Stuart O'Brien, Author at Cyber Secure Forum | Forum Events Ltd
Posts By :

Stuart O'Brien

REVEALED: The most in-demand cybersecurity solutions of 2024

960 640 Stuart O'Brien

Cyber Strategy, Data Protection and Access Control top the list of solutions the UK’s cybersecurity professionals are sourcing in 2024, according to our exclusive research.

The findings have been revealed in the run up to the Cyber Secure Forum, which takes place on June 25th at the Hilton London Canary Wharf.

Delegates registering to attend are asked which solutions they needed to invest in during 2024 and beyond.

Cloud Web Security and Identification rounded out the Top 5.

The most popular solutions have changed somewhat since 2023, when Access Control, Employee Security Awareness and UK Cyber Strategy topped the list.

Top 10 technologies being sourced by Security IT Summit delegates 2024:

Cyber Strategy

Data Protection

Access Control

Cloud Web Security

Identity Access Management

Penetration Testing

AI/Machine Learning

Multifactor Authentication

Risk Management

Vulnerability Management

Sarah Beall, Managing Director at Forum Events & Media, said: “The way we match buyers and suppliers at the Cyber Secure Forum gives us a unique insight into the types of products and services the industry is looking for right now. Not only does it mean we can deliver a highly-targeted B2B event with proven outcomes for all attendees, but we can deliver valuable insights into how the market is developing at what is a hugely exciting time for all stakeholders.”

To find out more about the Security IT Summit, visit https://securityitsummit.co.uk

For more information about the buying trends data and the Security IT Summit, contact Courtney Saggers on 01992 374088 | c.saggers@forumevents.co.uk

BROWSER SECURITY MONTH: Shielding your staff from dangerous destinations with proactive defence

960 640 Stuart O'Brien

The internet is a vital tool for businesses and government institutions alike, but it also presents a landscape rife with security threats. Web browsers, the gateways to this digital world, are a prime target for cybercriminals. Fortunately, the approach to web browser security in organisations, both public and private, has undergone a significant evolution in recent years. Let’s explore this journey towards a more secure online environment and examine the exciting possibilities that await senior IT professionals…

From Patchwork Policies to Proactive Defence:

Traditionally, web browser security relied on a patchwork of measures, including:

  • Basic User Education: Raising awareness about phishing scams and malicious websites was a primary focus, but often proved insufficient against increasingly sophisticated attacks.
  • Limited Browser Features: Disabling certain browser features like JavaScript could enhance security, but hindered functionality and user experience.
  • Outdated Software: Patch management was not always prioritized, leaving organisations vulnerable to known browser vulnerabilities exploited by cybercriminals.

The Public Sector Prioritises Data Protection:

The public sector, entrusted with sensitive citizen data, has adopted a more proactive approach:

  • Centralised Management and Deployment: Standardizing browser configurations across government departments ensures consistency and simplifies security updates.
  • Integration with Security Systems: Web browsers are integrated with network security solutions, allowing for real-time threat detection and blocking of malicious websites.
  • Multi-Factor Authentication (MFA): MFA adds an extra layer of security beyond passwords, making unauthorised access more difficult.

The Private Sector Embraces Advanced Solutions:

The private sector has witnessed a rapid adoption of advanced security solutions:

  • Sandboxing: This technology creates isolated environments where suspicious websites can be accessed without risk of infecting the user’s device.
  • Endpoint Detection and Response (EDR): EDR solutions monitor user activity within web browsers, identifying and responding to potential threats in real-time.
  • Browser Extensions and Plugins: A range of browser extensions and plugins offer additional security features like password managers, ad blockers, and website reputation checkers.

The Future of Web Browser Security: A Collaborative Approach

The future of web browser security promises exciting advancements for senior IT professionals:

  • Cloud-Based Security Solutions: Cloud-based security solutions offer real-time threat intelligence and centralized management, simplifying security across an organization.
  • Zero-Trust Security: This evolving approach verifies every user and device accessing the network, regardless of location, eliminating the concept of implicit trust.
  • Integration with Artificial Intelligence (AI): AI can analyze user behaviour and website traffic patterns,identifying anomalies that might indicate a potential cyberattack.

Collaboration is Key:

Ensuring robust web browser security requires a collaborative approach:

  • Software Vendors: Continued development of secure browser features and prompt patching of vulnerabilities is crucial.
  • Security Solution Providers: Continuous innovation in security solutions that integrate seamlessly with web browsers is vital.
  • Users: Employee education about safe browsing practices and responsible use of web browsers remains essential.

A Secure Future for Organisations:

By embracing a multi-layered approach and utilizing the evolving solutions available, senior IT professionals can create a more robust web browser security environment for UK organisations. Collaboration between stakeholders, coupled with ongoing advancements in technology, holds the key to navigating the ever-changing threat landscape and safeguarding sensitive information. In a world increasingly reliant on the internet, a secure browsing experience is no longer a luxury, but a necessity.

Are you searching for Web Browser Security solutions for your organisation? The Cyber Secure Forum can help!

Photo by Nathan Dumlao on Unsplash

Cyber Secure Forum: Final call for delegate registration!

960 640 Stuart O'Brien

This is your final chance to confirm your free place at the upcoming Cyber Secure Forum, which takes place in London on June 25th.

This Summit provides an excellent chance to connect with innovative, budget-friendly suppliers for your upcoming cyber initiatives, network with industry peers, and stay updated on the latest industry trends and insights.

Your free pass grants you access to insightful seminars by top speakers, including James Potter @ The Linked In Man, and Alex Wood – a reformed hyper-prolific financial criminal who now leads the financial sector, Government and law enforcement in its response to fraud. He will tell you “How I would use AI to rob you!”

Check out our full seminar programme.

There are just 5 spots left. Confirm your free place – you have the option to attend for a full day or a half day, depending on your schedule.

NCSC calls for business to drop ‘band aid’ approach to cybersecurity

960 640 Stuart O'Brien

The Chief Technology Officer of the National Cyber Security Centre (NCSC) has outlined why he doesn’t think the market for technology is working when it comes to cybersecurity.

Speaking in a keynote address at the CYBERUK conference in Birmingham, Ollie Whitehouse said that companies globally know how to build resilient, secure technology, but the market does not incentivise them to do so.

In his first major public address since taking up the role, stated that there is still a ‘thousand Band-Aid’ approach to cyber security – that organisations are layering sticking plasters over security cracks in an attempt to address technical debt – and for the UK to become a truly cyber-resilient nation, that approach needs to fundamentally change.

He argued that technology is changing at a rapid pace, but that regulation and legislation are not keeping pace and likely never will do. He called for technology developers to be honest about the profound challenges they are facing in order to develop products and services that are fit for purpose and for a resilient future.

Whitehouse stated: “The world is changing, fast, and we are facing a fundamental challenge: we don’t have the evidence for how to build a resilient country writ large.

“The challenges ahead of us are the horse-sized ducks of states with strategic intentions, and the duck-sized horses of criminal actors out for financial gain. And the reality is that we don’t get to choose which one we’d rather counter, because we have to be able to face both with confidence.

“We know how to design and build resilient, secure technology. We just need a market that supports and rewards it.”

Photo by rivage on Unsplash

Sustainability monitoring high on CIO agenda for cloud environments

960 640 Stuart O'Brien

Fifty percent of organisations will adopt sustainability-enabled monitoring by 2026, to manage energy consumption and carbon footprint metrics for their hybrid cloud environments, according to a poll of CIOs conducted by Gartner.

This is in response to pressure from investors, customers, regulators and governments, which is forcing organizations to adopt carbon neutrality and net zero goals by 2030. For example, the Australian Government recently introduced legislation to establish the Net Zero Economy Authority to support the country’s net zero transformation.

“Organizations have strong carbon reduction goals to achieve and expect their infrastructure and operations (I&O) teams to launch sustainability initiatives that align their current IT carbon footprint with corporate goals,” said Padraig Byrne, VP Analyst at Gartner and Conference Chair of the Gartner IT Infrastructure, Operations & Cloud Strategies Conference in Sydney this week.

The 2024 Gartner CIO and Technology Executive Survey revealed that 79% of Australian and New Zealand (ANZ) CIOs expected to direct the second largest amount of new or additional funding in 2024 towards cloud platforms, which increasingly makes the environmental sustainability of cloud a core responsibility for I&O leaders. The survey gathered data from 2,457 respondents in 84 countries, including 87 in ANZ.

According to Gartner, the reporting of activities, energy usage, water efficiency and greenhouse gas (GHG) emissions in cloud and data centers will become new areas of IT management, resulting in new IT operating models (GreenOps) that will require new processes, capabilities and tools.

“I&O leaders and managed service providers will demand monitoring, analytical and generative AI services from software and cloud vendors to manage and optimize CO2e emissions and power consumption for reporting and IT management purposes,” said Byrne.

To satisfy this demand, monitoring vendors will evolve their portfolio of products and will enable new capabilities to track CO2e and power consumption across different IT layers – data center, hardware, middleware and applications. According to Gartner, this will provide analytical capabilities and insights to optimize every type of workload.

There are a number of adoption challenges for sustainability-enabled monitoring. Organizations that currently manage sustainability metrics use historic data and little to no real-time information, which can impact some real-time business decisions.

“Most relevant metrics aligned to net zero carbon are based on CO2e emissions and power consumption,” said Byrne. “However, IT organizations don’t currently have the capability to gather this information directly. Some request it from their IT providers, but the quality and granularity of information at the data center and cloud account level aren’t accurate enough to rely on for good management decisions.”

Gartner analysts said there are a few processes and monitoring/observability tools specialized in the tracking of CO2e and power metrics at different IT levels (hardware, middleware, application, data center, cloud, etc). However, this makes it difficult for I&O leaders to determine whether their environmental sustainability initiatives will succeed.

Current monitoring tools that address some of the sustainability metrics are mainly focused on on-premises environments, which makes it challenging to address these goals in current hybrid IT environments.

To overcome these challenges, Gartner recommends organizations adopt GreenOps or sustainability practices to start building the operating model that will help achieve carbon-neutral goals. Sustainability telemetry must also be collected and managed from their cloud providers, just as health performance and consumption cost telemetry are managed.

“This may not need to be acted on as urgently now, but treating those signals with equal importance positions organizations to benefit from real-time GHG emissions and power consumption optimization when the capability becomes available,” said Byrne.

Gartner recommends I&O leaders explore and evaluate monitoring providers across a new set of metrics related to power consumption, power efficiency and CO2e emissions for IT infrastructures and verify their capabilities are valid for hybrid IT environments.

5 MINUTES WITH: Darren James, Senior Product Manager at Specops

960 640 Stuart O'Brien

In the latest instalment of our cybersecurity industry executive interview series we sat down with Darren James, Senior Product Manager at Specops, to talk about the increasing prevalence of nation state-sponsored attacks, the benefits of taking a holistic approach to cyber defences, growing interest in CTEM and the perilous state of attitudes to password security…

Tell us about your company, products and services.

Specops has been solving Password, Identity and Authentication problems with simple, easy to implement solutions since 2001.

We’re now part of Outpost24 and as a group we cover a broad range of cyber security solutions that meet the CTEM or Continuous Threat Exposure Management requirements.

We’re ISO and Cyber Essentials Certified and have offices and customers all over the world.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

With the worsening geopolitical events happening across Europe and the Middle East, along with emerging threats in Asia, we have seen a massive uptick in nation state sponsored attacks targeting organisations not just for financial gain, but also undermining opposing governments and critical infrastructure as well.

And what have been the biggest opportunities?

For one thing these very public breaches have shone an even brighter and larger spotlight on the cyber threats that face any organisation today. So even though budgets are tight, there is a tendency to spend more resources on consolidating your cyber security solutions and have a more holistic approach that mitigates the cyber risk from both the application and human layer.

What is the biggest priority for the IT security industry in 2024?

Getting the basics right is still very important, we talk to hundreds of customers a week who still have poor password hygiene issues. Breached, weak and shared passwords are still a huge problem. But fixing that issue isn’t hard.

What are the main trends you are expecting to see in the market in 2024?

As mentioned before we are seeing growing interest in the CTEM market, that will allow businesses to scope, discover, prioritize, validate and finally mobilize against the cyber threats they face on a continuous basis, whether it’s applications, infrastructure or human risks

What technology is going to have the biggest impact on the market this coming year?

I suppose this is where you want me to talk about AI and Machine learning, but to be honest although there are movements in this area, there’s still some way to go before we need to consider the Terminator movies becoming a reality. This year I’m hoping to see passkeys become more commonplace and adopted more widely, certainly in the consumer market, but we need to remember that they can’t solve everything.

In 2028 we’ll all be talking about…?

Beach front holidays in London and poor passwords!

Which person in, or associated with, the IT security industry would you most like to meet?

Johnathon Ellison – Director for National Resilience and Future Technology (NCSC).

What’s the most surprising thing you’ve learnt about the IT security sector?

How absolutely awful most people’s password choices are.

You go to the bar at the Cyber Secure Forum – what’s your tipple of choice?

I’m always partial to a well-made Mojito, but failing that a good old Gin and Tonic will do the trick.

What’s the most exciting thing about your job?

Working with some super smart people and speaking to organisations every day and actually solving a big problem for them.

And what’s the most challenging?

Keeping up with all the super smart people I work with.

What’s the best piece of advice you’ve ever been given?

Always ask questions and always listen to the answers, and always read the log files 😊

CALL FOR SPEAKERS: Share your thoughts on today’s biggest cybersecurity issues

960 640 Stuart O'Brien

If you’re a cybersecurity professional and would like to share your knowledge, case studies and best practice with peers, then please get in touch – we have speaking opportunities upcoming at the Cyber Secure Forum this November.

This long-running and unique, invite-only event is attended by senior IT security professionals and leading suppliers, offering a great environment for networking and knowledge sharing within specialist seminar sessions.

Among the topics we’re looking for thought leadership on are Insider threats, Dark web, AI, Cyber Risk Management and more.

The Cyber Secure Forum takes place on November 7th at the Hilton London Canary Wharf.

So, if you would like to deliver a talk sharing your experiences and knowledge with delegates, please contact Natasha Cobbold at n.cobbold@forumevents.co.uk or visit https://forumevents.co.uk/speaker-opportunities.

 

If you’re a specialist in Web Browser Security we want to hear from you!

960 640 Stuart O'Brien

Each month on Cyber Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in June we’re focussing on Web Browser Security solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Web Browser Security solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on j.lane@forumevents.co.uk.

Here’s our full features list:

Jun 2024 – Browser/Web Security
July 2024 – Authentication
Aug 2024 – Penetration Testing
Sep 2024 – Vulnerability Management
Oct 2024 – Employee Security Awareness
Nov 2024 – Malware
Dec 2024 – Network Security Management
Jan 2025 – Anti Virus
Feb 2025 – Access Control
Mar 2025 – Intrusion Detection & Prevention
Apr 2025 – Phishing Detection
May 2025 – Advanced Threat Dashboard

Photo by Denny Müller on Unsplash

Generative AI now the most frequently deployed AI solution in organisations

960 640 Stuart O'Brien

According to a Gartner survey conducted in the fourth quarter of 2023, 29% of the 644 respondents from organisations in the U.S., Germany and the U.K. said that they have deployed and are using GenAI, making GenAI the most frequently deployed AI solution. GenAI was found to be more common than other solutions like graph techniques, optimisation algorithms, rule-based systems, natural language processing and other types of machine learning.

The survey also found that utilizing GenAI embedded in existing applications (such as Microsoft’s Copilot for 365 or Adobe Firefly) is the top way to fulfill GenAI use cases, with 34% of respondents saying this is their primary method of using GenAI. This was found to be more common than other options such as customizing GenAI models with prompt engineering (25%), training or fine-tuning bespoke GenAI models (21%), or using standalone GenAI tools, like ChatGPT or Gemini (19%).

“GenAI is acting as a catalyst for the expansion of AI in the enterprise,” said Leinar Ramos, Sr Director Analyst at Gartner. “This creates a window of opportunity for AI leaders, but also a test on whether they will be able to capitalize on this moment and deliver value at scale.”

The primary obstacle to AI adoption, as reported by 49% of survey participants, is the difficulty in estimating and demonstrating the value of AI projects. This issue surpasses other barriers such as talent shortages, technical difficulties, data-related problems, lack of business alignment and trust in AI (see Figure 1).

“Business value continues to be a challenge for organizations when it comes to AI,” said Ramos. “As organizations scale AI, they need to consider the total cost of ownership of their projects, as well as the wide spectrum of benefits beyond productivity improvement.”

Figure 1: Top Barriers to Implement AI Techniques (Sum of Top 3 Ranks)
[Image Alt Text for SEO]

Source: Gartner (May 2024)

“GenAI has increased the degree of AI adoption throughout the business and made topics like AI upskilling and AI governance much more important,” said Ramos. “GenAI is forcing organizations to mature their AI capabilities.”

“Organizations who are struggling to derive business value from AI can learn from mature AI organizations,” said Ramos. “These are organizations that are applying AI more widely across different business units and processes, deploying many more use cases that stay longer in production.”

The survey found 9% of organizations are currently AI-mature and found that what makes these organizations different is that they focus on four foundational capabilities:

  • A scalable AI operating model, balancing centralized and distributed capabilities.
  • A focus on AI engineering, designing a systematic way of building and deploying AI projects into production.
  • An investment on upskilling and change management across the wider organization.
  • A focus on trust, risk and security management (TRiSM) capabilities to mitigate the risks that come from AI implementations and drive better business outcomes.

“AI-mature organizations invest in foundational capabilities that will remain relevant regardless of what happens tomorrow in the world of AI, and that allows them to scale their AI deployments efficiently and safely,” said Ramos.

Focusing on these foundational capabilities can help organizations mature and alleviate the current challenge of bringing AI projects to production. The survey found that, on average, only 48% of AI projects make it into production, and it takes 8 months to go from AI prototype to production.

Photo by Solen Feyissa on Unsplash

What data protection considerations are there when procuring, developing and deploying AI systems?

960 640 Stuart O'Brien

By Liz Smith, associate in the commercial team at independent UK law firm Burges Salmon

In the rapidly evolving landscape of AI technology, data protection remains a crucial area of concern for businesses. Here we summarise some of the key data protection considerations for businesses procuring, developing or deploying AI systems…

  • Purpose and lawful basis: Whenever personal data is processed within the AI value chain, whether the business is developing, deploying or procuring an AI system, there must be an appropriate lawful basis and such personal data must only be processed for the stated purpose.
  • Role: It is important to identify from an early stage the role of the business in the context of data protection legislation (Data Controller, Data Processor or Joint Controller) to understand the applicable obligations. The role of the business is likely to change based on where the business sits in the AI value chain, and whether it is deploying and developing an AI model vs procuring an AI model. Where the business acts as a data controller and is procuring an AI model, it needs to be clear on what personal data is being processed by the supplier and for what purpose (for example, is personal data being used to train the model?)
  • Security: It is important to ensure appropriate levels of security against unauthorised or unlawful processing, accidental loss, destruction or damage. As AI is rapidly developing the security risks are also changing at pace. Most businesses will likely procure an AI system rather than develop one in house. The integration of the AI system into the wider IT structure, as well as reliance on third party software and intricacy of the AI value chain, adds an extra degree of complexity which is likely to increase security risks. This complexity can make it more difficult to identify and manage securityrisks and to flow-down and monitor compliance with security policies, therefore it is important businesses undertake robust due diligence when engaging suppliers and pay special attention to the specific risks posed by AI systems to their business. Given this is a rapidly developing area, businesses should actively monitor and take into account state-of-the-art security practices.
  • Data Protection Impact Assessments (DPIA): A DPIA is a critical process for organisations using AI to ensure that personal data is handled lawfully and transparently.  A DPIA must be completed before an AI system is deployed if processing is likely to result in high risk to individuals. The meaning of ‘likely to result in high risk’ is not defined in UK GDPR but a key point to note that it is the purpose of the DPIA to ascertain if the processing is high risk, so whether or not a DPIA is required should be determined on an assessment of the potential for high-risk. Some processing of personal data (for example, large scale use of sensitive data) will always require a DPIA.
  • Transparency: Businesses must be transparent about their use of AI, providing clear information to individuals about how their data is being used and for what purposes. The ICO’s guidance focuses on ensuring AI systems are “explainable” to data subjects and emphasises the need to tailor explanations to affected individuals. Businesses should consider whether updates are required to their data protection policy and privacy notices to meet this requirement.
  • Automated decision making: The use of automated decision making which has legal or similarly significant effects on an individual triggers specific legal requirements under data protection legislation. If the decision impacts any individual legal entitlements or the ability to obtain funding or secure a job it is likely to fall in scope of these specific legal requirements. Businesses can only carry out this type of decision making where the decision is:
  1. necessary for the entry into or performance of a contract;
  2. authorised by law that applies to the business; or
  3. based on the individual’s explicit consent.

If this is the case, the law requires businesses to give individuals specific information about the process (about the logic involved, the significance and the envisaged consequences). Businesses will need to introduce methods for any relevant individuals to request human intervention or challenge a decision which impacts them and will need to carry out regular check to ensure the systems are working as intended.

  • Bias and discrimination: If left unchecked, AI systems can inadvertently lead to bias and discrimination. Bias can arise because of the contents of the training data or the way it has been labelled by humans. Deploying an AI system with underlying bias increases the risk of an AI system making a discriminatory decision, especially in the context of hiring, promotions, or performance assessments. This exposes the business to claims of discrimination. It could impact the day to day operations of the business if an AI system needs to be removed or fixed to resolve the issue and it may lead to internal or external reputational damage. Businesses deploying AI systems will benefit from testing the decisions made by the AI system for different groups to assess whether the outcomes are acceptable. It may also be appropriate to carry out or request an audit of the underlying data used to obtain a clear understanding of how the AI system has been trained.
  • Supply chain due diligence: The majority of businesses will procure AI systems from a third party. Businesses that develop AI may obtain training data from an external source. Wherever a business sits within the AI value chain, carrying out due diligence checks on any third party providers to ensure compliance with data protection legislation is key.

Photo by Tim Mossholder on Unsplash