Ransomware in 2021 and the rise of ransomware-as-a-service
Ransomware has been around for years, but the malware – which encrypts valuable business data until a ransom is paid – continues to be used in cyber-attacks. Any sector can be targeted, but ransomware often takes advantage of out of date systems in vulnerable industries such as healthcare and utilities. In industries such as these, a ransomware attack can be fatal. In 2020, a patient died after a ransomware attack crippled a hospital in Germany, delaying their treatment. And in 2017, the WannaCry cryptoworm hit the UK’s NHS, bringing machines including MRI scanners to a standstill, resulting in 19,000 cancelled appointments.
As the threat continues to grow, it is becoming even easier for adversaries to launch attacks due to models such as ransomware-as-a-service. This model allows attackers to simply purchase the ability to launch their attacks via dark web forums.
This session will cover:
- A year in ransomware: Attacks in 2020 and 2021
- Industries being targeted by ransomware and why
- Ransomware as a service: How this growing model sees cloud based RaaS kits sold for $40 a month, including 24/7 support
- How to protect your business from ransomware
- What to do if you are hit by ransomware
The hybrid workforce: Security for a post-COVID-19 world
Many businesses in the UK will start to go back into the office in September, but what does this mean for security? While many employees will continue to work from home, at least part time, security teams will need to manage those returning to the workplace too. This session will cover:
- The hybrid workforce: Security issues and challenges
- How to manage devices and the new era of BYOD
- Tracking home workers: Is this acceptable?
- GDPR and data protection: Your obligations explained
- Password management and authentication
- Securing your business for the future of work
2021: The year of the “data leak”?
In April 2021, Facebook confirmed 500 million users’ details had been leaked online via a hacking forum. Soon afterwards, data was scraped from up and coming audio social network Clubhouse. Neither company was hacked, and Facebook has outlined how scraping is against its policies, but the availability of data such as this has raised questions over what firms should be doing to protect their customers’ information. As privacy becomes increasingly important to customers, this session will examine:
- What is a data leak and why is it different from a breach?
- Why data leaks are bad for your customers, and your reputation
- Data leaks and your obligations under the GDPR and DPA
- What to do to safeguard data and prevent data leaks
The 2021 threat landscape beyond COVID-19
Cybercrime is skyrocketing, with “nearly all” criminal activities featuring an online component, according to Europol’s 2021 Serious and Organised Crime Threat Assessment (SOCTA) report.
COVID-19 has fuelled this further as businesses accelerated digital transformation projects and working from home became the norm, with cyber-attacks growing in number and sophistication since the last SOCTA report four years ago. This session will cover:
- How online cyber-crime services allow criminals to buy malware, DDoS and ransomware
- How criminals use encrypted communications to network among each other, and utilise social media and instant messaging services to reach a larger audience to advertise illegal goods, or spread disinformation
- The role of threat intelligence in navigating the cyber threat landscape
- How to manage a hybrid workforce as cyber-crime continues to migrate online
Technology and tools: How tech and people are the key to fighting cyber-attacks
It’s often said that people are the weakest link in the chain when it comes to security. But without the correct technology and tools in place, businesses will be unable to protect the workforce from employee based cyber-attacks such as phishing. This talk will look at:
- It’s not me, it’s you: Why people aren’t to blame for cyber attacks
- Technology and tools to help employees stay secure
- Employee training: when it works, and when it doesn’t
- Can multi-factor authentication stop cyber-attacks? Why MFA is important, and the best strategy to implement this
- Culture: Avoiding a culture of blame and why it’s integral that employees feel able to report phishing attacks
Cloud security: The risks and how to avoid them
The move to cloud has accelerated during the COVID-19 pandemic, but this has also increased security risks. According to the Cloud Security Alliance, 62% of businesses have moved to multi-cloud set ups, increasing the need for security and tools. Often the controls put in place to manage security are not up to the task, and there is a lack of skilled workers with cloud specific experience. This session will cover:
- The COVID-19 impact on cloud and cloud security
- Why visibility is key
- The tools and skills needed to secure cloud services and what kind of cyber-attacks to look out for
- Privileged access management in cloud services
- Compliance in the cloud and industry specific requirements
- How to implement a cloud security strategy
How to create and promote a diverse workforce
There is a skills shortage in cyber security. Last year, the UK government found demand for cybersecurity professionals continues to exceed supply, even though security teams have to deal with more threats than ever. Approximately 48% have a basic skills gap and are unable to carry out the basic tasks laid out in the government-endorsed Cyber Essentials scheme. This talk will examine:
- The cyber security skills gap and the role of diversity in mitigating this
- The advantages of having a diverse team to protect firms from cyber attacks
- Types of diversity eg gender, ethnic, neurodiversity
- Job ads: How to encourage a wide range of applicants
- The interviewing process and the importance of not simply looking for “someone like you”
A spy’s story
This session will see an ex-spook talk about spying from a historical perspective, from WW1 through to the current day, detailing the threats from countries such as China, Russia, North Korea and Iran. The talk will outline how cyber espionage affects businesses, which industries are likely to be affected, and how firms can protect themselves now and in the future.