Think Cybersecurity for Government (Jan 2021) – Virtual Conference
CHAIRS WELCOMING REMARKS
Our regular chairman, David Bicknell, welcomes all delegates, sponsors, and speakers to our conference and sets out the day’s agenda.
- David Bicknell, Principal Analyst, Technology Thematic Research, GlobalData
PEOPLE MATTER: WHY PEOPLE MUST BE PART OF THE SOLUTION
Our people are central to the success of any organisation.
We have known for years that hackers target people before technology. For just as long, we have been repeating the mantra that a vigilant, cyber risk-aware workforce is our main defence against cyber-criminals. Yet despite all our efforts, we have still not cracked the problem.
Too many organisations still either ignore the ‘human factor’ in organisational resilience or apply out-dated or compliance, ’tickbox’ approaches to training their employees.
We need a fresh look.
This short panel discussion will discuss behavioural science and innovation that can transform the way organisations influence and sustain stronger security behaviours across their workforce.
- Nick Wilding, Chief Innovation Officer, Cyber Risk Aware
- Professor Phillip Morgan, Director of the Human Factors Excellence Research Group, Cardiff University
- Elizabeth Murray, Security Culture and Awareness Lead, FNZ Group
STATE OF FLUX: HOW CIOS CAN EFFECTIVELY MANAGE UNCERTAINTY AND CHANGE
As we reset after the pandemic, CIOs need to consider how to manage the transition from the necessary knee-jerk approach to remote working to a systemic approach to digital transformation that works for everyone. The need for business continuity has evolved into the need for IT resiliency as leaders look to remove vulnerabilities while still making their employee and customer experiences frictionless and secure. Whether in the office or remote, how can CIOs and IT leaders adopt a Zero Trust security approach and cultivate a culture of trust in the workplace?
- Max Faud, Head of Consulting, Europe, Okta
MORNING COMFORT BREAK
SUPPORTING THE SCOTTISH CYBER SECTOR
In a rapidly developing technology landscape, the requirement to adequately protect networks and data is critical. To fulfil the ambitions for Scotland in becoming a digital nation and the Data Capital of Europe, cyber security needs to sit at the heart of all digital activities. David Ferguson, Cyber development Lead and Head of Data at ScotlandIS will discuss how, as the trade body for the tech sector and the management organisation for the Cyber Cluster in Scotland, the adoption of a multi-pronged approach to engagement and collaboration is helping to build and promote a robust and highly skilled cyber sector.
- David Ferguson, Cyber Development Lead and Head of Data, ScotlandIS
WHY CYBER RISK MANAGEMENT IS SO HARD
We live in a time of unprecedented political, cultural, social and climatic dangers. Hostile states and criminals are using cyber-tools to make each of these current issues even more intractable. Around a 100 countries are now actively involved in “cyber operations” that include espionage, political influence, sabotage and extortion. The international community has made some progress at the UN, but it has been painfully slow. Matters are made worse because the border between state cyber operations and criminal activity is increasingly blurred. Unfortunately this means that the ‘bad guys’ will very often succeed.
We all need to work hard to maximise our chances of keeping them out. We also need to ensure that we have adequate resilience, so that we can continue to function even if they penetrate our defences.
- Richard Knowlton, Director of Security Studies, Oxford Cyber Academy
RANSOMWARE: BUILDING AN INTEGRATED RESPONSE
It’s recently been reported that the UK has encountered nearly 15 million ransomware attacks during 2021 alone. High profile ransomware attacks have highlighted how vulnerable our critical national infrastructure is and the impact that these types of attacks can have on society, business, government services and people at large.
Ransomware is as much about manipulating vulnerabilities in human psychology than it is about our adversary’s technological sophistication. It’s a fight we need to tackle together.
More can be done in reducing the likelihood of become infected by ransomware in the first instance, in reducing the spread of the ransomware malware through any organisation and in reducing the longer-term impacts of a successful attack. But we need greater collaboration and an integrated incidence response to succeed.
It’s a challenge that crosses political, geographical and technology borders. Dealing with its increasing volume and impact needs government and the private sector to collaborate in a public/private partnership to better understand and tackle the attackers.
This panel will assess the current situation and outline ideas for what an integrated response could look like and the role that government, the private sector and people should be playing to reduce both the threat and the impact of damaging ransomware attacks.
- Andy Fernandez, Senior Manager, Product Marketing, Zerto
- Gabriel Currie, Cyber Defence Lead, Cabinet Office
- James Hughes, EMEA Enterprise CTO & VP of Systems Engineering, Rubrik
UK CYBER SECURITY COUNCIL UPDATE
Jessica Figueras gives an update on projects and activities of the UK Cyber Security Council since it was launched earlier in 2021.
- Jessica Figueras, Vice Chair, UK Cyber Security Council
A GENETIC APPROACH TO SUPPLY CHAIN SECURITY – UNDERSTANDING CODE REUSE
Constantly evolving attacks mean organisations should ensure that they also evolve defences. A large part of this evolution is predicated on understanding risk; how it presents and where it presents threats to your organisation. Historically there has been comfort in maintaining air gapped systems, on-premise walled gardens and staying away from the cloud. Practicality and economics make this more and more difficult to maintain and in any case, your supply chain will already be more cloudy than you think! Cloud based or not, what if the real threat to your organisation resided in software that you deemed as legitimate? In this talk we will explore the concept of code reuse and how a genetic understanding of the software you want, as well as the malware that you don’t, can help turn your weakest links into your strongest asset in the fight against cyber threat.
- Lee Beard, Public Sector, Sales Manager, Intezer
HOW TO ENSURE DIVERSITY IN CYBERSECURITY ACROSS THE PUBLIC SECTOR
It is 2021 and cybersecurity has never been more of an issue for organisations, including government bodies. Social engineering and phishing continue to be the weapons of choice by criminals intent on data theft, ransomware infection and general harm. Cybercriminals are naturally diverse in their scams, they do not differentiate by ethnic background, sex, gender, or sexuality. Conversely, the industry and the people devoted to mitigating the activities of fraudsters do not represent the make-up of society. A National Cyber Security Center paper “Decrypting Diversity” still show numbers of females in the sector are too low and members of the LGB community are under-represented. This panel will look at the blocks to minorities and women entering cybersecurity and how these blocks can be removed.
- Mez Demarais, Enterprise Architecture: Principal Security Manager, Derbyshire County Council
- Mohamed Hussein, Cyber Security Analyst, Cabinet Office
- Susan Morrow, Head of R&D, Avoco Secure
AFTERNOON COMFORT BREAK
WHAT CYBER LESSONS CAN GOVERNMENT LEARN FROM LISTENING TO THE PRIVATE SECTOR?
This session explores insight from the supplier community on lessons that have learned in their cybersecurity battles away from the public sector.
- Chris Green, Head of PR and Communications EMEA, (ISC)2
- John Dee, Director of Strategy, Somerford Associates
- Andy Harris, CTO, Osirium
HOW CAN THE GOVERNMENT STEP UP TO THE CHALLENGES IT FACES FROM THE MODERN CYBERCRIMINAL?
A look at all of the various aspects of modern cybercrime and government. What parts of government are most at risk? As we build better and more omni-channel government services does the risk profile change? How can government use resources best to fit the ever-changing needs of the cybersecurity landscape?
- Paul McKay, Senior Analyst, Security & Risk, Forrester
- Jill Trebilcock, Director , Chartered Institute for Information Security
- Bradley Bosher, Senior Systems Engineer, Varonis
- Rob Mackie, Co-Founder and Managing Director EMEA, Assured data Protection
Our chair, David Bicknell, summarises some of the of the sessions that you have heard throughout the event.
- David Bicknell, Principal Analyst, Technology Thematic Research, GlobalData