The second day of Infosecurity Europe 2022 saw Simon Dyson, cyber security operations centre lead for NHS Digital, deliver a roundtable discussion at the Geek Street part of the conference. The session saw Dyson explain how teams can take tangible, actionable steps to boost awareness of cyber risks across their organizations, putting businesses on a path to better management of potentially damaging vulnerabilities.
Dyson introduced the discussion by stating that no one can ever be fully prepared against cyber-attacks, and those that think they are are wrong. The need for companies to be cyber-resilient was also highlighted, stating that we are in a continuous and ever-evolving fight against cyber criminals, and being the victim of an attack is an unavoidable feature of the current digital landscape. Dyson continued that businesses need to ensure they are hiring the right personnel with appropriate skills and knowledge and creating an internal culture within a business that’s open to constructive feedback when cyber issues arise, as this is conducive to stronger cyber resilience.
The first roundtable question concerned what the minimum key roles and functions should be within a company to achieve cybersecurity objectives, with the audience suggesting a multitude of crucial roles, such as incident response, raw data management, digital forensics and communication and public relations. The challenges that subject matter experts face in this context were acknowledged, with mixed views on how effective it is to have individuals within a smaller company take on multiple cybersecurity roles.
The second question of the session focused on assessing which of the techniques and methods organizations use to protect themselves are implemented well and which could be improved. While certain limitations were addressed, the audience identified areas such as incident management, risk management and training as strategies that were generally robust and applied well.
The third and final part of the roundtable discussion focused on CREST and the maturity model they’ve developed to assess the status of a business’s incident response capability once subjected to a cyber-attack. This model was used to frame discussions on how best to prepare, respond and follow up on an attack.
Dyson ended the session with five key takeaways: detail key functions and roles to attain cyber-resilience; have an incident management plan; ensure logging is centralized; practice an incident investigation – can you “pull the string” to the attacker outside your organization?; and ensure you have a comprehensive offsite backup.