2 | CYBER SECURITY WEEK
Belfast Telegraph | December 5 2017
BT - delivering security, supporting investment and driving innovation in Northern Ireland
PAUL MURNAGHAN, REGIONAL DIRECTOR BT BUSINESS NI
BT is a trusted partner, at the forefront of creating innovative business solutions for both public and private sector businesses and organisations across Northern Ireland.
O
ne of the most pr e s s i n g a n d complex cha llenges faced by these organisations is the ever evolving issue of cyber security. In this supplement we explore that issue and what both BT and our local and global technology partners are doing to stay ahead of would be attackers and how we are working to protect your business in the same way we do our own. For us it’s already a boardroom issue, and increasingly we recognise that while the cyber threat presents challenges, it also creates opportunities for everyone and having a proactive strategic plan to manage both is critical to building a successful Northern Ireland. Few commercial organisations have a more positive and direct impact on the local economy and communities than BT. Just last week, with support from Invest Northern Ireland and as a result of working in close partnership with Ulster University, BT announced a £29 million pound investment in the creation of a world-class research and development facility that will create 25 new university research posts and up to 50 new graduate roles in the new BT Innovation Centre, and a fantastic addition to our Belfast Global Software Development Centre. This Centre will play a crucial role in our global research and
development capability, focusing on advanced research into critical areas including cyber security machine learning and AI, customer experience and the Internet of Things (IoT). The announcement came just days after Mairead Meyer, Managing Director of NI Networks, BT Northern Ireland, announced a further £20 million investment in a major expansion of ultrafast broadband, that will result in nearly a quarter of all premises across Northern Ireland having access to ultrafast broadband speeds of up 1 Gbps. The news included BT’s commitment to recruit 42 apprentices and graduates over the next ten months to work in a variety of roles of design, planning and building the Northern Ireland network. These exciting and ambitious investments are a tremendous endorsement of BT’s continued
We are working to protect your business in the same way we do our own
commitment to Northern Ireland. BT is enormously proud to play its part in developing Northern Ireland’s infrastructure, enhancing our research and innovation capabilities and providing opportunities for Northern Ireland’s considerable talent especially within cyber and IoT. While Northern Ireland is fast developing a reputation for its capability and expertise in cyber security, BT is unique in having the scale, expertise and reach that can provide local business and organisations with the support to meet the challenge of the ever evolving security threat. With operations in over 180 countries supporting some of the world’s largest companies, nation states and critical national infrastructures, we have a unique perspective in this area. From our 14 global security operations centres, our 2,500 security professionals are constantly watching, learning, predicting and responding to the latest threats to protect our customers and BT. In the following pages, we have brought together a number of highly respected professionals in the field of cyber security who share their expertise and insights. We reveal our recently commissioned local research into the issue of cyber security, we explore the challenge of combating an increasingly sophisticated threat and we look at what can be done to mitigate that threat.
December 5 2017 | Belfast Telegraph
CYBER SECURITY WEEK| 3
From denial to opportunity – the five stage cyber security journey The digital economy is brimming with commercial opportunity for those that embrace new technologies and innovative business models. Regrettably, one sector which has been quick off the mark to grasp the opportunity is the criminal community.
C
ybercrime is already more common than traditional criminal offences and half of all SMEs in the UK suffered at least one attack in the last year. The global outbreaks of WannaCry and Petya earlier this year shows the astonishing speed and scale at which even unsophisticated attacks can spread. They also underlined just how ill-prepared even big organisations are to protect themselves from criminal cyber activity. It’s not that business leaders don’t realise there is a problem. They do, but they are struggling to find a defensive strategy. Progress lies in accepting that cyber security is not a single destination but a complex journey. A real understanding of where the organisation is on that journey will help protect corporate assets and open up fresh opportunities for the digital business. Broadly speaking, there are five stages along the way. Stage one: denial – ‘there is no threat’. The hard truth is that all organisations face low-level cyber threats every day, even if they don’t realise it. Most of these attacks are crude but depressingly effective. Criminals don’t
Cyber security isn’t an issue for us; it’s all hype anyway
only target big business but increasingly go after SMEs and individuals, soft targets that can provide a pathway into more valuable hunting ground. The only way to move on is to accept there is no immunity. Every business is a target and must put in place the basics – after all, standard software updates would have defeated WannaCry at first contact.
ous thing. The boardroom becomes aware of the scope of the threat and the implications. The immediate reaction is to throw money at the problem, along with the appointment of a Chief Information Security Officer (CISO). However, technology isn’t necessarily the priority. Because the weakest link is often human, education is a priority. Once people understand how Stage two: worry – ‘let’s spend on they fit into the big picture, they the latest security systems and can protect themselves and the solutions’. company, and become a major A little knowledge is a danger- line of defence.
I have robust policies/defences...
I don’t understand how we were breached...
...and a strong compliance foundation
I am worried... but not sure what to do
Security capability
aimed at impersonating senior people and use their identity to undertake fraudulent financial transactions. The way to combat false confidence is to relook at policies, question assumptions and investments, and identify emerging risks and issues. Consider all possible scenarios – ransomware (would you pay a ransom, and how?), data breaches, distributed denial of service attacks, sabotage and fraud. Now is the time to plan and prepare for incidents and practise your responses.
Or here!
Here? We need a more agile approach to match the threat
Here? Security breaches Denial
Worry
False confidence
Stage three: false confidence – ‘we’re sorted, bring it on’. It’s great that 68 per cent of CEOs1 in the UK are confident about how they can transform their business without compromising on security. But sadly, they can’t sit back and relax because there is no 100 per cent protection against cybercrime. For example, criminals are now turning their attention to the supply chain, where contractors could unwittingly unlock access to their client organisations. Then there is ‘whaling’, a highly targeted form of phishing
There is no absolute security. We need to manage risk
We can’t do this alone - we are part of the community
Hard lessons
A true leader
Stage four: hard lessons – ‘there’s no such thing as absolute security’. Even the best prepared and protected will still experience a security breach. Perhaps new security solutions are a poor fit with the rest of the IT infrastructure, leaving vulnerable gaps. Or they are just too hard for people to use with confidence. On balance, it’s better to go with a security product that’s only 80 per cent right, but works with what you already have and employees can use easily. This is a good point to consider cyber security insurance. The act of choosing/buying a policy will prompt you to think through potential weaknesses and, if the worst happens, you’ll have access to expert help and the resources you need to get the business back on track.
Stage five: true leadership – ‘we can’t do this alone’. The fact is, if you are being attacked, then so is everyone else. True leaders will accept that this is how the digital world is, and set out to share information and collaborate with their peers to make it ever harder for criminals to succeed. Digital crime is a fact of digital life. The cold reality is that every organisation is a target, every minute of every day. The best defence is not what you buy but how you behave. And businesses which treat cyber security not a destination but as a journey will be strongly positioned to protect themselves in the evolving digital economy.
The BT/KPMG report Securing the digital enterprise. The cyber security journey – from denial to opportunity is available for download at http://www. globalservices.bt.com/uk/en/ point-of-view/cyberjourney. ¹ BT CEO Research 2017
4 | CYBER SECURITY WEEK
The welldocumented attacks of Wannacry and Petya earlier this year and the constantly evolving cyber security threat have placed a significant strain on IT resources leading to businesses and organisations in Northern Ireland increasing investment and strengthening levels of protection against cyber-attacks.
T
hese are the findings of a new indepth survey of both the public and private sector recently conducted on behalf of BT Business in Northern Ireland. Those who took part in the study revealed: ■ Additional investment has been made in security technology, tools and resources including staff awareness; ■ They are introducing more frequent patching cycles for legacy systems; ■ The issue of cyber security is discussed at board level as a business, rather than an IT issue; ■ Some have in-house security expertise while others use third party resources to protect their business or organisation; ■ A ll of those questioned, agreed that they were confident about their ability to deal with cyber security threats in the next twelve months, although they recognised the need to remain vigilant; ■ Despite that confidence, just over half of those surveyed said they had the skills they needed – in-house or otherwise – to deal with a cyber-attack. The survey also revealed: Scale and nature of the threat
Belfast Telegraph | December 5 2017
Investment in Cyber Security is increasing across business & the public sector in Northern Ireland yet more needs to be done BT survey reveals There has been a definite growth in the number and invasiveness of cyber security attacks in the last 12 months. All the organisations surveyed have defensive protection, including Next Generation firewalls and Anti-Malware systems in place to scan emails and networks for threats or attack. Nearly a third of those organisations surveyed had experienced an attack in the last twelve months. One respondent said: “Every month over 100 million email alerts, abuse, threats are received. All have so far been successfully blocked by the organisation’s software.” Biggest challenges In terms of the type of attack, the biggest challenge owing to its ability to disrupt operations was ransomware. As one of those surveyed said: “Ransomware has the potential to be the most destructive, in terms of damaging company operations – although phishing has the potential to be the most lucrative for criminals.” None of those surveyed had experienced denial of service, but all remained constantly vigilant. Raising and maintaining awareness of the cyber security threat within the organisation was an ongoing challenge, as was encouraging staff to act quickly in the event of a breach, to minimise the potential for
damage. “We put a lot of effort into cyber security, but with people’s behaviour you can never be 100%.” With IT seen as central to business and not just a support service, a further challenge cited by those surveyed was of their organisations increased reliance on IT, meaning any disruption to service from a cyber-attack would have a much greater impact on the overall ability to function. The increased connectivity of equipment within organisations has meant a greater exposure to cyber security threat throughout the whole organisation. Compliance with the EU Gen-
It only takes one person to click on a malicious link or email to expose the company to great danger
eral Data Protection Regulation (GDPR) by May 2018 is a further challenge for a number of organisations as is finding a balance between systems security and end user accessibility while continual patching can create its own problems and disrupt service. Impact on digital transformation The cyber security threat has increased the cost of digital transformation as building in security from the start is adding time and cost to the systems development. “We are in the process of procuring an online platform and it certainly is with security designed into the solution - whereas previously security may have been a secondary consideration.” Obstacles to overcoming the cyber security threat A lack of trained personnel along with the continued growth of the risk is increasing demand for scarce specialist skills. Organisations are also looking at external specialists to supply expertise as and when needed, recognising that it was not always possible or desirable to employ the skills in-house. For most organisations human behaviour was also cited as an obstacle to overcoming the cyber security threat. “It only takes one person to
click on a malicious link or email to expose the company to great danger.” Investment in security Investment in cyber security was increasing for all. In one case budget had doubled from two years ago. For most, despite increased investment, even more funding was needed. However, the increased spend on security, meant less funding for other IT development. “It’s increasing but needs to increase more! In the last 2-3 years the threat has grown significantly - it’s a different world. Availability of skills and expertise To some extent, all the organisations surveyed used third party suppliers to enhance their internet skills; all organisations engaged with security vendors and business partners for advice and consulting; all with the exception of one collaborated with organisations in their own sector while half worked with law enforcement agencies. “We have the skills needed through partnering – we will never have enough people so we reach out to the key strategic partners and they’re part of our defence and knowledge base.” Potential impact of a breach on an organisation For most organisations the main impact of a breach would be rep-
utational – primarily as a result of lost customer data and / or service delivery. Financial and other commercial considerations were much lower down the list of potential impacts. As one survey respondent said: “The biggest impact in terms of access to systems and websites would be reputational damage. There would be a huge trust issue. There would also be major issues regarding disclosure of information and data protection.” Looking ahead One of the biggest cyber security challenges for the future is finding a balance between adequate systems security and a workable end user experience. Furthermore, in addition to their own security, organisations also need to ensure that third parties have adequate cyber security defences in place. The growth of mobile, connected devices and systems will increase organisations’ exposure to risk – managing the pace and progress of digital transformation will become an increasing challenge. The research was conducted by FN Research via a series of 10 telephone in-depth interviews from 9th – 20th October 2017. The respondent was the person responsible for the telecoms within the organisation.
December 5 2017 | Belfast Telegraph
CYBER SECURITY WEEK| 5
Cyber security optimism, but stay alert COMMENTARY BY PROFESSOR SIR JOHN MCCANNY
There’s no room for complacency.
W
hile the results of the recently released survey conducted by BT Business in Northern Ireland offers reassurance that more businesses are aware of the threat from cyber-attacks and the need for a proper system of defence, there is still much to be done. For instance, just over half of those surveyed said they had the skills they needed – either inhouse or otherwise – to deal with a cyber-attack. In reality, that is a relatively impressive figure but it still leaves the remaining 50% potentially vulnerable if an attack occurred.
The research shows that investment in technology which will help prevent a cyber-attack has been increased; as has the level of awareness of the threat amongst staff. This has undoubtedly been driven by the fact that the issue of cyber security has crept up the layers of command and is now discussed in the boardroom and increasingly lies at the heart of company strategy. Only a few short years ago cyber security would have barely registered at board level, the perception being that this was solely an issue for IT departments. Well publicised attacks around the world have helped grow awareness of the cyber security threat, although it’s telling that the one closest to home which
impacted daily life – the Wannacry attack on the NHS – appears to have been one of the biggest red flags in Northern Ireland. That awareness now needs to be embedded from top to bottom in companies large and small because the technological advancement of attackers is increasing day by day. At the same time we’re increasingly opening up our daily lives to potential attack through the expansion of the Internet of Things (IoT) where computers are embedded in everything from our heating systems to our cars and TVs and to running core infrastructure such as power plants and water systems. All of these are increasingly exposed to these types of vulnerabilities
and to cyberattack. In the office, technology is on an equally fast rate of adoption and companies need to make sure that their cyber security keeps pace. Of course there are steps which can be taken to enhance cyber security, such as investing further in technology, in skills or in working with a third party security expert to address the defence and attack response levels. However, there are very simple measures which any business or organisation can make to significantly enhance security levels. It is increasingly referred to as basic cyber hygiene. This includes using secure internet connections, keeping devices and software up to date, using anti-virus software and keeping this up to date, limiting the number of users with administrative rights and so on - all of these can make an enormous difference.
There are very simple measures, which any business or organisation can make to significantly enhance security levels
Following the increasing number of ransomware attacks other important advice I can share is to continually back up your data. In fact, it’s worth repeating that particular piece of advice: back up your data. And for those who want more advice, the government-run National Cyber Security Centre website has a host of useful information under its Cyber Essentials link. The financial services sector in London has proven that joining forces with rivals to fight the cyber threat can pay dividends. These normally competitive businesses increasingly share information on a collaborative basis to bolster their cyber defences. Meanwhile, I am pleased to see that organisations in Northern Ireland are drawing succour from the fact the region is quickly gaining a reputation as a centre for cyber security research, development and innovation. Some of the most advanced cyber security knowledge available is only an arm’s length away at Queen’s University’s Centre for Secure Information Technologies (CSIT). CSIT works with local businesses to raise awareness of the issue. It has also been involved with various government departments to develop a new cyber security strategy in Northern Ireland that is consistent with the overall UK strategy helping to share this knowledge with the wider business environment. In addressing the lack of cyber security trained personnel, we’re working to encourage more students to study cyber se-
Some of the most advanced cyber security knowledge available is only an arm’s length away at Queen’s University’s Centre for Secure Information Technologies (CSIT)
curity and those in work to take advantage of in-work training which is widely available, such as the Queen’s University Master’s in Applied Cyber Security which can has been designed to be studied in concentrated oneweek blocks. Upskilling the wider workforce like this, will put Northern Ireland ahead of the curve when it comes to trying to defend cyber-attacks. While that bodes well for the future, we can’t take our eye of the ball because any advancements we make in strengthening our defences are often more than matched by what seem to be impressively sophisticated cyber attackers. There really is no room for complacency.
6 | CYBER SECURITY WEEK
Belfast Telegraph | December 5 2017
Responsibility for security is a team game LES ANDERSON, VICE PRESIDENT OF CYBER AND CHIEF SECURITY OFFICER AT BT
L
es Anderson is the Vice President of Cyber and Chief Security Officer at BT and the man charged with leading a well-resourced team of 500 insatiably curious cyber operatives to protect the integrity and reputation of BT and their customers. Earlier this year, in a testament to both BT’s unquestionable expertise in the field of cyber security and his own leadership skills and knowledge, he successfully led the organisation through the world-wide cyber-attacks of Petya and Wannacry. With 27 years’ experience as a technologist and programme manager at GCHQ, and 10 years spent at the Ministry of Defence, where he developed pioneering IT security capabilities, Les Anderson’s security credentials are exemplary. Les joined BT in 2014, and he says: “One of the main things that attracted me to BT was that they were serious about cy-
CONRAD SIMPSON, DIRECTOR AND CO-FOUNDER, CYPHRA
Cyphra is an established and specialist cyber security organisation which has a strong team of highly experienced professionals based in the NI Science Park. Locally owned, Cyphra is focused on building a world class cyber security services and solutions business from its base here in Northern Ireland.
Working together and working actively is the key to exercising sufficient cyber approach
ber security and about security generally. I knew this because I worked with them previously in my roles at both GCHQ and the Ministry of Defence.” According to the cyber chief, the key to successful online security relies upon teamwork, communication and coordinated preemptive action. “Right from the very genesis of an idea - that’s the philosophy we signed up to. That means securing services from the outset, as opposed
to forgetting about it and rushing to fix it later.” “Security is only as effective as its ability to articulate the risk areas, then having done that, for the IT organisation to take those risks as something they want to mitigate aggressively, putting skills and resources into those remediation areas in order to close risks”. Referring to the WannaCry ransomware attack earlier this year, Les Anderson says that the
incident was broadly a result of what he refers to as “a lack of standard end-to-end technology life-cycle hygiene”, amongst other factors, highlighting the typical custom of older systems becoming neglected, both in terms of effective patching and keeping up with remediation. “In many cases, the organic growth of a company’s IT estate over many years has frequently resulted in security compromises, encouraged by a lack of consideration for practices of management control and asset inventories, not knowing what has entered and what has been taken out of the IT estate - combined with an insufficient knowl-
edge of patching status. This is complex stuff and some companies IT estates are enormously complex and multilayered”. He says: “Fundamentally, companies haven’t been on top of their game, not actually knowing what is in their estate, what’s connected to what. Sometimes in complex organisations that may have undergone reorganization, the previous managements of their estates may go missing, or become corrupted - or, may not have even been done at all. “The journey to the Cloud should help in that it will dilute a reliance upon legacy IT systems. Cloud services can also incentivise companies, encouraging their movement towards better designed, better secured systems. However, as is usually the case in cyber security - if it was easy, it would be easy. There’s complexity and uniqueness to some of its structures. Certainly, better security is one aspect, but it’s not the only consideration.” Les also points out that it is not only businesses that should be responsible for robust and efficient security. “It’s all in the hands of individual citizens themselves - to ensure that the services and the systems they are
using to access the internet and associated services are patched and updated. So, responsibility lies not only with the companies, but the end service user as well. That’s simple things like making sure our laptops and desktop computers at home are equipped with antivirus technology, and making sure that we don’t visit sites that we don’t know much about that may be infested with malware”. “Everyone needs to work in tandem” to make it more difficult for the perpetrators. Working together and working actively is the key to exercising sufficient cyber approach”. What Les Anderson strives to make clear in all that he says, is that in a company like BT, cyber security is exercised in a multi-layered, team-lead and highly coordinated approach. “You need a holistic approach to manage cyber security properly - it’s about communication as an organisation, and with customers”. Les Anderson will be a keynote speaker at the BT Cyber Security Business Breakfast, Friday 8th December 8am – 10am at Queen’s Riddel Hall.
BT’s partner Cyphra discuss cyber security and a visit to Downing Street
T
he local company has gained a reputation as a leader in its field, delivering first class work and as a result is growing - fast. BT has a strong and proud track record of working in close partnership with subject matter experts (SME’s) and do so very successfully with many businesses and organisations right across Northern Ireland. Paul Murnaghan, Regional Director for BT Business in Northern Ireland says: “It’s particularly gratifying to work with SMEs that are in the early stages of their development and can benefit enormously from both the business we provide as well as the credibility we bring to the organisation. Over the years, this has led to a number of those SMEs, like Cyphra, establishing themselves as important players in the UK market and in turn has helped to create and secure valuable jobs in Northern Ireland.” What may surprise some, is the extent that Cyphra has been working across UK government and other sectors. Last month, Director and co-founder of the company Conrad Simpson took part in a
roundtable discussion at Downing Street chaired by Prime Minister Theresa May and which included Chancellor Philip Hammond as well as a number of Government ministers and other leaders from the Tech sector. There the Prime Minister promised to listen to the industry’s views on what more government can do to help it go from strength to strength, while the Chancellor said government would be ambitious as it works to make the most of the “incredible potential of the tech sector, to break down the barriers facing entrepreneurs and to drive future growth”. Cyphra and BT work with clients to manage their digital risks and ensure their security strategy supports business agility and growth objectives. “We have a team of experts here which are solely dedicated to cyber security. Our focus is on helping customers manage the cyber threats they’re facing and we do that by making sure security is an enabler and not a barrier to growth or the use of digital services.” “Cyber security needs to support business transformation and the adoption of new tech-
nology, something it will only do if it’s embedded into the heart of a business.” Given how quickly the skills of attackers have evolved, an understanding of the business impacts and a plan to manage the associated risks has never been more important, Conrad said. “On the one side you’ve got massive changes through incredibly fast innovation, exploding volumes of business data and digital disruption which can help UK businesses become more competitive.” “On the other side is the increasing involvement of organised crime and this means that cyber resilience needs to be on the board agenda of every business and embedded in their strategic plans. The fact that around 50% of crimes in the UK nowadays involve a cyber element shows how seriously it needs to be taken.” “However, don’t panic. The threats are real, and businesses are being impacted but all too often the advanced and complex threats are overplayed. Most of the threats can be defended against and their impact managed.” “Often it’s about basic cyber
hygiene and if more businesses were getting these basics right it would significantly reduce the impacts. Cyber is just another business risk which companies need to manage by making sure it is embedded into their technology, processes and people.” The latter point is particularly key, especially given skilled cyber workers are thin on the ground. Indeed BT’s own local research recently showed that a lack of trained personnel was reported by most as an obstacle to overcoming the cyber security threat, with the continued growth of the risk increasing demand for scarce specialist skills. One of the main reasons Conrad was in Downing Street was through his work to encourage more young people in Northern Ireland, to choose a career in the cyber security industry and to ensure that young people taking STEM pathways consider the wide range of opportunities to work in cybersecurity. “When we are working outside Northern Ireland we see growing recognition of Northern Ireland as a centre for cyber security and the challenge is about making sure we have the skills to meet that demand.”
When it comes to the work Cyphra does with BT, the partnership has proven extremely successful. “We have a great relationship with BT through a collaborative approach across a range of government and commercial clients in Northern Ireland,” he said. “BT utilises our skills in technical architecture, design and support to deliver enterprise or government-grade solutions.” “Both organisations collaborate a lot in an open and honest fashion. There’s a level of trust between us which means the relationship is mutually beneficial but always with the interests of our customers at the forefront.” The need for collaboration has been evident across a number of large contracts which Cyphra and BT have worked on in the last few months and will only increase as the technical world continues to innovate and evolve.
December 5 2017 | Belfast Telegraph
CYBER SECURITY WEEK | 7
Cyber Security – why you need to be one step ahead BY PROFESSOR BEN AZVINE, BT GLOBAL HEAD OF SECURITY RESEARCH AND INNOVATION
Burying your head in the sand is no longer an option when it comes to the issue of cyber security.
T
he well-publicised cyber breaches of the last year have prompted forward-thinking chief executives to build cyber security into their board level conversations and make it a key pillar of their future decision making. They have had to because the threat has increased to an unprecedented level as the people and organisations carrying out the attacks become ever more skilled and sophisticated. We’re no longer dealing with
lone teenagers working from their bedrooms just for kicks, but with highly-organised criminal gangs in search of financial or political leverage and in possession of the latest technology and know-how. That threat is multiplied by the fact we’re adopting new technology at a faster pace than ever before meaning that everything from the toaster in your house to the stock in your warehouse is connected to the internet and, as such, is a viable target. We’re creating avenues into every area of our businesses and need to make sure we have the check points and security in place to stop intruders. We need to stand up to the threat rather than curtail our adoption of these new technologies which have the potential to be transformational to our businesses, and indeed our lives. To do that we need to get more organisations treating cyber security with the deference it deserves. Traditionally that has meant adopting what is known as the
coconut approach by creating a shell which is meant to keep all of your organisation safe. It’s expensive to form a hard enough shell to defend against
We need to stand up to the threat rather than curtail our adoption of these new technologies which have the potential to be transformational to our businesses, and indeed our lives
all attacks so many organisations with limited resources end up with a shell which becomes porous. An avocado approach may be a better idea. It is based on the idea that if you spend the majority of your resources protecting the critical assets of your organisation – the stone in the example of an avocado – then the rest – the fruit – can secured by focusing on the detection, monitoring and responding to security threats. By adopting the avocado approach then you can effectively manage the competing objectives of cost versus security. The actual process of implementing this and other cyber security systems is, in many organisations, carried out in house but for smaller organisations and, increasingly for larger ones which want the added benefit of cutting edge protection, partners such as BT are engaged. As an example of how the BT views cyber security, you only need to look at the 2,500 people employed in its security division
to realise it is as serious as a business can be. We are one of the biggest investors in cyber security research and development globally because we understand that the bad guys are sharpening their knives and we need to be strengthening our defences and those of the organisations we work with. By engaging with us, organisations are able to mitigate their cyber security risk as much as possible and rest easy knowing that the most up-to-date technology is protecting their critical resources and the most up-to-date technology is poised to deal with any breach which might occur. We can help create a cyber security strategy to make sure it’s integrated into the growth of the company. Once embedded, we can utilize the data to build
highly sensitive alarms which can detect the weak signals that precede cyber-attacks. Armed with that knowledge, the host of new technologies, such as artificial intelligence, machine learning and quantum technologies, can be embraced and your business or organisation can keep pushing the boundaries and steal a lead on the competition. Achieving growth in an ever-more turbulent economy is difficult enough so it makes sense to work as a team to defend your organisation from cyber-attack.
Professor Ben Azvine will be a keynote speaker at the BT Cyber Security Business Breakfast, Friday 8th December 8am – 10am at Queen’s Riddel Hall.
Partnering to bolster cyber defence
TONY DAVITT, TECHNICAL SOLUTIONS ARCHITECT, CISCO SYSTEMS INTERNETWORKING (IRELAND) LIMITED
For Cisco, cybersecurity has been a key focus ever since the Silicon Valley Company was formed in December 1984.
T
he technology giant has always known that Business Operations are vulnerable to attack and has made sure it is at the forefront of providing the best defence possible. With 300 dedicated threat researchers, Cisco boasts the largest threat intelligence in the market (Talos) and, they have a close working relationship with law enforcement agencies and partners to stay up-to-date with the latest threats which are evolving every day. Talos is Cisco’s industry-lead-
ing threat intelligence team that protects their client’s people, data and infrastructure from active adversaries. The Talos team collects information about existing and developing threats, and provides comprehensive protection against more attacks and malware than anyone else. All Cisco Security products utilize Talos threat intelligence, providing fast and effective security solutions. Our job is protecting our customer’s network. This focus and commitment was further enhanced five years ago when security was given its own dedicated business division within Cisco to deliver a more proactive and effective defence mechanism to keep organisations around the world safe. Cisco realised adversaries now have more tools at their disposal than ever before – as a result of the explosive growth of mobile and online traffic – as well as having more space in which to operate, more choices of targets and approaches and a keen sense of when to use each one for maximum effect. Cisco’s cyber security division has grown to make sure it is able to offer the broadest cyber security portfolio in a market which
has traditionally been fragmented. Tony Davitt, Technical Solutions Architect at Cisco, has helped drive that growth. “Our strategy has been about developing a world class portfolio of security products through internal development and acquisition, along with an integrated Architectural approach and Cloud based Threat Intelligence” he said. “With an integrated architecture, our customers’ don’t buy point solutions; each component must defend together, integrate with the adjacent components within our offering to make it simpler to manage, simpler to operate and more intuitive.” That integration goes right across the board. “We try to be as open as possible and ensure we are compatible with other vendor’s products,” Tony said. “We have a number of programs in place such as PxGrid and Cisco Security Technical Alliances which integrate with one another and we believe we need to have an architectural approach to provide the best protection for our customer’s networks.” That open relationship means
better intelligence can be built up around any threat, and a solution to protect it found much more quickly and more efficiently. But it needs trusted partners to be able to deliver that service, and that’s where BT excels. Over the last twelve months some of Cisco Ireland’s largest Security Solutions have been delivered in partnership with BT. The two partners have worked on large transformational projects through a partnership that goes back more than twenty five years. “While we can supply technology solutions, technology will only resolve part of the problem – people and process are important too. As trusted partners, BT works with customers providing advice and guidance to make sure the security technology is implemented properly. “This education part of the puzzle is really important.” “Security is often seen by organisations as a blocker to progress rather than an enabler for digital business. That is why BT put security at the forefront of al design strategies. BT facilitate this through a trusted advisor who works closely with custom-
ers to ensure security is aligned to the business needs. Tony said awareness of the ever-evolving cyber security threat landscape has grown in recent years. “Customers are aware of the threat, but they’re also aware of the lack of skilled people in the sector,” he said. “Cisco has found there is a shortage of properly qualified personnel – it’s called negative employment in the security space.” That is causing issues, with recent surveys showing nearly half of security alerts received by organisations aren’t being investigated because of a lack of skilled personnel. But organisations don’t need to leave themselves so vulnerable. “By working with partners you can take away the management of products and services and rest easy that you are being afforded the best and most up-to-date protection.” As the threat from cyber criminals continues, such peace of mind is invaluable and will allow organisations around the world to harness technology with gusto rather than shy away from a perceived threat.