On 22nd February Michael Levens, head of Delta Capita's Data, Technology, Automation, and Testing (DTAT) solutions practice attended teissLondon2024, The European Information Security Summit. The summit brought together a varied assembly of industry leaders, CSIOs, cybersecurity vendors, and tech enthusiasts for in-depth discussions across three distinct streams: "CISOs & Leadership," "Culture & Education," and "Threat Landscape."
Key takeaways and themes that ranged across the sessions and conversations with delegates included:
Ransomware, extortion and the cyber crime ecosystem.
The summit opened with an insightful keynote by Sophia N, Head of Incident Management at The National Cyber Security Centre (NCSC), that covered the three key areas of ransomware:
1. Emerging cybercrime trends & initial access vectors
2. Cybercriminals' use of technology & business models
3. National impact of ransomware & extortion: Cyber hygiene
Further information on what was present can be found here file (nationalcrimeagency.gov.uk)
Internal versus Outsourced Security Operations Centre (SOC)
A number of discussions centred around whether to establish an internal Security Operations Centre (SOC) or leverage vendors cyber security services. It was thought it should be based on a thorough assessment of the organisation's capabilities, resources, and risk tolerance. Some delegates highlighted that a hybrid approach was the ideal by combining internal SOC capabilities with vendor services to achieve comprehensive cybersecurity coverage.
Internally created SOC
- Provides greater control and customisation over security operations
- Allows the organisation to tailor security measures to its specific requirements and maintain direct oversight of security incidents.
- Establishing and maintaining an internal SOC requires significant investment in technology, personnel, and ongoing training.
A vendor driven SOC
- Offers access to specialised expertise, advanced technologies, and scalable solutions without the need for upfront capital investment.
- Able to provide managed security services, threat intelligence, incident response support, and continuous monitoring
- Able to strengthen security posture while minimising operational burden.
Impact AI will have on Cyber
The majority of questions from delegates centred around AI, its impact (or lack of), its acceleration of cyber threats and whether it improves incident teams responsiveness. Upon further exploration, it was deemed a valuable endeavour to summarise the discussions regarding the key questions surrounding AI and cyber security:
In what ways could AI contribute positively to cybersecurity?
- Enhanced Threat Detection: AI tools could rapidly analyse vast amounts of data to detect and mitigate cyber threats
- Improved Incident Response: AI could automate parts of incident response processes, enabling faster detection and containment
- Proactive Defence: AI could predict potential vulnerabilities and threats by analysing historical data and patterns
- Fraud Prevention: AI-powered systems could analyse transaction patterns and detect anomalies indicative of fraudulent activity
In what ways can AI contribute negatively to cybersecurity?
- Automated Attacks: AI-powered tools could automate various stages of cyberattacks, accelerating the ability to attacks at scale
- AI-Driven Social Engineering: AI algorithms could be used to analyse vast amounts of data from social media and other sources to craft highly targeted phishing attacks
- Deepfakes: deepfake technology could create realistic audio and video forgeries, which could be used to impersonate individuals or spread disinformation for malicious purposes
- Exploitation: AI algorithms can be used to identify and exploit vulnerabilities in software and networks more efficiently
- Surveillance: AI-driven surveillance systems could be used for mass surveillance and invasion of privacy
Overall, while AI offers tremendous potential for improving cybersecurity, it also presents new challenges and risks that need to be addressed to ensure its responsible and ethical use. It's essential for organisations and policymakers to develop robust regulations and security measures to mitigate these risks and safeguard against AI-driven cyber threats.
Is AI going to make cyber threats faster?
It highlighted that AI itself doesn't directly make cyber threats faster, but it can potentially impact the speed and sophistication of cyberattacks in several ways:
- Automated Attacks: AI can enable cybercriminals to automate certain stages of the attack process making attacks more efficient and faster.
- Adaptive Threats: AI-powered malware and hacking tools can adapt their tactics and techniques based on the defences encountered
- Increased Attack Surface: AI systems may introduce new vulnerabilities that attackers can exploit and if these vulnerabilities are successfully targeted, it could lead to faster and more damaging cyberattacks.
How could an organisations strengthen their threat detection and response with AI-enabled security solutions?
The predominant themes revolved around practical considerations, including thorough organisational preparedness, fostering a culture of education, and extending this ethos from the boardroom to operational staff. It was highlighted that incorporating AI-enabled security solutions into their cybersecurity strategies, organisations can enhance their ability to detect, respond to, and mitigate a wide range of cyber threats effectively.
Examples of how organisation could strengthen threat detection and response with AI-enabled security solutions included:
- Data collection and analysis
- Anomaly detection
- Threat intelligence integration
- Automated incident response
- Behavioural analysis
- Continuous monitoring and improvement
Other notable quotes:
“Cyber threats are indifferent to your business continuity plan”
“Company culture from board level, CTO, CISO, to the incident team is critical for an effective cybersecurity strategy”
How Delta Capita can help:
Delta Capita offers a robust suite of Cyber solutions designed to strengthen your organisation's defences. Our offerings encompass a variety of services, ranging from Security Operations Centre as a Service (SOCaaS) to board-level education, cyber risk appetite establishment, advisory services, incident simulation, educational programmes including benign phishing attacks, establishment and support of SOC Centre of Excellence, SME support, deployment of diverse trained cyber resources worldwide, implementation of cyber controls, conducting cyber gap analyses, and providing remediation strategies.
One of our key differentiators is Delta Capita's Security Operations Centre as a Service (SOCaaS), empowering our clients to construct a tailored, resilient, and cost-efficient SOC, mitigating operational risks while maintaining competitive pricing. Our SOCaaS is a fully customisable cloud-based solution, delivering comprehensive capabilities including threat intelligence, proactive threat hunting, forensic investigation, incident response, and strategic monitoring and management of security logs. This ensures access to crucial security insights necessary for informed decision-making, significantly reducing workload volumes and enhancing productivity for both IT and cybersecurity teams. Moreover, SOCaaS grants clients access to our team of seasoned cyber professionals, providing expert guidance and support at a fraction of the cost associated with establishing and managing an in-house SOC.
We bring together specialist consultants with years of both cyber and banking industry experience. Our cyber team leverages subject matter experts with decades of cyber experience across defence and intelligence communities. We are also able to leverage one of the world’s largest cyber training platforms. We have the capability to provide fit for purpose teams and individuals at various levels of seniority and expertise, ranging from entry level Cyber Analysts, Cyber Business Analysts, Project Managers and Senior Cyber Subject Matter Directors.
To find out more and speak to one of our experts, contact us today.
.jpg)
.jpg)
.png)