - Expanding your horizons
Women in Innovation: Building Success - Expanding your horizonsKTN
 
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC Maurizio Pilu
 
ISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
ISCF Commercialising Quantum Technologies Tech Projects Competition BriefingISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
ISCF Commercialising Quantum Technologies Tech Projects Competition BriefingKTN
 

Similar to Spotlight on Technology 2018 (20)

IOT Launchpad TechnologyStrategyBoard
IOT Launchpad TechnologyStrategyBoardIOT Launchpad TechnologyStrategyBoard
IOT Launchpad TechnologyStrategyBoard
 
Superfast Business - The future of business presentation
Superfast Business - The future of business presentationSuperfast Business - The future of business presentation
Superfast Business - The future of business presentation
 
QIB Q2 2020: Investment Funds
QIB Q2 2020: Investment FundsQIB Q2 2020: Investment Funds
QIB Q2 2020: Investment Funds
 
QIB Q3 2019 People-powered investment
QIB Q3 2019 People-powered investmentQIB Q3 2019 People-powered investment
QIB Q3 2019 People-powered investment
 
KTN Digital & Creative Business Briefing, February 2020
KTN Digital & Creative Business Briefing, February 2020KTN Digital & Creative Business Briefing, February 2020
KTN Digital & Creative Business Briefing, February 2020
 
Digital Energy 2018 Day 2
Digital Energy 2018 Day 2Digital Energy 2018 Day 2
Digital Energy 2018 Day 2
 
QIB Q1 2021: Angel Investment
QIB Q1 2021: Angel InvestmentQIB Q1 2021: Angel Investment
QIB Q1 2021: Angel Investment
 
SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016SMi Group's 6th annual European Smart Grid Cyber Security 2016
SMi Group's 6th annual European Smart Grid Cyber Security 2016
 
Creative, Digital & Design Business Briefing - August 2015
Creative, Digital & Design Business Briefing - August 2015Creative, Digital & Design Business Briefing - August 2015
Creative, Digital & Design Business Briefing - August 2015
 
IoT Scotland 2016
IoT Scotland 2016IoT Scotland 2016
IoT Scotland 2016
 
Accessing European Research and Innovation Funding Seminar for SMEs : EEN
Accessing European Research and Innovation Funding Seminar for SMEs : EENAccessing European Research and Innovation Funding Seminar for SMEs : EEN
Accessing European Research and Innovation Funding Seminar for SMEs : EEN
 
Creative & Digital Business Briefing - November 2016
Creative & Digital Business Briefing - November 2016Creative & Digital Business Briefing - November 2016
Creative & Digital Business Briefing - November 2016
 
Peter Karney: Intro to the Digital catapult
Peter Karney: Intro to the Digital catapultPeter Karney: Intro to the Digital catapult
Peter Karney: Intro to the Digital catapult
 
CirrusNetworksLibertyResourcesPresentationMay2015
CirrusNetworksLibertyResourcesPresentationMay2015CirrusNetworksLibertyResourcesPresentationMay2015
CirrusNetworksLibertyResourcesPresentationMay2015
 
Quarterly Investment Briefing (QIB): Q2 2019 Regional Investment
Quarterly Investment Briefing (QIB): Q2 2019 Regional InvestmentQuarterly Investment Briefing (QIB): Q2 2019 Regional Investment
Quarterly Investment Briefing (QIB): Q2 2019 Regional Investment
 
IoTUK Launch Event
IoTUK Launch EventIoTUK Launch Event
IoTUK Launch Event
 
Women in Innovation: Building Success - Expanding your horizons
Women in Innovation: Building Success - Expanding your horizonsWomen in Innovation: Building Success - Expanding your horizons
Women in Innovation: Building Success - Expanding your horizons
 
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
NVI Deconstructing IoT 3 jJly 2013 by Maurizio Pilu - CDEC
 
ISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
ISCF Commercialising Quantum Technologies Tech Projects Competition BriefingISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
ISCF Commercialising Quantum Technologies Tech Projects Competition Briefing
 
Creative, Digital & Design Business Briefing - September 2015
Creative, Digital & Design Business Briefing - September 2015Creative, Digital & Design Business Briefing - September 2015
Creative, Digital & Design Business Briefing - September 2015
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Spotlight on Technology 2018

  • 4. AGENDA 12.00-12.20 Welcome, S…. is for Eric Langley 12.20-12.40 GUEST SPEAKER - Martin Beaton Langley Cyber Security Cluster Coordinator for Scotland ScotlandIS 12.40-14.10 Lunch & meet the Exhibitors Hempel 14.10-14.30 Customer Panel Langley 14.30-15.00 BREAKOUT SESSION 1 Stream A – IoT Secure Future Langley Stream B – Phishing with a fine line… Mercer 15.00-15.15 ---- Break ----- Hempel 15.15-15.45 BREAKOUT SESSION 2 Stream A – Onions anyone? Seric's view on layered security Langley Stream B – Phishing with a fine line… Mercer 15.45-16.15 BREAKOUT SESSION 3 Stream A – IOT Secure Future Langley Stream B – Are you Cyber Ready? – A Board’s Eye View Mercer 16.15-16.30 WRAP UP Langley 16.30-18.00 Networking drinks/ Prize Draw Hempel
  • 6. S… is for Eric! Stuart Macdonald
  • 7.
  • 8.
  • 9. Client Confidential 9 Who are We Seric SmartSTEMs
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. Managed Services • Phishing Service • Internal Vulnerability Scanning • External Vulnerability Scanning • Web Application Testing • Web Compliance Testing • Security Benchmarking (CIS20, ISO) • Crisis Management Service (Table top Service)
  • 27. Solutions • All Flash Arrays • End Point Security • Backup and Restoration • Insider Threat Detection • Server and Storage • SIEM Solutions • Firewall • Et al.
  • 28. Strategy • Business Continuity Planning • Cyber Strategy • Cloud Strategy • Compliance Planning • Cyber Education
  • 29. Audit, Assessment, Compliance & Training • GDPR Compliance • Cyber Essentials / CE+ • CIS20 / NIST • Penetration Testing • ISO27001 • PCI-DSS • Staff Awareness
  • 30.
  • 31.
  • 32.
  • 33. Our quiet wins… • Managed service clients • Cyber Board Exercises • Incident response • Arcserve • Pure • Lenovo • SIEM • Practical GDPR
  • 34.
  • 35.
  • 36.
  • 37.
  • 39. AGENDA – Up Next… 12.00-12.20 Welcome, S…. is for Eric Langley 12.20-12.40 GUEST SPEAKER - Martin Beaton Langley Cyber Security Cluster Coordinator for Scotland ScotlandIS 12.40-14.10 Lunch & meet the Exhibitors Hempel 14.10-14.30 Customer Panel Langley 14.30-15.00 BREAKOUT SESSION 1 Stream A – IoT Secure Future Langley Stream B – Phishing with a fine line… Mercer 15.00-15.15 ---- Break ----- Hempel 15.15-15.45 BREAKOUT SESSION 2 Stream A – Onions anyone? Seric's view on layered security Langley Stream B – Phishing with a fine line… Mercer 15.45-16.15 BREAKOUT SESSION 3 Stream A – IOT Secure Future Langley Stream B – Are you Cyber Ready? – A Board’s Eye View Mercer 16.15-16.30 WRAP UP Langley 16.30-18.00 Networking drinks/ Prize Draw Hempel
  • 40. Public funded routes to cyber security and world domination Martin Beaton, Cyber security cluster coordinator Thursday 13th September Seric Spotlight on Technology
  • 41. 7th year of working with cyber cluster 1330 FLOPS 1980 2.2 GIGAFLOPS 2000 3.5 TERAFLOPS 2018 Business Dev Network Integrator Cluster coordinator 2012 2018 Faster computer currently: IBM Summit – 200 PETAFLOPS Human Brain – 1 EXAFLOP (1000 PETAFLOPS)
  • 42. Action Plans Public sector action plan • John Swinney wrote to all public bodies requiring cyber resilience by late 2018 • Some funding was made available Private and third sector action plan • Industry encouraged to get secure and force cyber resilience onto their supply chain • Cyber catalysts chosen and supported by SG Learning and Skills action plan • Ensure that citizens and industry is protected • Ensure that Scotland has the talent supply needed to grow Economic opportunity action plan • Creation of a CMO • Funding to promote innovation • Funding for a new cyber voucher scheme 2015 Scottish Cyber Security Strategy Plans (4/5)
  • 43. Scottish Enterprise support to help become resilient
  • 44. Demand 0 100 200 300 400 500 600 May June July Aug Sept Oct Nov Dec Jan Feb Mar April May Monthly Scottish Cyber Essentials Count 2018 2017 Linear (2018) Linear (2017) Cyber essentials Cyber essentials + May 2017 239 17 May 2018 426 62 78% increase 265% increase Cyber essentials demand over last two years
  • 45. Accessing grants tend to require.. • Business plan (but they can help you with this) • Relationship with Business Gateway or Account managed • Or…. You could even be on their High growth Pipeline..! • You need to be starting a company which will achieve a minimum of ÂŁ5m valuation within 3 year of have revenues of ÂŁ5m within 5 years..
  • 46. Voucher scheme • ÂŁ500k available to help companies become cyber secure • Probably no need to be account managed • 21 Scottish Cyber certifying companies will have a share of (possibly) around ÂŁ1000 vouchers. • Scotland currently falling behind rest of the UK in cyber essentials certificates. • In 2014 InnovateUK ran a ÂŁ5000 voucher scheme. Initially struggled to give the money away. • In 2016 SE ran a ÂŁ1500 voucher scheme. Initially slow to give money away! • In 2017 HIE ran a voucher scheme Scotland will be the only region in the UK with a cyber essentials voucher scheme
  • 47. Financial Incentives Landscape Time to Market Prototype Development Experimental Development Pre-competitive Development Academic researchBasic Research Pure & Orientated Applied Research Strategic & Specific Pre- Production Production R&D Tax Relief SMART R&D Grant Industry Research Patent Box Env Aid Produce Scale Up SIB – Equity Debt Seek & Solve Creative Industry Relief TrainingRSA
  • 48. Improving security funding Making account managed companies resilient reduces risk to Scottish Enterprise and makes companies more ’investable’ • For account managed companies • Support to improve security posture • Typically available at 30-50% of costs
  • 49. Scottish Enterprise support to cyber security economic opportunity innovation actions
  • 50. Cyber Security Company Growth (91 and growing fast) 6 11 28 28 34 5 10 32 47 57 0 10 20 30 40 50 60 2012 2014 2016 2017 2018 Goods Services The growth of Scotland’s cyber security industry has been rapid over 6 years. Scotland is one of the most innovative countries in the world and are leaders in many areas of technology including renewables, life sciences, photonics and the digital economy.
  • 51. SMART: SCOTLAND • 6 – 36 months duration • Available to SMEs Only • Funds up to 70% of eligible costs for grants up to ÂŁ100k • Funds up to 35% of eligible costs for Grants up to ÂŁ600k • Must be highly innovative and Carry Risk • Must be technically challenging • Typical turnaround is 10-12 weeks https://www.scottish-enterprise.com/support-for-businesses/funding-and-grants/growing-your-business/smart- scotland-grant
  • 52. Large Customer Supplier (SME) Scottish Enterprise 1. Large customer needs a solution: •Not available on market •Not something they would develop in-house 2. SME proposes project for: •Solution not available on market Has: •Know-how to develop solution •Skills or potential to commercialise solution 3. SE looks for: •Level of innovation and market potential •Project contract between Customer and Supplier ? Seek and Solve Similar to Inogesis a London based virtual technology group
  • 53. Non SE Grants to create cyber security companies
  • 54. Innovation vouchers • Between ÂŁ5k and ÂŁ10k • Covers academic project costs and is paid directly to the University or College • Company contributes equal value in cash or kind • Follow on voucher worth ÂŁ20k https://interface-online.org.uk/how-we-can-help/funding/standard-innovation-vouchers
  • 55. Innovation Loan • UK Gov have ÂŁ10m in loans to help businesses make innovation a commercial reality • Any area of technology • Opens 17 September 2018 • Closes 14th November 2018 • For 100% of eligible project costs • Project can last up to 5 years • Presume it needs to be paid back at some point….
  • 56. DSTL, Defence and Security Accelerator • Themed Competitions • Predictive Cyber Analytics, up to ÂŁ1m funding available • PAST – Autonomous last mile resupply • PAST - improving crowd resilience • PAST - the future of aviation security • PAST - finding explosives hidden in electrical items • Open calls for innovation • Anything to improve the defence and security of the UK • Can be concept, product or service at various levels of maturity • Focus area: Matching passengers with their x-ray trays during airport screening • Focus area: Assistive technology for rail staff • Defence - ÂŁ30- 90k • Security, no limit but ÂŁ150k is a guide
  • 57. Seed Haus • Leith based investors/incubator • Typically provide 6 months funding to allow ‘entrepreneurs mortgages to be paid’ • Cohort 3 recruitment now open • Several cyber companies already present
  • 58. Civtech & CANDO Innovation • Public and private sector brought together • Funded by public sector • Purpose is to bring innovation to public sector • 3 month accelerator programme • Contract values up to ÂŁ250k
  • 60. The end! Martin Beaton Cyber security cluster coordinator Martin.beaton@scotlandis.com
  • 61. Phishing with a fine line… Stuart Macdonald - MANAGING DIRECTOR stuart.macdonald@seric.co.uk @stuart_seric SEPTEMBER 13TH 2018 – THE CORINTHIAN
  • 62.
  • 63. ENISA Threat Landscape Report 2017
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 75.
  • 76. Layered approach to security Layer 1 Layer 2 Layer 3 Layer 4 Breadth of Problem Depth of Problem
  • 77.
  • 78.
  • 79.
  • 80. • User Awareness and Education Prevail – Are you doing that? • Human-Powered Intelligence Trumps Automation - Using it? • Attack Sophistication is increasing • A layered approach is necessary • Will it pass the GDPR test? Is your current strategy effective and defensible?
  • 81.
  • 82. • Phishing is a highly effective and common method (of delivery) • It is targeted and not going away… • What sort of Phishing would it be? • Your staff need educated… • You may need to demonstrate that you educated them Relative likelihood
  • 83. • Throughout the employment lifecycle (Training/Enablement) • Targeted: who, where and with what! (Testing) • Defensible in the Context of GDPR (Business or Individual failure?) • A part of your layered approach (Another layer to your defences) • Educating, Informing & Trending your outcomes… (What do you do?) Is your current strategy effective and defensible?      Seric’s Managed Service
  • 84. • Train and Enable your staff • Test your staff • Get some data in the drawer on what you did • Layer your approach • Call us if it is time consuming and expensive Our solution and yours
  • 86. Welcome to Seric’s Annual Spotlight on Technology Event #SOT18 #SERICCANHELP
  • 87. Onions anyone? Let’s talk about layers…. Craig Fairlie – Technical Consultant Craig.fairlie@seric.co.uk @craigf1873 PREPARED FOR SOT18
  • 88. Confidential in Confidence 88 Who are We Seric SmartSTEMs
  • 89. Confidential in Confidence 89 Layered approach to security Multi-faceted Security People Process Technology
  • 90. Confidential in Confidence 90 Layered approach to security Overlayed Layer 1 Layer 2 Layer 3 Layer 4 Breadth of Problem Depth of Problem
  • 91. Confidential in Confidence 91 League table 2016/2017 ENISA Threat Landscape Report 2017
  • 92. Confidential in Confidence 92 Layered approach to security 1. Education of staff 2. Business Process 3. Email security 4. File and Application protection. 5. Perimeter security 6. Endpoint Security
  • 93. Confidential in Confidence 93 Layered approach to security 1. Education of staff – The first line of defence is making sure that staff are trained and know what to look out for, email is still the biggest threat to a business. 2. Email security / Office 365 protection – Using Trend Micro Hosted Email security and Trend Micro Application Control, both of these products will work in conjunction with Microsoft ATP in Office 365. 3. Perimeter security – While Firewalls are good, they are not the only defence required. Our weapon of choice is the Sophos XG and Sophos Intercept X offering. 4. Endpoint Security – Trend Micro Complete Endpoint Security or Smart Protection Complete for on Hybrid use or Sophos Unified Threat management and Sophos Central for Cloud endpoint protection
  • 94. Confidential in Confidence 94 Education of Staff Staff education and awareness is key to increasing the front line of defence within any organisation. NCSC Step 5 in their 10 Steps to Cyber 1) Removable media – Employee Education 2) Handling of sensitive data – Business Process 3) Failure to report incidents – Business Process 4) External Attack - Phishing 5) Insider Threat – Technology protection
  • 95. Confidential in Confidence 95 Business Email Compromise (BEC) Business Email Compromise (BEC) is a type of scam targeting companies who conduct wire transfers and have suppliers abroad. Corporate or publicly available email accounts of executives or high-level employees related to finance or involved with wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of thousands of dollars in losses. In May 2017, the FBI issued a notice claiming that BEC scams had cost businesses an estimated $5bn over the previous three years, with losses rising 2370% from January 2015 to December 2016 alone. Based on the FBI 5 recognised attacks:  The Bogus Invoice Scheme- Companies with foreign suppliers are often targeted with this tactic, wherein attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.  CEO Fraud- Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.  Account Compromise-An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.  Attorney Impersonation- Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters. Normally, such bogus requests are done through email or phone, and during the end of the business day.  Data Theft – Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements of employees and executives. Such data can be used for future attacks.
  • 96. Confidential in Confidence 96 Seric work with Security vendors to ensure we’re able to deploy the best fit technology as part of the layered defences. Whether that be: Trend Micro believe that there is no silver bullet, that there is no one product to rule them all. Or Sophos – who believe their next Gen Firewalls and Endpoint protection works as a complete solution, again, no one product to rule them all! Email Security
  • 97. Confidential in Confidence 97 Seric work with Security vendors to ensure we’re able to deploy the best fit technology as part of the layered defences We are agnostic when it comes to perimeter firewalls, there are many variations out there! – but you must have NetGen, meaning the following capabilities 1) IPS/IDS – Intrusion protection / Intrusion detection. 2) Application Aware 3) Threat Protection Perimeter Security
  • 98. Confidential in Confidence 98 Seric work with Security vendors to ensure we’re able to deploy the best fit technology as part of the layered defences Our preferred choice of vendors are Sophos and Trend Micro : Endpoint Security
  • 100. Confidential in Confidence 100 Business Challenge St Helens and Knowsley Health Informatics wanted to shift its approach to IT security and minimise the number of suppliers and products they were using (including antivirus, network, email and web protection). The objective was to become more efficient with their time, and to reduce costs. The team also wanted to implement more effective solutions – a number of their existing products weren’t providing them with the level of protection they expected and they wanted to reduce potential vulnerabilities impacting their security setup. StHK HIS was ultimately looking to build a good, solid solution that was flexible enough to cope with the everchanging NHS environment. Technology Solution The StHK HIS project team, headed up by Senior IT Project Manager and began the consolidation exercise. Rob began discussing his challenges with ITHealth and agreed that Sophos solutions were ideal alternatives to the disparate product set the organisation was using at the time. Together, ITHealth and StHK HIS looked at all the separate systems to fully identify the requirements and a suitable technical solution ITHealth, armed with all the information they needed, then created a proposal that included Sophos UTM (Unified Threat Management) and Sophos Central (cloud-based endpoint and server management console), providing the consolidated solution and costs StHK HIS required. StHK HIS went ahead with the proposal and implementation began in July 2017. Sophos and ITHealth honoured their initial pricing during this time. StHK HIS has now implemented eight Sophos UTMs; four are providing security for the internet connections and four provide security for the N3 connections, the national broadband network for the NHS. Sophos Central has also been installed, replacing Microsoft System Center Endpoint Protection (SCEP) and providing a unified console for managing all Sophos products.
  • 107. IoT: Secure Future? Spotlight on Technology 2018 #SOT18 #SERICCANHELP
  • 109. Click to edit Master title style Client Confidential 109  Networks of connected Smart devices  Artificial Intelligence  Blockchain  Unprecedented Growth
  • 110. Click to edit Master title style Client Confidential 110  Almost 30-years since we started connecting ‘things’ to the internet!  Now, IoT is all around us.  We’ve all interacted with, or encountered IoT devices today!
  • 111. Click to edit Master title style Client Confidential 111
  • 112. Click to edit Master title style Client Confidential 112  Where did it all start…
  • 113. Click to edit Master title style Client Confidential 113  First Internet Connected Toaster  TCP/IP  SNMP  Powered on over the internet 1990  Internet Connected Fridge  RFID Scanning  Barcode Scanning  $20,000 USD 2000  Internet connected wearable camera  Invented by Steve Mann 1999  “Internet of Things” born  First coined by Kevin Ashton  Humans out-populated by internet connected ‘things’ for the first time. 1999  Lightbulbs / Smart Home Devies 2000+  Smart TVs 2000+  Internet-connected CCTV 2000+  Fitness Trackers  Wearable Tech 2010+  Smart Home Controls 2010+  Autonomous Vehicles 2010+  Smart Cities 2010+  Smart Motorways  Hard Shoulder Control  Variable Speed Limits  Sensors / Warnings 2015+
  • 114. Click to edit Master title style Client Confidential 114
  • 116. Click to edit Master title style Client Confidential 116  Low-cost solutions to complex problems.  Rasberry Pi, IoT Development kits.
  • 117. Click to edit Master title style Client Confidential 117  Next generation are IoT aware  Inventors of the future encouraged by IoT coding kits  http://www.curiouschip.com/
  • 118. Click to edit Master title style Client Confidential 118  Even a ÂŁ5 ‘button’ is IoT  Amazon Dash Button – one touch ordering  Can be repurposed (modded) as…  Wireless doorbell  Panic Alarm  Garage door remote  DOMINOS PIZZA BUTTON!
  • 119. Click to edit Master title style Client Confidential 119 IoT is growing at an incredible rate! Guesses?
  • 121. Click to edit Master title style Client Confidential 121
  • 122. Click to edit Master title style Client Confidential 122 “Two Trillion” Seric CEO, Stuart Macdonald
  • 123. Click to edit Master title style Client Confidential 123
  • 125. Click to edit Master title style Client Confidential 125
  • 126. Click to edit Master title style Client Confidential 126  Mirai Botnet, October 2016  Targets IP Cameras with Telnet service running.  Logs-in with known default credentials.  Connects back to Command & Control server.  New devices are infected
  • 127. Click to edit Master title style Client Confidential 127  50,000 CCTV IoT devices infected.  DDoS Traffic Peaked at over 1Tbps.  Internet down in Europe, East and West Coast USA.  Largest Botnet ever recorded.
  • 128. Click to edit Master title style Client Confidential 128 Botnets are one of the fastest growing and fluid threats facing cyber security experts today and introduced the 1Tbps DDoS era - ENISA Threat Landscape 2017 https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017
  • 129. Click to edit Master title style Client Confidential 129  IoT infected by Mirai was poorly designed.  Default passwords in production.  Telnet from the Internet.  Plenty more IoT examples where…  Secure by Design principles not used.  No Threat Modelling or Security Development Lifecycle.
  • 130. Click to edit Master title style Client Confidential 130  Biometric SmartLock (ÂŁ99)  Zamac 3 Zinc Alloy Body  “Virtually Unbreakable”
  • 131. Click to edit Master title style Client Confidential 131  Biometric SmartLock (ÂŁ99) …twists open with a screwdriver.  Zamac 3 Zinc Alloy Body …melts at 300°C  “Virtually Unbreakable” …eaten by boltcutters!
  • 132. Click to edit Master title style Client Confidential 132  Bluetooth MAC address reveals Key and Serial Number.  Can be Geolocated  See Tapplock write-up by IoT security researcher Ken Munro @TheKenMunroShow
  • 133. Click to edit Master title style Client Confidential 133  Can be remotely hacked  Unauthenticated Bluetooth pairing.  Re-program Cayla’s responses  Concealed Transmitter  BANNED in Norway & Germany!  University of Abertay, Ethical Hacking students have published findings. @AbertayHackers
  • 135. Click to edit Master title style Client Confidential 135 “I hacked your doorbell”
  • 138. Click to edit Master title style Client Confidential 138
  • 139. Client Confidential 139 IoT Hacking Tools
  • 140. Client Confidential 140 WiFi PineappleUbertooth One IoT Hacking Tools
  • 141. Client Confidential 141 IoT Hacking Tools
  • 142. Client Confidential 142 IoT Hacking Tools
  • 144.  IoT Asset Inventory  IoT Network Architecture  Teardown / Penetration Testing  Firmware version checks  Network Monitoring  SIEM…if it records logs, we can monitor. How SERIC can help…
  • 145. Don’t wait for the utopian nightmare! #SERICCANHELP
  • 146.
  • 147. Ross Monteith Cyber Consultant, Seric Systems ross.monteith@seric.co.uk CiSP: RossM6@sericsystems
  • 148. Are you Cyber Ready? A Board’s Eye View
  • 149. Confidential in Confidence 149 What is a Table Top exercise? • Simulated Exercise • Key personnel with emergency management roles • Aims to practice response and learn
  • 150. Confidential in Confidence 150 Purpose Acknowledge Cyber gap at top level Clarify roles & responsibilities Staff preparedness Test response plans Low stress / safe environment Continuous Learning - People and IT change!
  • 151. Confidential in Confidence 151 10 Steps: A Board Level ResponsibilityChallengesIs this not IT’s responsibility? NO, this is a organisational responsibility as well as a legal responsibility for directors. Is this not the board’s responsibility? NO, no this is a organisational responsibility with each team being accountable for their actions. Is this not the DPO’s responsibility? WRONG, DPO inform and advise, they are not responsible. No-one is going to hack us! WRONG, hackers are creative and can extract data and use this against you to exploit the situation for monetary gains. We’re really secure and have never been hacked. PROVE IT, oversight and 3rd party evidence is best practice to ensure your security and integrity. What’s the worst that can happen? LOTS, See Section 198 Liability of Directors - DPA 2018, Brand damage, etc
  • 152. Confidential in Confidence 152 10 Steps: A Board Level ResponsibilityBenefits Clarification of priorities BOARD & IT priorities and decisions become better aligned and coordinated. Improves ‘critical thinking’ FOCUSES thinking and prioritisation in ‘stressed’ situations. Establish clear preparedness PRACTICE & PREPARE for responses and understand what will be required from the organisation. Team Building WORKING as a collective team to ensure a robust and effective response is achieved.
  • 153. Stage 1 - Cyber Awareness
  • 155. Confidential in Confidence 155 Threat landscape Professionalism Financial scale Predictions Why is Cyber Important?
  • 156. Confidential in Confidence 156 Threat Landscape & Predications
  • 157. Confidential in Confidence 157 Threat landscape Professionalism Financial scale Predictions Why is Cyber Important? Average cost to UK and time to resolve incident: Malware: ÂŁ1.57 million – 6.4 days Web-based attacks: ÂŁ1.52 million – 22.4 days Denial-of-service (DoS) attacks: ÂŁ1.31 million – 16.8 days Malicious insiders: ÂŁ960,000 – 50 days Malicious code: ÂŁ960,000 – 55.2 days Phishing and social engineering: ÂŁ960,000 – 20 days Stolen devices: ÂŁ700,000 – 14.6 days Ransomware: ÂŁ520,000 – 23.1 days Botnets: ÂŁ260,000 – 2.5 days
  • 158. Confidential in Confidence 158 Threat landscape Professionalism Financial scale Predictions Why is Cyber Important? Average cost to UK and time to resolve incident: Malware: ÂŁ1.57 million – 6.4 days Web-based attacks: ÂŁ1.52 million – 22.4 days Denial-of-service (DoS) attacks: ÂŁ1.31 million – 16.8 days Malicious insiders: ÂŁ960,000 – 50 days Malicious code: ÂŁ960,000 – 55.2 days Phishing and social engineering: ÂŁ960,000 – 20 days Stolen devices: ÂŁ700,000 – 14.6 days Ransomware: ÂŁ520,000 – 23.1 days Botnets: ÂŁ260,000 – 2.5 days
  • 159. Stage 2 – The Scenario
  • 160. Confidential in Confidence 160 Phase 1 – The Alert Reactive actions from external alert - IT user reporting ransomware - Customer reporting issue - 3rd party reporting issue i. What would worst case be for the Execs? ii. What are our response priorities? iii. What is our communications strategy?
  • 161. Confidential in Confidence 161 Phase 2 – The Escalation Data Breach • Personal Identifiable Information (PII) • Personal / Sensitive (GDPR/DPA) Ransom demand Denial of Service Risk to customers / staff / others i. What would the impact of data loss be? ii. Legally what do we need to do? iii. Can we shut down, what are the impacts? CALMAC DATA BREACH
  • 162. Confidential in Confidence 162 Phase 3 – The Communication ICO 72 Hours – non-negotiable ----------------------------------------- Shareholders Employees Customers Press Partners NOT ME DATA BREACH i. How does this change our response strategy? ii. How are our board communicating?
  • 163. Regular Exercise keeps you fit Possibility vs. Probability Physical/People/Cyber Incidents The Greater Good Learnings