The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
1. WELCOME TO DIGITâS 6th ANNUAL
SCOT-SECURE
EDINBURGH - DYNAMIC EARTH - 19TH & 20TH FEBRUARY 2020
LEAD SPONSOR
CO-SPONSORS
@digitfyi #scotsecure
2020
Part of Orange Cyberdefense
DAY 1
6. Global reach
12 markets
`
Offering choice
240,000 Restaurant Partners, serving over 100 different cuisine types
Diversified customer base
28m active customers, placing over 221 million orders in 2018
A fantastic team
Over 3,600 employees globally
*data correct at 13 July update 2019
A LEADING GLOBAL
HYBRID
MARKETPLACE FOR
ONLINE FOOD
DELIVERY
9. 9
Hacker, security, team builder, function
creator
Father
Sports - cycling, crossfit, crossfit
coachingâŚ.
Cars, bikes, cars...
Constantly learning
Wonders how I got here!
Maryland cookies and unicornsâŚ.
19. 19
Building our team
⢠Being realistic in our expectations
⢠Hiring people with the right mindset - this is often more valuable
than âknowledgeâ
⢠Looking internallyâŚ
We have successfully moved people from other teams into the
security team!
⢠Remember security is everyone's responsibility!
We engage with other teams to work with us and deliver our
goals
Providing and awesome working environment and career
progression
Use your imagination!
20. 20
Creating a Space to be Awesome!*
PURPOSE
AUTONOMY
MASTERY
INCLUSION
NEGATIVE factors that detract
*Credit Mark Williams - ChromeRose
21. 21
Embrace cognitive diversity
- Challenge conventions
- Build a team that treats everyone
fairly*
- Be open to differences
- Encourage open conversations
- Be open and welcome challenges!
- Embrace change and actively engage
with people who have different
viewpoints or ways of thinking
*But avoid the trap of being overly âPCâ
24. 24
Have a coffee*
- Build connections
- Listen to people
- Not every conversation needs to be
about securityâŚ
*not by yourself...*Thanks Little black duck for image!
25. 25
Engage with the business
- Not that sort
- But seriously get involved
- Be part of the team
- Be partof the conversation
- Always think
- âhow can we help
deliver better, faster
AND saferâ
- NEVER
- âSecurity says noâ
*not that sort...
26. 26
How can I make you an advocate?
- Make every interaction positive
- Never blame
- How can we do better next time
- Genuine no blame culture
- âSecurity is helpfulâ
- âThey helped me succeedâ
*Thanks The Childhood League Center for image!
27. 27
Be an enabler
Security must enable the business if it ever wants to become part of the business
To provide appropriate security and risk guidance at the speed of the business
To be flexible and able to pivot to meet changing requirements
- Evolving threat landscape
- Changing business needs and priorities
28. 28
Finally⌠The public
⢠The trust of your customers and partners is
paramount
⢠They donât care about tech
⢠They care how you treat them
⢠Perfection
⢠Appropriate and honest
⢠Donât be the unlocked house!
*Thanks Maple Moon Web Design for image!
29. 29
⢠We are all in this Together
⢠Engage Engage Engage
⢠Understand how people work and their goals
⢠Be an agent of change... Drive organisational improvements
⢠Make people care, not just aware!
Culture Culture Culture
Leverage the wider teams in your business
Be a business enabler
Takeaways*
1
*Pun Intended ;)
51. Social normalization of deviance
âPeople within the organization become so much
accustomed to a deviant behavior that they don't
consider it as deviant, despite the fact that they far
exceed their own rules for elementary safety.â
Diane Vaughan
52. Breaches increased 71%
24%
suspect or have verified a
breach related to open source
components in the 2019 survey
14%
suspect or have verified a
breach related to open source
components in the 2014
survey
source: DevSecOps Community Survey 2014 and 2019
53. The speed of exploits has compressed 93%
Sources: Gartner, IBM, Sonatype
56. source: 2019 DevSecOps Community Survey
Quickly identify who is faster than their adversaries
57.
58. March 7
Apache Struts releases
updated version to
thwart vulnerability
CVE-2017-5638
Today
65% of the Fortune 100
download vulnerable
versions
3 Days in March
March 8
NSA reveals Pentagon
servers scanned by
nation-states for
vulnerable Struts
instances
Struts exploit published
to Exploit-DB.
March 10
Equifax
Canada Revenue Agency
Canada Statistics
GMO Payment Gateway
The Rest of the Story
March 13
Okinawa Power
Japan Post
March 9
Cisco observes "a high number
of exploitation events."
March â18
Indiaâs AADHAAR
April 13
India Post
December â17
Monero Crypto Mining
Equifax was not alone
@llkkaT
59. Complete software bill of materials (SBOM)
2019 No DevOps Practice 2019 Mature DevOps Practices
19%
50%
Source: 2019 DevSecOps Community Survey
61. 1.3 million vulnerabilities in OSS components
undocumented
No corresponding CVE advisory in the public NVD database
62. At what point in the development process does your
organization perform automated application analysis?
2019 No DevSecOps Practice 2019 Mature DevSecOps Practices
63. Automation continues to prove difficult to ignore
Source: 2019 DevSecOps Community Survey
2019 No DevOps Practice 2019 Mature DevOps Practices
64. Trusted software supply chains are x2 more secure
Source: 2018 State of the Software Supply Chain Report
65. I see no see no prospect in the long run for
avoiding liability for insecure code.ââ
Paul Rozenzweig
Senior Fellow, R Street Institute
2018
67. 1. An up to date inventory of open-source components
utilized in the software
2. A process for identifying known vulnerabilities within
open source components
3. 360 degree monitoring of open source components
throughout the SDLC
4. A policy and process to immediately remediate
vulnerabilities as they become known
January 2019
source: https://blog.pcisecuritystandards.org/just-published-new-pci-software-security-
standards
68. Solve your supply
chain problems
1 Solve your own
quality problems
â trust but verify
2 Create discipline
and continue to
do it(4)!
3(4)
69.
70. 2/21/2020 70
WICUS ROSS
SENIOR SECURITY RESEARCHER
@WICUSROSS
INTELLIGENT SECURITY
Why understanding your attack surface matters
74. 2/21/2020 75
Equifax has confirmed that attackers entered its system in
mid-May through a web-application vulnerability that
had a patch available in March. In other words, the
credit-reporting giant had more than two months to
take precautions that would have defended the personal
data of 143 million people from being exposed. It didn't.
https://www.wired.com/story/equifax-breach-no-excuse/
75. 2/21/2020 76
WEâRE DEALING
WITH MASSIVE
COMPLEXITY,
FLUIDITY &
ASSYMETRY
How do attain an advantage
over the threat in a chaotic
reality where the odds are so
heavily stacked against us?
78. 2/21/2020 79
Recon plays a major role while hacking on a program. Recon
doesnât always mean to find subdomains belonging to a
company, it also could relate to finding out how a company is
setting up its properties and what resources they are usingâ
80. 2/21/2020 81
WEâRE DEALING
WITH MASSIVE
COMPLEXITY,
FLUIDITY &
ASSYMETRY
How do attain an advantage
over the threat in a chaotic
reality where the odds are so
heavily stacked against us?
81. 2/21/2020 82
Intelligence led security is the collection, aggregation,
correlation and analysis of both internal and external data to
understand risks, identify threat actors, discover and minimize
attacks or losses already underway, and understand and predict the
methods and actions of likely adversaries.
83. 2/21/2020 84
TRADITIONAL âINTELLIGENCEâ
Given that a specific IP is given to be acting
suspiciously by a Threat Intelligence source,
what is the probability that the IP will be
observed acting suspiciously again later?
âLess than 10% of all the IPs we produced
as âintelligenceâ were involved in other
suspicious behavior. For actual Threat Lists
and for all practical purposes, the
performance was much worse than thatâ.
Threat Intelligence
Lab
Our T.I. petri dish
environment
Honeynet Lab
Our honeynet petri dish
environment
3.59%
14.73%
86. 2/21/2020 87
1. information concerning an
enemy or possible enemy or
an area
2. the ability to learn or
understand or to deal with
new or trying situations
87. 2/21/2020 88
Observe the Landscape
SD Labs
Detect attacks and
compromise
MTD
Understand where
youâre vulnerable
MVS
INTELLIGENCE LED SECURITY
Know your enemy
Know yourself
88. 2/21/2020 89
Observe the
Landscape
Understand
where youâre
vulnerable
Detect attacks
and
compromise
Collect Correlate
Triage Analyse
Strategize Execute
Measure
INTELLIGENCE & PROCESS
=
AGILITY & CONSISTENCY
=
MEASURABLE CHANGE
89. 2/21/2020 90
WHY MANAGED INTELLIGENCE?
1 FOUR PâS
Do we want to spend
our time and effort
doing the basics
when modern
security needs to
be agile?
People, Process,
Platform and
Project
Management are
tedious and
expensive if not
core business.
2 SKILL
Do we have the
resources, experience
and environment to
retain our own set
of capabilities?
Appropriate skills
are incredibly
difficult to
identify, hire,
equip and retain
in a competitive
market.
3 AGILITY
Do we have the
environment to
continuously extend
and adapt our
scanning capability?
VM is not plug-
and-play and
continuous
investment is
required to
respond to new
bugs.
90. 2/21/2020 94
IN SUMMARY
⢠We face overwhelming odds
⢠Intelligence Led Security can help tip the scales in our favour
⢠Intelligence is as much about understanding oneself as about understanding
the adversary
⢠All intelligence must start with understanding the Threat, and understanding
the Attack Surface
⢠Intelligence cannot be commoditized â it requires methodical collection of
data fed into a disciplined process
⢠Vulnerability data is one of the key elements of intelligence every business
needs
⢠Intelligence Led security requires a balance between consistency and agility
⢠For most organisations, this lends itself strongly to outsourcing⌠to the right
partner
⢠The ideal partner must deliver on the basics led by solid intelligence, in a
principled, skilled & transparent way.
93. Aligning the
Cybersecurity
Function with
Organisational
Strategy
1) How to build a forward looking security architecture capability
2) Embedding strategic threat intelligence in product
development
3) Choosing security standards and moving the bar
4) Managing security change in an impatient world
5) Agile? DevOps? No problemo!
98. What is
StrategicThreat
Intelligence
INFORMING DECISIONS information
+ analysis
+ inferences
a tool for
decision making
=
Our mission: to provide forewarning of
security threats toTSB to minimise harm to
our customers, staff, and business
102. Interlinked
Frameworks
TELLINGSTORIES
1) Control Framework
o Functional and Non-Functional Requirements
o Technical Controls
o Gap analysis
2) Program Framework
o Establish maturity
o Communicate roadmap objectives
o Compare quantitively against peers
3) Risk Framework
o Identify key risks
o Prioritise remediation
o Articulate security posture in real terms
111. SECURITY AWARENESS IN PRACTICE
Garry Scobie
Deputy Chief Information Security Officer
112. ⢠Identifying the challenges to overcome when
introducing a security awareness program
⢠An overview of real-life attacks on the
organisation, which help to shape our
thinking on awareness training
⢠Suggested solutions using the current
awareness program at The University of
Edinburgh as an example
Agenda
This Photo by Unknown Author is licensed under CC BY-ND
113. ⢠Security breaches are announced almost weekly
⢠Users may rightly ask why bother with security?
⢠Some believe it doesnât apply to them.
⢠âIâm going to be hacked anyway.â
⢠âIâve nothing important to lose.â
⢠âMandatory security training? But Iâm a âŚ.â
⢠âWe have clever people. They wonât be phished.â
Why bother?
This Photo by Unknown Author is licensed under CC BY-NC-ND
114. ⢠I see a lot of good practice.
⢠Others, howeverâŚ
⢠âDo I have to ask suppliers about their
security?â
⢠âAre there any loopholes in GDPR that I can
use to get around it?â
⢠âCan we just not bother?â
⢠This makes for a challenging environment.
A challenging environment
This Photo by Unknown Author is licensed under CC BY-SA-NC
115. ⢠The environment is complex
⢠Connecting everybody with everything
⢠Who reads terms and conditions, and
understands what it actually does?
⢠InfoSec remit covers a huge area of policy,
tech and guidance
⢠A common support call is âIâve found this
piece of software. Is it okay to use from an
InfoSec perspective?â
Challenge 1 - Complexity
This Photo by Unknown Author is licensed under CC BY-NC
116. ⢠The sheer volume of data,
messages, things for people to click
on and access.
⢠How is our message going to stand
out, let alone get through?
Challenge 2 - Overload
This Photo by Unknown Author is licensed under CC BY-NC-ND
117. ⢠Everyone is important in helping all of us to
be more secure. Fostering awareness cannot
lose sight of this.
⢠The message must appeal and be
understood by all. Be wary of jargon.
⢠Is the awareness training you provide
accessible and achievable by all your users?
⢠Different audiences â message may have to
be modified. Tech v non-tech
Challenge 3 - Diversity and Accessibility
This Photo by Unknown Author is licensed under CC BY-SA-NC
118. ⢠Security awareness must add value.
⢠Not just be a drain on resources.
⢠Competing against all other priorities.
⢠Security awareness is not a one-off.
⢠Whatever you do has to be ongoing.
⢠Itâs a continual process of revisiting, revising
and reinforcing.
Challenge 4 - Justifying budgets
This Photo by Unknown Author is licensed under CC BY
119. ⢠The image of Information Security needs to
change
⢠Pictures of hoodies with dark glasses in
basements is dated and turns people off
⢠InfoSec needs to be approachable
Challenge 5 â Image
This Photo by Unknown Author is licensed under CC BY
120. ⢠How do you know if your message is
getting across?
⢠Are you making a difference?
⢠How can you tell?
Challenge 6 - Measuring Effectiveness
This Photo by Unknown Author is licensed under CC BY-NC
121. ⢠Ensure security awareness is embedded
and becomes the norm for the
organization.
⢠Rapid turnover of staff and students is a
challenge
⢠Long serving staff
⢠Not just being aware, but understanding.
Challenge 7 â Cultural Change
This Photo by Unknown Author is licensed under CC BY
122. ⢠An internationally-acclaimed
seat of learning.
⢠Reputation for research and as a
pioneer of discoveries and
scientific breakthroughs.
⢠A major employer.
The University of Edinburgh
123. ⢠Data theft â PII of staff and students.
⢠Financial gain â handling of student fees;
large employer; contracts with third
parties; Research grants.
⢠Espionage â centres for research hold
valuable intellectual property â you
name it, itâs probably being researched.
⢠These are highlighted in our awareness
program.
The University is a target
This Photo by Unknown Author is licensed under CC BY
124. ⢠Lack of awareness
⢠Phishing
⢠Malware/Ransomware
⢠These are linked together
⢠Helps to shape our thinking on
awareness training
⢠Relate advice to incidents helps to
make it real
Top Cyber Threats
This Photo by Unknown Author is licensed under CC BY
125. ⢠There are deliveries everyday and emails
informing users of them
⢠Phishing is typically Ransomware or grab of
credentials
⢠Donât pay. Restore from backups
⢠No reading of email and browsing the web
while logged in with a privileged account
⢠Evidence suggests top targets for phishing
attempts are research/medical
Phishing
This Photo by Unknown Author is licensed under CC BY-NC
126. ⢠Academics concerned over phishing attacks which
they spotted, but how did they get that personal
data about them?
⢠Academic on-line profile is full of useful data.
⢠Biography, teaching and PhD Supervision,
research, projects, publications.
⢠Social engineering using social media.
⢠We canât hide away. Just be aware of what you put
out and be on guard whenever someone new
approaches you.
Spear and Whale Phishing
This Photo by Unknown Author is licensed under CC BY
127. ⢠A fake conference with website
⢠A real conference with fake website
⢠A real conference and an email spoof claiming
delegate hasnât paid
⢠Problem with the registration process
⢠Fill in an attachment
⢠Offer a discount on hotels, transport
⢠Announcing on social media
Conferences
This Photo by Unknown Author is licensed under CC BY
128. ⢠Disk full alerts, email account upgrade
or suspended, doing a routine
maintenance and you need to provide
your credentials
⢠IT Services would never do this
⢠Phone scams on increase
⢠Texts
⢠Watering hole sites/fake domains
⢠Fake pages linked to library systems
Other Phishing attacks
129. ⢠Spear Phishing - targeting key personnel for
urgent payments
⢠Mandate fraud â change of supplier bank details
using fake website to spoof bank details. Receive
payment to fake supplier bank account.
⢠Spoofed invoices
⢠All the above prevented due to internal controls
⢠Students giving money to âmoney advisers.â
Lottery scam. Accommodation scams.
Fraud
This Photo by Unknown Author is licensed under CC BY-SA
130. ⢠System compromises due to lack of or
delay in patching.
⢠Bitcoin miner code searches for other
computers on the network and attempts
to compromise.
⢠Failure to patch can impact on everyone.
Bitcoin Miners
This Photo by Unknown Author is licensed under CC BY
131. ⢠Legal requirement for public sector
⢠We have developed an understanding of
what we can say in respect of security
⢠You donât want to map out your tech
⢠We are often asked how many cyber
attacks have we had?
⢠We have also been asked how many
University properties are haunted?
Freedom of Information
This Photo by Unknown Author is licensed under CC BY
132. ⢠The University dates from 1583. Has a
sprawling mix of buildings. We are proud
of our estate and encourage openness.
⢠Physical thefts do occur.
⢠Clean desk policy.
⢠Wear lanyard, be prepared to challenge.
Physical Security
133. ⢠Seven focus groups across a range of schools and
business units.
⢠The themes of Empowerment, Awareness, Values,
Behaviours, Adherence, Accountability,
Responsibility, and Cultural Norms were discussed
⢠Helped to benchmark and reinforce the direction
we were taking.
⢠Staff want the information to enable them to do
the right thing.
Cyber Security Cultural Assessment
This Photo by Unknown Author is licensed under CC BY
134. ⢠Users are our best defence.
⢠A no blame culture that encourages people to speak
up, point out, challenge.
⢠Consensus on what is important and aligned to the
business with a common language.
⢠Stress the need for users to handle their own
personal data in the same way.
The way forward
This Photo by Unknown Author is licensed under CC BY-SA
135. ⢠Donât be afraid to try different things and fail
⢠Buy-in from the top
⢠GDPR Champions network - Use those who do
get it to help others get on-board
⢠InfoSec Champions network
⢠Make it fun - Donât turn your users off
⢠Enthusiasm canât be faked. Enjoy your subject.
The way forward
This Photo by Unknown Author is licensed under CC BY-NC-ND
136. ⢠Working with the Digital Skills Program
⢠Security Awareness Week
⢠Fraud Awareness Week
⢠New staff welcome sessions
⢠Creative Learning Festival
â Medieval Castles
â Victorian Fan Language
The University of Edinburgh
137. ⢠The Internet Survival Guide
⢠Fraud, Phishing and Social Engineering
⢠Why is InfoSec important to me and you?
⢠Practical encryption for staff and
students
⢠Mobile phone security
⢠Ransomware
⢠Introduction to the InfoSec team
⢠Choosing software from an InfoSec view
⢠How Hackers Attack
⢠Hacking, Cybercrime and the Movies
Awareness Sessions
138. ⢠Massive Open Online Courses
⢠Digital footprint initiative
⢠3 week online course which includes
developing an effective online
presence, managing your privacy,
creating opportunities for networking,
balancing and managing professional
and personal presences
(eprofessionalism).
MOOC
139. ⢠On-line training
⢠Embedding security in projects
â Question sets for procurement
⢠Top Tip Flyers
⢠Phishing Simulation
⢠Merchandise and Branding
⢠Podcasts
The University of Edinburgh
140. ⢠Increase in take up of training and support calls.
⢠Increased reports of phishing emails.
⢠Engagement at project initiation.
⢠Requests for vulnerability scans and pen tests.
⢠Invitations to visit schools and colleges.
⢠One school now starting their own internal
security awareness program.
⢠We are working with one College to develop
bespoke information security training for senior
managers to help them understand local risks.
KPIâs
This Photo by Unknown Author is licensed under CC BY-ND
144. - Former Anonymous
- Former Military Intelligence (SIGINT ELINT)
- Penetration Tester
- Threat Intelligence
- âCyber-Terroristâ -2016 International Business
Times
Mike Jones
155. WELCOME TO DIGITâS 6th ANNUAL
SCOT-SECURE
EDINBURGH - DYNAMIC EARTH - 19TH & 20TH FEBRUARY 2020
LEAD SPONSOR
CO-SPONSORS
@digitfyi #scotsecure
2020
Part of Orange Cyberdefense
DAY 2
156. GREG VAN DER GAASTHead of Information Security
@SalfordUni
@digitfyi #scotsecure
University of Salford
DAY 2 SESSION 1
158. Greg van der Gaast
-22 years in âCyberâ
-Milw0rm
-Investigator with FBI/DoD
-Architecture, CGI 250k endpoints, NATO KFOR & ISAF
-Creation of âclean sheetâ InfoSec programmes
-Head of Information Security @ UoS
-CMCG, Security advisory
-Legal portfolio work: M&A, assessments, contracts
-InfoSec leadership/proactivity evangelist, lecturer,
trainer, author, and general loudmouth
-PowerPoint flunkie
#whoami
162. -4,070,000 people âinformation
security skills gap.â
-Growing complexity, standards,
models, metrics.
-Spiralling security costs/budgets.
-Ever-increasing number of breaches.
But why?
InfoSec âPainsâ
163. Why is this happening? Why isnât InfoSec catching these?
-A disengaged technical culture. Lacking people/business alignment.
-Tunnel vision, refusal to step back. E.g. Zero Day vs Every Day.
-Industry indoctrination, standardisation, no fitted holistic approach. Weâve
standardised people and thinking out of the process.
-Spiraling complexity, models, metrics, etc.
-Lack of business visibility, accountability, and proactive leadership.
People & Culture
164. Do you/Does your InfoSec have:
-Awareness of, and thorough engagement with, IT and the business?
-Effective input into othersâ processes?
-Initiative in communication with senior management?
-Identify root causes beyond the technical and âuser errorâ?
-Clear, holistic, long term strategy/programme? (Not just tools!)
Finally⌠âThe English Testâ
*Free Advice - What to Check?
165. Client with data on 40M+ UK individuals. Address, financial, and more.
What did I find?
-SIEM hilarity.
-Almost every server (hundreds) and desktop had multiple (old!)
critical vulnerabilities.
-Inaccurate reporting about patching effectiveness.
-Vulnerabilities (from scans) often dismissed as false positives with no
investigation, removed from reports to client.
-45,000 undocumented firewall rules.
-Live data mixed in Test environment, DR DBs without controls, etc.
But⌠ISO 27001, PCI, CAS(T) certified.
A Real Example?
166. One day the MSP decided to âupgradeâ the clientâs web server.
It was vetoed.
After much discussion at the upper echelons, the OK was given provided the
updated website could pass a vulnerability scan.
The scan found no âmajorâ issues and the site updates went live.
Guess What Happened Next?
Donât Worry, Itâs Fine.
168. The vast majority of large breaches have something in common:
InfoSec failed to be proactive in securing the business.
Missing the Obvious
-British Airways
-Marriott
-Equifax
-Capital One
-Travelex
170. Have a cat meme instead.
The Funny Slide Formerly Titled
âTestimonialsâ (Not Allowed)
171. What have you got to lose? What could you gain? You might just be
the one stopping this from happening to your organisation.
Be a hero. Have a look.
Engage!
Chin Up.
172. Enjoy Scot-Secure, and please reach out!
Greg van der Gaast
linkedin.com/in/gregvandergaast
greg@cmcg.it
www.cmcg.it
Thank You!
191. Quorum Cyber
Get the Board On-board
⢠Enable them to measure the
performance of security investment
⢠By building them a board-focused cyber
security risk framework
⢠Using Threat Modelling to drive risk
understanding and appetite
192. Quorum Cyber
25 Threat actors
50 TTPs, 150 IOCs
7 SOC staff (560K OPEX)
9x5 Detect capability
External support for IR
7 Controls (750K CAPEX)
4 Controls (350K OPEX)
We can Detect 45 (30%)
IOCs
We can respond to 70%
of incidents
Residual risk:
- 70% IOCs
- 30% Incidents
Benefit of Investment
⢠910K OPEX
⢠750K CAPEX
193. Quorum Cyber
We need YOU! to take extreme ownership and arm
the The Board with the right tools to measure your
own performance
196. 2
What was once a finite and
defendable space is now a boundless
territory â a vast, sprawling footprint
of devices, apps, appliances, servers,
networks, clouds and users.
197. 3
Explore SonicWallâs exclusive
threat intelligence to help
you better understand how
cybercriminals think â and be fully
prepared for what theyâll do next.
198. 4
GLOBAL CYBER ARMS RACE
SonicWall recorded
9.9 billion malware attacks
in 2019, a 6% dip to the
record-breaking 10.52
billion recorded in 2018.
INSIDE CYBERCRIMINAL INC.
Cyberattacks were more targeted
and evasive with higher degrees of
success, particularly against the
healthcare industry, and state,
provincial and local governments.
199. 5
1.1 MILLION +
Global Sensors
215 +
Countries & Territories
24 x 7 x 365
Monitoring
< 24 HOURS
Threat Response
100,000 +
Malware Samples Collected Daily
27 MILLION +
Attacks Blocked Daily
SONICWALL CAPTURE LABS THREAT NETWORK
201. 7
Security Advances Criminal Advances
Web App Attacks
Double
Phishing Down
for Third Year
Cryptojacking
Crumbles
Fileless Malware Spikes
in Third Quarter
Encrypted Threats
Growing Consistently
IoT Attack
Volume Rising
Advancements in
Deep Memory Inspection
Momentum of
Perimeter-Less Security
Faster Identification of
âNever-before-Seenâ Malware
Ransomware Targets State,
Provincial & Local Governments
KEY FINDINGS FROM 2019
203. 9
New intelligence suggests that some
security vendors â and respective
innovative technology â are setting new
standards for protection against ânever-
before-seenâ malware variants.
FASTERIDENTIFICATIONOFâNEVER-BEFORE-SEENâMALWARE
Speed and accuracy are critical
attributes in identifying and
mitigating new or emerging threats.
SonicWall is identifying
ânever-before-seenâ
malware variants a full
1.9 days before samples
are submitted to
VirusTotal.
1.9
Days
Faster
204. 10
ADVANCEMENTS IN DEEP MEMORY INSPECTION
âNever-Before-Seenâ Malware Variants Found by RTDMITM
RTDMITM
discovered 153,909
ânever-before-seenâ
malware variants in
2019 â attacks
traditional sandboxes
likely missed.
205. 11
ADOPTION OF PERIMETER-LESS SECURITY
For decades, protecting networks was entirely focused on defining
perimeters and setting up defensive layers to keep threats out.
That approach doesnât scale anymore.
In response, the adoption of zero-trust security models began to gain
traction in 2019. Secure access service edge (SASE), a new network
security model coined by Gartner, received the most notoriety.
SASE â and solutions like it â help shape how organizations secure
their networks and data. SASE platforms combine software- and
service-based networks to unify different security solutions via
flexible pricing models.
Zero-Trust Network Access | Secure Access Service Edge | Secure Network as a Service | Firewall as a Service | Secure SD-WAN as a Service
âDesigning a new way forward â
a future without network
perimeters â was the only way to
properly manage and mitigate
tomorrowâs most innovative
cyberattacks.â
Sagi Gidali
Co-Founder, Perimeter 81
Solution Naming Conventions
206. 12
Mirroring how malware is being leveraged,
cybercriminals are being more targeted
with phishing, too. This means less volume,
but more sophistication.
PHISHING DOWN FOR THIRD STRAIGHT YEAR
SonicWall Capture Labs threat researchers
recorded a 42% decline in overall phishing volume,
the third straight year the attack vector declined.
42%
207. 13
Despite a late surge in
December, cryptojacking
malware finished with 64.1
million total hits in 2019,
a 78% drop since July.
CRYPTOJACKING CRUMBLES
2019 Cryptojacking Signature Hits
210. 16
SonicWall found that
incidents using highly
evasive fileless
malware increased in
the second and third
quarters of 2019.
FILELESS MALWARE SPIKES IN Q3
2019 Fileless Malware Attack Volume
211. 17
ENCRYPTED THREATS GROWING CONSISTENTLY
SonicWall
recorded 3.7
million malware
attacks sent
over TLS/SSL
traffic, a 27.3%
year-over-year
increase.
2019 Encrypted Malware
212. 18
SonicWall
discovered a
moderate
5% increase in IoT
malware, with total
volume reaching
34.3 million attacks.
IOT ATTACK VOLUME RISING
But with a deluge of new
IoT devices connecting
each day, increases in IoT
malware attacks should
not only be expected, but
planned for.
Global IoT Malware
213. 19
SonicWall Capture Labs
threat researchers recorded a
52% year-over-year increase
in web app attacks.
WEB APP ATTACKS DOUBLE
SonicWall recorded spikes across the final
seven months of the year to push total web
app attack volume past 40 million.
52%
214. Download the complete 2020 SonicWall
Cyber Threat Report for critical threat
intelligence to better understand how
cybercriminals think â and be fully
prepared for what theyâll do next.
SonicWall.com/ThreatReport
PREPARE FOR
WHATâS NEXT
215. FREHA ARSHAD
Senior Manager
Accenture
Val Mann
CSO Supplier Assurance
Lloyds
IAN CHISHOLM
Director, Information Security
@ChisInfosec
Charles River
DAY 2 SESSION 2
STREAM 1 MAIN HALL
@Freha_25
@digitfyi #scotsecure
217. Copyright Š 2020 Accenture. All rights reserved. 204
COMPROMISING
GEOPOLITICS:
NEW THREATS CAN
EMERGE FROM
DISINFORMATION AND
TECHNOLOGY
EVOLUTION
218. High-profile world events to become the setting for information
operations and other cyberthreat activity.
Copyright Š 2020 Accenture. All rights reserved. 205
WHATâS HAPPENING?
Disinformation:
Social media is a key a battleground for the hearts and minds
of worldwide audiences.
Cyber-enabled information operations:
Possible exploitation of the openness and speed of communications in
cyberspace, to try to take advantage of or influence global events.
Upcoming world events:
219. Evaluate which events might be used to target your organization.
Train your people to recognise them. Monitor for and block lures
and malicious campaigns inspired by world events.
Copyright Š 2020 Accenture. All rights reserved. 206
WHAT COULD YOU DO?
Disinformation:
Communicate operational information to staff proactively and fully to
help them differentiate fact from disinformation.
Cyber-enabled information operations:
Track known disinformation threat actor behaviors and campaigns and
counter adversary activity with proactive communications and security
campaigns.
Upcoming world events:
221. Direct network access can be bought on underground markets to help enable actors to
deploy commodity malware (e.g. POS malware) on target networks.
Copyright Š 2020 Accenture. All rights reserved. 208
WHATâS HAPPENING?
Big game hunting on the rise
Targeted and sophisticated intrusions for financial gain are increasing.
New level of resilience and maturity observed in organised cybercrime given increased LE actions.
Attribution can become harder
Actors increasingly sharing document builders, malware and TTPs in campaigns and intrusions.
Faster and lower costs of entry
Growth of underground economies, in non-English-speaking countries
such as Brazil are targeting their domestic populations.
Emerging of localised underground economies
222. See that proper controls are in place to help minimalise internet facing infrastructure. Hunt
for malware on the network proactively to try to cease operations of network access sold to
threat actors.
Copyright Š 2020 Accenture. All rights reserved. 209
WHAT COULD YOU DO?
Big game hunting on the rise
Check proper protections, network segmentation, and security posture is in place.
Test your security team to see if they are able to respond via regular adversary simulation (red teaming)
exercises.
Attribution becomes harder
Check IoCâs for related threat actors, attack types, malware, etc. are alerted on, blocked and or quarantined.
Collaborate with the industry to increase access to operational intelligence.
Faster and lower costs of entry
Track localised threat campaign content to learn the TTPs of emerging
local threat actors.
Emerging of localised underground economies
223. Copyright Š 2020 Accenture. All rights reserved. 210
HYBRID MOTIVES POSE
NEW DANGERS IN
RANSOMWARE
DEFENSE AND
RESPONSE
224. Some threat actors use ransomware for destructive purposes, in addition to or instead of
financial ones. For example, state sponsored actors may use it for strategic purposes;
ideological actors may use it to deliver a message.
Copyright Š 2020 Accenture. All rights reserved. 211
WHATâS HAPPENING?
Direct delivery via open RDP
Threat actors can plant ransomware directly on networks via endpoints and servers obtained through
vulnerability exploitation and RDP (Remote Desktop Protocol) brute forcing.
Significant financial disruption via ransomware
Ransomware attacks can significantly affect organisations financially by disrupting business operations, and the fact
that the cost to repair or restore systems remains high.
Ransomware for destructive purposes
225. Copyright Š 2020 Accenture. All rights reserved. 212
WHAT COULD YOU DO?
Ransomware mitigation
Check good ransomware defense hygiene. Maintain regular backups of critical data hosted on segregated
network (or offline), see that anti-virus and endpoint solutions are up to date. DO NOT contact attacker or
pay ransom.
⢠Review and restrict user access privileges.
⢠Check remote access services (e.g. RDP) are not open to the Internet.
⢠Regular and timely vulnerability patching against exploits.
⢠Regular phishing exercises and user awareness training.
⢠Deploy email filtering IDS and check attachments are scanned by AV.
⢠Restrict filetypes that can be executed (e.g. JavaScript should be disabled)
⢠Network segmentation to limit scale of malware propagation.
226. Copyright Š 2020 Accenture. All rights reserved. 213
IMPROVED SECURITY
HYGIENE IS PUSHING
THREATS TO THE SUPPLY
CHAIN, POSSIBLY
TURNING FRIENDS INTO
FRENEMIES
227. Both politically- and financially-motivated actors are mainly targeting global supply chain
entry vectors, on account of inherent vulnerability.
Copyright Š 2020 Accenture. All rights reserved. 214
WHATâS HAPPENING?
Organizations are improving hygiene and defense capabilities
Cyberdefense awareness is growing. Organisations have started adopting stronger capabilities, hiring cybersecurity
staff, and integrating standard best-practice network hygiene approaches.
The global economy is increasingly interconnected
Growth of international supplier networks with more efficient information sharing. In recent threats is observed
that entry was gained via internationally-integrated business infrastructure and processes like cloud hosts and
accounting software providers.
This moves adversaries, including politically-motivated ones, to supply
chains
Trusted suppliers can become frenemies
Business partners and suppliers may be âfrenemiesâ--both trusted and
untrusted--as they become potential cyberthreat targets and vectors of entry
into their customers' networks.
228. Copyright Š 2020 Accenture. All rights reserved. 215
WHAT COULD YOU DO?
Evaluate new partners
Carefully evaluate new vendors, partners, suppliers, acquisitions, etc. by examining factors like cyberdefense
posture and their exposure in places like underground credential dump marketplaces.
Understand your partners' cybersecurity practices
Become familiar with your partners' and suppliers' security practices, especially ones that have integrated access to
your own networked systems. Consider factors such as how long they take to patch emerging vulnerabilities and
what new products and innovations could be developing that are likely to be targeted by cyberthreat actors.
Quickly sever access to former business partners when the business relationship ends.
Integrate cyberthreat intelligence--including both externally-sourced intelligence
and internal data and analysis--across your business cycle, including situational
awareness of supply chain threats and risks.
Integrate cyberthreat intelligence to help protect your
exposure to supply chain risks
229. Copyright Š 2020 Accenture. All rights reserved. 216
LIFE AFTER MELTDOWN:
VULNERABILITIES IN
COMPUTER CLOUD
INFRASTRUCTURE
DEMAND COSTLY
SOLUTIONS
230. Copyright Š 2020 Accenture. All rights reserved. 217
WHATâS HAPPENING?
Side-channel CPU vulnerabilities:
⢠New class of CPU vulnerabilities that affect both serves and workstations
⢠Multi-tenant cloud providers potential targets for exploitation
⢠Vulnerabilities in the underlying shared hardware could violate security isolation guarantees
⢠Adversaries can use side-channel CPU vulnerabilities to read sensitive data from other hosts on the same
physical server
⢠Number of Side-Channel CPU vulnerabilities has been on the rise
231. Copyright Š 2020 Accenture. All rights reserved. 218
WHAT COULD YOU DO?
Mitigate now:
⢠Mitigations available for most platforms, cloud deployments, and software
⢠New Compiler flags : software should be rebuilt
⢠Mitigations can come at a cost of reduced performance
⢠Leads to increase of compute costs for most enterprises
⢠New hardware addresses most known vulnerabilities
Understand and keep track of the threats:
⢠Understanding the threats posed by CPU vulnerabilities is important to have a risk
mitigation strategy
⢠Risk mitigation strategy can be vastly different for each organization
⢠Risk acceptance: On-premises cloud an option
232. Copyright Š 2020 Accenture. All rights reserved. 219
DECISION SUPPORT
Answers to the right questions can help protect your business
Strategic
(IT Management/CISO)
DESIRED OUTCOMESGOVERNANCE LEVEL QUESTION
Operational
(Incident-response team)
Tactical
(IT Operations/SOC)
Manage Risk through Context
Broad and Deep
Understanding of Threats
Timely, Relevant, and
Effective Decisions
WHO?
WHY?
WHEN?
WHERE?
HOW?
WHAT?
WHY?
233. Copyright Š 2020 Accenture. All rights reserved. 220
RISK MANAGEMENT WITH THREAT INTEL
Balanced and resilient risk management with the help of cyber-threat intelligence:
Managing Cyber Risk
Active risk awareness and risk management drive continual adjustment to the threat landscape and adapt
security processes.
Regulatory
Change
Changes in
Threat Landscape
Changes in
Business Ops
(e.g., M&A)
New and Emerging
Tech and Tools
Corporate Policy
and Objectives
Develop
Intelligence Requirements
Collect Against Intelligence
Requirements
Act on
Intelligence Requirements
236. What do we
have here?
18000 staff
50000 IT-connected assets
Doubled in size in 4 years
Frequent acquisition and integration
110 sites worldwide â Los Angeles to Tokyo
Growing in China
237. Threat
Landscape
â˘Pre-clinical drug testing and research
â˘Including animal testing
â˘Data Integrity is main part of âCIAâ
My environment:
â˘Nation states (accelerate research, Panda)
â˘Animal rights activists
â˘Huntingdon âSHACâ
â˘PETA
â˘Anti-USA (Kitten, Chollima, Bear APTâs)
â˘Opportunistic (ransomware, CEO fraud)
Specific threat actors
238. Common
Challenges
What
assets/networks/remote
access points do you
have in your environment?
Active
vulnerability
scanning of *ALL*
possible ranges
(10.0.0.0/8)
Every acquisition is
different â many have little
or no InfoSec
Rip and replace
Inherited, and legacy environments
Siemens delivered BRAND NEW Server
2000 driven device
239. Preparing for
a major
incident
Write your incident response plan. Socialise
and exercise it with your team
Share your plan with stakeholders
Donât forget Marketing, Board, Legal, HR, DP
Do you need/want to retain external legal
advisors?
240. Mid-incident
Do you have your essential
roles filled?
Have your IR leads been
trained?
Remember your scribe, and
handovers
Keep the circle small
244. Skills Gap?
What Skills gap?
â˘Global IT security
skills shortages
have now
surpassed four
million,
according
to (ISC)2.
â4 million
unfilled
positionsâ
245.
246. Stress and
burnout
Average tenure of a CISO is
Just 26 Months
ďľ 88%: "moderately or tremendously stressed"
ďľ 48%: detrimental impact on their mental
health
ďľ 40%: affected their relationships with their
partners or children
ďľ 32%: repercussions on their marriage or
romantic relationships
ďľ 32%: affected their personal friendships
ďľ 23%: turned to medication or alcohol
https://www.zdnet.com/article/average-tenure-of-a-ciso-is-just-26-months-due-to-
high-stress-and-burnout/
249. Classification: Limited
Helping Britain prosper is our purpose and includes the
way in which we interact with our suppliers.
Our portfolio of brands gives us a presence in nearly
every community in Britain and this reach is
complemented by our network of suppliers.
Our suppliers are an essential part of Lloyds Banking
Group and play a vital role in supporting the Groupâs
purpose and vision of Helping Britain prosper, to remain
the best bank for customers and deliver sustainable
growth.
Supplier Assurance is about protecting the networks,
systems and data of Lloyds Banking Group and our
suppliers from ever evolving malicious threats and
attacks. These attacks could be made on our supply chain
potentially giving the intruder a way into LBG.
Add a Footer 236
Started in Intelligent Finance just as it launched in 2001 working as
the IT Resource Manager
⢠Supported Government by writing the National occupational
Standards for IT and Project Management
⢠Encouraged young women to consider IT as a career by IF
sponsoring âComputer Clubs 4 Girlsâ
Moved into Change Management and led the operations and risk
function for the newly created Lloyds Banking Group Change
function.
2015 saw me move into Supplier Assurance, starting with a small
team which has rapidly expanded.
250. Classification: Limited
SUMMARY
Cyber security is increasingly a priority issue for
organisations. 78% of businesses (vs. 74% in 2018) and 75%
of charities (vs. 53% in 2018) now rate it as a high priority.
This year, 32% of businesses and 22% of charities have
identiďŹed breaches or attacks. Among these organisations,
the most common attacks are:
⢠phishing emails (80% of businesses and 81% of
charities experiencing breaches or attacks)
⢠others impersonating their organisation online (28%
and 20%)
⢠viruses or other malware, including ransomware
(27% and 18%).
Businesses and charities are taking action on cyber security
as a result of the General Data Protection Regulation (GDPR)
introduced in May 2018. However, many could still take a
more holistic approach around staff engagement and
training.
Many could also review their risk management approaches.
Only 58% of businesses and 53% of charities have taken
action towards 5 or more of the Governmentâs 10 Steps to
Cyber Security.
Add a Footer 237
32% 22%
Of businesses/charities
identified cyber
security breaches or
attacks in the last 12
months
Is the average annual cost for
businesses/charities that lost
data or assets after breaches
ÂŁ4,180/ÂŁ9,470
Key: UK BUSINESSES
UK CHARITIES
EXPERIENCE OF BREACHES OR ATTACKS
Among the 32%/22% identifying breaches or attacks:
32%
29%
Needed new
measures to
prevent future attacks
27%
32%
Took up staff
time dealing with
breaches or attacks
19%
21%
Had staff stopped
from carrying out
daily work
48%
39%
Identified at least
one breach or
attack a month
Data taken from the Department for Digital, Culture, Media and Sport 1 Cyber Security Breaches Survey 2019:Statistical Release
251. Classification: Limited
Dealing with Breaches
or Attacks
Add a Footer 238
57
33
5
62
27
6
UK CHARITIES
% immediately
% within 24 hours
% within a week
% longer than a week (2% for
businesses and5% for charities)
% donât know (3% for
businesses and 1% for charities)
UK BUSINESSESTIME TAKEN TO IDENTIFY THE MOST
DISRUPTIVE BREACH OR ATTACK OF THE
LAST 12 MONTHS
Q. How long was it, if any time at all,
between this breach or attack occurring
and it being identified as a breach?
62 57
27 33
6 5
Bases: 616 businesses that recalled their most disruptive breach or attack in the last 12 months; 185 charities
252. Classification: Limited
What are Lloyds
Banking Group doing to
improve the security
posture of the supplier
community?
Add a Footer 239
Lloyds Banking group Chief Security Office (CSO) 3rd
Party strategy for 2020 is to âenhance the supplier
assurance end-to-end journey, to improve the
context, understanding and risk management of the
supplierâ.
7% 2%
2018
2019
Key:
49
10
HPFs Raised
126
26
OFs Raised
2.7
1.25
Avg HPF per review Avg OF per review
7
2.25
% of 2018 / 2019
findings raised
associated with
Law Firms
We continue to see a decrease in findings when we compare
2018 / 2019
1877 / 2118
Is the total findings
raised for all suppliers
throughout 2018 / 2019
Criticality Assessment Tool:
Segments the supplier based on four key domains:
⢠Cyber
⢠Resilience
⢠Data Privacy
⢠Conduct
Tailored Test plan:
Based on the segmentation, intelligence findings and
previous reviews.
Assurance Reviews:
One to four days onsite
Cyber SMEs conduct the review
Remediation:
Security SME to Supplier interaction to ensure all
findings are suitably evidenced and closed out
timeously.
Our bespoke E&A programme is already paying dividends. When we look at specific supplier
groups, we have seen a decrease in the number of findings being raised year on year.
The graph below demonstrates the improved position with Law Firms in respect of issues raised
against DLP from 2018/2019.
253. Classification: Limited
SECURITY APPRAISAL SCORECARD
Add a Footer 240
STRIDE
Spoofing Identity
Impersonating something or someone else
Tampering
Modifying data or code
Repudiation
Claiming to have not performed an action
Information Disclosure
Exposing information to someone not authorised
to see it
Denial of Service
Deny access to or degrade service to users
Elevation of Privilege
Gain capabilities without proper authorisation
254. Classification: Limited
EDUCATION & AWARENESS
Add a Footer 241
It is my Teamâs
responsibility to provide
specialist security
knowledge to aid in
reducing supply chain risk,
and we have created a
bespoke engagement site
to provide our suppliers
and supplier managers with
the best Education &
Awareness modules we
can.
Throughout the year we
run face to face sessions
with suppliers, refresh
previous learning modules
to keep them current and
run internal online sessions
for our supplier managers.
255. Classification: Limited
HELPING BRITAIN PROSPER
The management of our supply chains remains to be one of the
highest risks for the Group. Suppliers play an important role in
the IT operations of every organization, and Lloyds Banking Group
is no exception. Whether it's the purchasing of hardware or
software, the commissioning of Cloud services, or perhaps
working with law firms or external consultants, our suppliers are
fundamental to
Our third-party assessments helps to improve supplier's security
posture and improve the financial services supply chain whilst
Helping Britain Prosper.
Add a Footer 242
257. PAUL PATRAS
Associate Professor, The School of Informatics
The University of Edinburgh
MALCOLM GRAHAM
Deputy Chief Constable
Police Scotland
HANNAH RUDMAN
Strategic Transformation Director
@hannahrudman
Wallet.Services
@paulpatras
@wallet.services
@DCCMGraham
DAY 2 SESSION 3
STREAM 6 MAIN HALL
@digitfyi #scotsecure
263. We need to share data to complete
shared goals
Building systems for sharing data is
expensive
BUSINESSES
NEED DATA
264. WHY HAVE
WE NOT SOLVED
THIS?
⢠We are starting at the wrong place
⢠We keep building walls
⢠Walls work until the threat changes
⢠We keep changing what we do
265. OUR LAST LINE
OF DEFENSE SHOULD
BE OUR FIRST
⢠You cant lose what you donât have
⢠We should adopt the strategy of âwhenâ not âifâ
⢠Data should be stored in a method that if it gets
breached it is beyond use
⢠Everything should be protected unless it is
classified as non sensitive
266. Dr Hannah Rudman
There are significant IT,
trust, transparency and
security dangers
The Internet and organisational IT is not
designed for sharing sensitive data
267. Dr Hannah Rudman
DLT means you can securely share data with
confidence
Even if itâs stolen or
intercepted, data cannot
be viewed or altered
269. Permissioned DLT via wallet services makes the network
cybersecure
Wallet services facilitate highly granular access permissions across multiple organisations
Name
Big Org Ltd.
Registration #
15474821
Registered Address
3 Lady Lawson Street
Name
Small Org Ltd.
Registration #
453657684
Registered Address
156 Bread Street
270. Wallet services
SICCARâs wallet services give granular
access permissions verifying
organisations onto the network and
validating the delegates via
authorised ID data
Active Directory
Delegates of orgs bring own ID
(e.g. email username, password,
biometric ID validated by org
AD)
271. Cybersecurity Value
⢠Authentication and authorisation to access SICCAR is using the
latest industry standards
⢠All data that is added to a SICCAR process is encrypted by default
⢠Permissioning to this data is agreed by all the parties, and written
to the ledger as part of publishing a process
⢠Data can only be decrypted if a user is a member of a wallet that
data was sent to
⢠Access to the wallets is controlled by the owning organization by
adding and removing employees from the wallets which can be
managed using the organizations pre-existing user directory. (AD).
272. Anonymously reporting
cybersecurity breaches in oil
and gas sector
⢠More cyber attacks on Industrial Control
Systems
⢠Joint ventures = complex ecosystems of
computing, networking and physical
systems
⢠Little intersection of IT and OT
⢠Low sector cyber maturity
⢠Reputation and brand matters
273. ASSURING ANONYMITY & SENDING CYBER-ATTACK DATA
VALIDATING & ADVISING
WORKFLOW
PROCESS
Operator Tier 1 Operator Tier 1
274. CLAIM: I AM A
VERIFIED DELEGATE
[DEVICE ID + SECURITY
CERTIFICATE] + ORG
[AUTH ID]
Org 1
ATTESTATION:
IS VALID ORG
Org 2
ASSURING CLAIMS & ATTESTATIONS FOR GUARANTEEING
ANONYMITY
CLAIM: I AM A
VERIFIED DELEGATE
[DEVICE ID + SECURITY
CERTIFICATE] + ORG
[AUTH ID]
ATTESTATION:
IS VALID ORG
DELEGATED
DISCLOSURES
275. THANK YOU
FOR JOINING
DIGIT!
LEAD SPONSOR
CO-SPONSORS
@digitfyi #scotsecure
See you at the next eventâŚ
www.digit.fyi/digit-scotland-events
Part of Orange Cyberdefense