Unlock Digital Signature Licitness for Employee Incident Report in European Union

How to eSign a document: digital signature licitness for Employee Incident Report in European Union

good afternoon ladies and gentlemen and welcome to this i.t governance webinar on the new cyber incident reporting obligations that you need to be aware of in the european union and in the united states i.t governance as you probably already know has been in the business of cyber security information security governance risk management and compliance for some 20 years we're now about 200 people across the uk the eu and the us with some 12 000 clients and an awful lot of experience delivering a wide range of uh solutions to our clients i'm alan calder i'm your host for today i set the business up some 20 odd years ago writing a book on ic governance which was really about uh cyber security and what's now iso 27001 written a number of other books around cyber security and compliance and been involved in a number of aspects of how the industry has developed today's webinar is about a 45 minutes in total so we're going to talk about the key cyber security challenges as a result of the rapid escalation in cyber warfare we're going to look at the u.s cyber incident reporting requirements the eu corporate accountability rules and how those are changing the eu us agreements on data transfer mechanisms and what's emerging around that and some practical steps to avoid non-compliance implementing a cyber defense in-depth strategy so about 45 minutes of me talking through those topics uh you will have noticed that you're all on mute as you join the webinar you can at any time ask a question through the q a functionality which with a bit of luck is showing on the top right hand side of your screen please do if you have a question type it into that we'll pick those questions up we've got 15 minutes at the end of the webinar to deal with uh q a um and i'll pick up any questions that you've posed for me um i'll share them with the audience and then assuming that it's within my skill set i will answer it for you so that's how to make sure that we we hear you uh the slides and the recording will be made available to everybody uh overnight so um that tends to be the first question people ask yes you can get a recording you can follow through on your at your own time of today's briefing so key legal changes as a result of cyber warfare and it's kind of interesting because for a long time what you got where cyber security was concerned and the law was mostly laws telling you what you couldn't do things like the computer misuse act the regulation of investors powers act all that was about curbing legally what people might do on or through computers a lot has changed particularly over the last five years and we've seen a number of countries incorporate cyber warfare into their military doctrine so you hear increasingly countries nation states talking about waging war in five domains that's the traditional air land and sea of the kind of traditional kinetic warfare plus of course space and more recently cyberspace space is the place in which there are multiple satellites um the icbms touch on or can touch on the edge of space there's a whole bunch of stuff going on around the edge of our atmosphere and in terms of the internet the space much closer to home uh there's an awful lot of crime going on there but an awful lot of uh cyber warfare as well and that's not surprising given the extent to which governments and militaries rely on communications and the data which is made available through the internet so just to take half a dozen examples the us has a unified cyber command the uk has the national cyber security center which um is sat right next to gchq in cheltenham russia has the federal security services center for information security um here in the west we think of russia and iran as the bad guys they no doubt sit there and think of us as the bad guys so all we got to do right now is accept the reality that all countries china has the cyberspace administration of china japan has a national center for incident readiness north korea has a cyber security cyber offensive criminal uh team who keep the economy afloat israel has a very significant cyber capability so in each of these major nation states you get centers set up fully staffed big government budgets whose job is to defend the country's network from attack and to consider launching counter-attacks against enemies and counter-attacks are not that straightforward hacking back is more complex in cyberspace than one would like to think it is but the starting point is of course how do you protect your networks and your data from uh attack by whoever you are either at real war with or involved in some kind of proxy war in terms of impact of course when as with the russian invasion of ukraine there is an awful lot of cyber attacks focused on ukrainian infrastructure when um the when finland and sweden started talking about joining nato there was an increase in cyber attacks on those countries and the reality is that cyber warfare is a relatively low-cost way of wreaking fairly major impacts onto countries that you think of as being enemies not directly lethal the lethal impacts come as a result of ways in which cyber infrastructure is disrupted and what that can do to people but cyber warfare is not as directly lethal as for instance a cruise missile so uh the kind of actions which nation states uh take america is a very good example of a country which has been moving at pace to improve its cyber security defensive capability um in the the the security exchange commission the sec has proposed and is consulting on a very robust cyber incident reporting procedure for uh listed companies that's companies listed on all u.s stock exchanges which would require them to report cyber incidents report paying ransoms uh but more importantly would place on organizations an obligation to have at board level a thorough understanding of cyber risk and to be able to demonstrate that the board has taken appropriate steps to protect itself from cyber risk in march us congress passed what is neatly called the cyber incident reporting for critical infrastructure act that requires critical infrastructure critical national infrastructure and political national infrastructure is hospitals logistics uh government of course uh manufacturing companies uh all that infrastructure on which the survival of an economy fundamentally depends to report significant cyber incidents and ransomware payments within a very short space of time in may the government announced the creation of a new us task force to help streamline federal efforts on combating ransomware attacks ransomware in case you're aware of it has become the most prolific form of attack delivered primarily through phishing emails and president biden signed into law what's now called the better cyber crime metrics act and the national cyber security preparedness act in may that brings with it specific requirements around reporting and gathering information about cyber crime to enable better preparation of nation state or american defenses against cyber attacks uh the uk government has confirmed that it's bringing forward a data reform bill to reform data protection law in the uk we're not at this point clear about which elements of the government's consultation on the future of uk gdpr will appear in the bill but nevertheless there will be a set of legal requirements in there around changing legal requirements around how uk organizations have to act to protect personal data already sat inside uk gdpr are the requirements that organizations apply appropriate technical and organizational controls technical organizational measures uh to protect personal data the requirement is to apply uh measures that reflect the state of the art and which are proportionate to the value of the personal data being protected and in an environment where the technical capability of attackers is continuing to improve all of the time it means that the technical capability of defenders has to keep on improving as well otherwise you're struggling to demonstrate that you're deploying defenses which reflect the state of the art in the uk the attorney general has said that cyberspace is not a lawless gray zone international law governs and plays a fundamental role in regulating cyberspace yes that's true it's uh it's kind of not as easy for cyber cops to deal with cyber crime as it is for uh analog cops to deal with with with crime in the uh in the real world but nevertheless law is increasingly being put in place to uh provide a basis on which uh cyber crime and nation-state cyber warfare can't be dealt with legally the ceo of building cyber security said russia has got some of the best engineers in the world working on the perfect attack that can cloak itself make it look like something else and move laterally inside the network once it's in there delete assets delete network capability and it's that kind of capability that one has to be particularly aware of attacks which move inside networks without you being aware of them the u.s cybersecurity infrastructure and security agency cesar has urged critical national infrastructure organizations to prepare for potential russian cyber attacks if working with ukrainian organizations take extra care to monitor inspect and isolate traffic from those organizations closely reviewing access controls for that traffic similarly the uk's national cyber security center updated its guidance saying that uh uk organizations should bolster their cyber security resilience in response to malicious cyber incidents in and around ukraine in other words given the extent to which russia has invaded ukrainian land space has taken over a number of government officers in the south and east of ukraine it's not necessarily very easy to tell which attacks coming out of ukraine or which activity coming out of ukraine is genuinely one of your providers as distinct from one which has been taken over or infiltrated or successfully attacked by russian nation-state attackers so um very clear message that in this environment the russian invasion of ukraine organizations need to be paying particular attention to risks that are associated with uh the war in ukraine in the uk the defense secretary has put another 22 million pounds worth of funding into an army cyber operations center recognizing that it's increasingly important for the army itself to know how to deal with cyber attacks saying that we know all about the dangers whether the attacks come from russia china or north korea activists criminals or extremists whether it's malware or news cyber attacks can bring down the national infrastructure cyber enemies think they can act with impunity we must show them uh she said that they can't that we're ready to respond at a time and place my choosing in any one of the domains not just the virtual world we need coherent cyber offense as well as defense so the 22 million pounds worth of investment is to create operational centers which can be part of cyber offence so we see clearly a rapid move not just to banning things but to applying law in cyberspace to requiring organizations to report cyber incidents reports ransomware payments and now increasing the investment in the development of offensive capability in cyberspace so let's look in a bit more detail at what's happening inside the us quite often what happens in the u.s is a precursor to what we see happen in the uk and elsewhere and there is certainly an echo of what's happening in the u.s taking place in the eu and the national infrastructure the um uh the network information security directive so the u.s cyber incident reporting critical infrastructure act of 2022 signed into law in march it's a federal law aimed at improving the ability of national infrastructure to prevent and respond to cyber attacks it requires operators of critical infrastructure and all federal agencies to report cyber attacks to sisa within 72 hours and ransomware payments within 24 hours so you can imagine therefore that organizations that might before march have tried to sweep these things under the carpet now know that within 72 hours of identifying that they've been attacked they need to uh be dealing with the attack and reporting it and they need to within 24 hours that has to mean an increase in uh investment by national infrastructure organizations into their processes and infrastructure to enable them to do that kind of stuff just so they can comply with the law it applies to covered cyber incidents that doesn't mean minor ones it means major uh incidents and to all ransomware payments uh there will come a time when paying ransoms uh because of ransomware will become illegal but in a number of countries it's still a legal thing to do and for insurers it's the fastest way to get organizations back up and running assuming that the ransomware attacker is one that will give you the keys after an attack and that's not always going to be the case the notification requirements are broadly in line with what the eu and uk general data protection regulations require they require the reporting of cyber security incidents to the uh national security agency within 72 hours of the incident being identified there is no requirement to report ransomwares in the ransomware payments in the eu or the uk yet but certainly it's in the u.s a very clear demonstration of the understanding that there needs to be better policy in plan to prevent attacks on critical infrastructure you can't prevent attacks unless you know they're happening you can't prevent tax unless you know how successfully ransomware is being dealt with if you gather the information together you've got the chance of crafting a response capability which can better defend critical infrastructure so in the u.s there are now a number of sector-specific agencies which deal with critical infrastructure for those of you in the u.s looking at how you comply these are the agencies which deal with the infrastructure deal with the sector specifically so at dhs and through dhs csa deals with the chemical sector commercial facilities comms critical manufacturing dams emergency services um information technology nuclear reactors and you can see how that's dealt with so that kind of gives you a sense both what the critical sectors are in each of the in the in the united states and which agency exists to deal with those in terms of uh responding to cyber attacks so um one of those looked like colonial pipeline may 21 it operates the largest oil pipeline in the u.s was hit by a ransomware attack which caused a major disruption to services the colonial pipelines on the east coast but bringing oil from elsewhere in the u.s um disrupted services for a considerable period of time big surge in petrol prices uh approximately four million dollars uh the clinton pipeline had to pay in bitcoin to get the ransom uh to pay the ransom and to get the decryption keys back from the attackers and remember not all attackers will a give you the decryption keys or b not also have stolen the data which they will then ask you to give them a similar sum for in order not to release your data onto the internet uh in may uh in the eu ireland's health service was crippled by a ransomware attack which ran for a number of weeks it forced the health service to shut down all operations and that was the county ransomware gang who in the last week or so have been fingered as bringing a major ransomware attack against the costa rican government and that kind of gives you a sense of the extent to which cyber warfare is not just waged by nation state on nation state it can be waged by a criminal serious organized crime gang often operating uh within the protection or uh um allowed to operate by a nation-state might attack another nation-state anonymous has set itself out to tackle russian cyber gangs so you see people setting themselves up as good guys and bad guys on both sides of the current uh war taking place in ukraine but all of that has damaging impacts on critical national infrastructure on hospitals there was a death in germany as a result of somebody unable to have an operation a year or so ago a ransomware attack on hospital as i said while the number of lethal attacks are low that's really just a matter of time in september 2021 the dark side ransomware gang took out the online networks of an agricultural cooperative in iowa they locked the cooperative's data sense of information and systems and in return for a 5.9 million dollar ransom they said they would provide the decryption key the uh cooperative decided that its best option new cooperative its best option was take assistance offline while trying to deal with the issue uh and that of course had an impact on hundreds of farmers around the midwest in terms of them being able to deal with just making their farms operate shifting produce and so on in january last year a criminal hacker attempted to poison a water treatment plant in san francisco in the san francisco bay area and that was identified because an operator logged on to their device and saw the cursor moving around apparently under its own steam the hacker had managed to get into the company's team viewer platform um and was hard at work deleting programs that treated and cleaned water at the plant the incident was discovered the poisoning was it was possible for it to be reversed uh but you know if that had managed to go ahead if it hadn't been discovered there would have been a potentially major uh uh impact across the whole uh bay area so kind of a flavor of why organizations need to be taking steps to protect themselves from cyber attack in today's environment so how do you report a cyber incident and it's worth talking about it from a cr cir cia perspective in the u.s because um it's a legal set of requirements it applies in the u.s it's likely therefore to be a logical way of dealing with stuff and the starting point is what has happened so the first thing is to describe the cyber incident what has been taken down and then and this might take time to do to identify which vulnerabilities were exploited the tactics techniques and procedures that the attackers used to exploit vulnerabilities and typically dealing with an incident like this takes a considerable period of time because an organization has to first of all contain the incident has to protect its systems from proliferation has to get on top of operations work out how to restore operations but you need to go through the rest of the process what vulnerabilities were exploited that helps us identify who the malicious actors was it a nation state was the ransomware gang that can help understand what the best response is if it's a ransomware operator then one can focus on how genuine they are as a ransomware operator is somebody who is known to deliver the decryption keys in turn for payments for ransom is there possibility of negotiating uh the price how do we deal with that if it's not what are other options all of that you can't really work out until you've got thorough information about what happened you need to know what vulnerabilities were exploited because that tells you what else could go wrong if we shut down our systems while we deal with the attacker have we protected ourselves or are there other areas in which those same vulnerabilities exist has the malware uploaded into into our backups you need to understand the full structure of the incident before you can genuinely deal with it so the circa reporting requirements reflect those those needs so in the eu what is happening what do they mean for directors and senior managers well um not surprisingly again driven by uh the proliferation of cyber attacks the extent to which ransomware and phishing attacks have become so widespread and of course the attacks on governments and critical national infrastructure as a result of the invasion of ukraine as a result of what's happening in the baltics uh and nordics eu countries and lawmakers have agreed that cyber security rules uh need to be made tougher the end of 2020 the network and information security directive which originally came out at much the same time as the eu gdpr back in 2018 proposals were made to the european commission to strengthen it it's been working its way through the um european systems since then uh the first directive was originally uh established in 2016 as i said came into force in 2018 but what nus 2 does is expand the scope of the network information security regulations uh it requires all organizations in any case to assess cyber security risk to notify local supervisory authorities and take appropriate technical and organizational measures to prevent risks and those technical organizational measures include cyber security measures governance frameworks business continuity frameworks cyber incident reporting frameworks all of those are expected to be part of how the organization goes about dealing with uh cyber security in the eu and in the uk because nus one became part of the uk's legal infrastructure on uh on the completion of brexit um in both cases the fine for non-compliance can be up to two percent of global turnover in the eu so and this is being revised across the eu it's expected the revision will go into force probably middle end of june this year there'll be an 18-month compliance window it will apply to medium-sized organizations as well as to large organizations but it is a directive so uh it's likely to have different implementation requirements in uh all 27 member states of the eu and at the moment it's not uh it does not appear that the uk is planning to revise its version of uh offense it is interesting to note though that in the uk uh the department of work and pensions uh for instance is requiring organizations that uh on front frontline contractors and increasingly second and third line contractors not only to have cyber essentials plus at iso 27001 certifications but also to take on and do a sock two annual uh audits um and it makes sense to prepare for a stock to order at the same time as you're doing iso 27001 on cyber essentials because that means you can build a single integrated cyber security management system but it's a it's worthwhile seeing the new eu rules on corporate accountability um applying very broadly across a much wider swathe of critical national infrastructure having them the requirements uh that incidents are reported and that reflects what's already in eu gdpr that data protection incidents have to be reported to the supervisor within 72 hours the internal market commissioner said cyber threats have become bolder and more complex it was imperative to adopt to adapt the security frameworks the new realities to make sure citizens and infrastructures are protected cooperation and rapid information sharing are of paramount importance and with the agreements of this two we modernize our rules in the eu to secure more critical services for society and economy and it's that one of the uh capabilities that this two puts in place which is better sharing of cyber security information that helps organizations across the european union better act together to protect one another against um against the whole of the eu so the objective of this two is to strengthen cyber resilience and we'll hear more and more about cyber resilience the idea that organizations should not just be able to defend themselves against cyber attacks but should recognize cyber attacks will penetrate one or more layers of your defense mechanisms and therefore you need the resilience that enables you to soak up so to speak the punches and still recover and still keep going so cyber resilience will become a key aspect in sectors like healthcare medical devices energy grids the very broad digital services market waste management product manufacturing finance banking public administration logistics and so on top management is accountable underneath too for non-compliance with the cyber security obligations and there is increasing requirements to protect supply chains and supplier relationships and to make sure that those are appropriately secured as well so security and supply chain security and supply relationships becomes a key implementation elements of this two compliance so you can see how what dwp in the uk is doing pushing soc 2 down through its tier 1 tier 2 tier 3 suppliers this two is doing uh in the eu pushing uh cyber security accountability down from major corporations through their supply chains trying to build a more secure wider infrastructure across the european union and effectively internationally because supply chains are are global not just eu-based so one of the other parallel strands going on from a legal perspective is the transfer of data between the european union and the united states you'll all be aware that effectively at the moment it's illegal for a an eu data controller to transfer data to the united states by illegal i simply mean that it's legal as long as you can prove that the data cannot be accessed by an american legal entity who has access to nsa rights to collect personal data or access personal data that's very difficult to do so the privacy shield was declared invalid as a result of what's called the shrems ii action max schrems who runs the none of your business noib not-for-profit organization and the european commission and the u.s federal trade commission have been negotiating a new transatlantic data privacy framework they reckon they've arrived at a solution we don't yet know the detail of it the objective is to make it easy for data flows between the eu and the us to take place but the reality is that unless it's really watertight you can rely on shrems and neue bringing another action against it so there's likely to be a period of two or three years during which uh the framework is in place and while a court action works its way through the eu cj but who knows they might come up with something which is watertight but nevertheless uh it creates another legal challenge around data protection how if you are making sure you're dealing with personal data as well as all the rest of your data and you're dealing with data flows between the eu and the us do you ensure that if the transatlantic data privacy framework comes into force you're going to be able to protect data uh both legally and in fact uh uh during the period that it's enforced so that you are in a position where if there is a successful challenge you don't have to scramble to rebuild the fences that you might have put in place now but certainly the global data flows look as though they will continue to be a complex area to deal with so the uh the steps that uh it looks as though you're going to go through as part of the data privacy framework we'll be conducting a gap analysis against the new framework the requirements that you need to have in place create updates your inventories of data reassess the security and privacy practices that you have and which your american data processes or joint controllers might have review contracts with suppliers and third parties identify and create new processes and policies for international data transfers and evaluate your existing processes against those policies and processes to make sure that they're working where appropriate uh which is as in all cases adopt the new eu general uh standard contractual clauses for data transfers that's a sensible thing to do even if you're going to rely on the new transatlantic data privacy framework um because it kind of gives you long-term protection but it becomes a more structured process that you need to go through to demonstrate compliance with the emerging frameworks not yet available but it's going to be a key part of the landscape and mapping data where does the data flow identifying where you collect it from who has access to it which countries it goes to who can see it what it's used for all of those become more and more important elements of future proofing your your data protection framework your cyber security framework it's quite clear that uh increasingly uh data supervisory authorities around the eu are fining organizations because they've failed to ensure that only an appropriate element of data is made available to a partner um that it's only made available for the requisite amount of time so data flow mapping becomes a really fundamental part of effective data compliance in the emerging environment so detailed gap analysis make sure that all of your data flows uh both inside the uk the eu uh are compliant uh make sure that if you are likely to have to comply with either the uh existing uh instant reporting requirements in the eu in the uk or in the us or what the sec looks as though it's going to be putting in place you can kind of assume that what it's consulting on is probably going to come down as a set of standard requirements you need to know what data you have you need to know when you're looking at uh what attack has taken place you need to be able to go well if they've got into that particular asset then they've been able to access that data if they've been able to access that data they've been able to see the following elements so mapping data being really really clear about the data inventory where you're holding data is a critical component of putting yourself in a position where you can genuinely respond to a a cyber attack in a way that enables you to deal with it effectively you can't be sure that your data flows comply with the current state of law both in terms of international transfers if you don't know where they are and you need to go into some detail for instance you might have a a website which processes data and you say to yourself my website's hosted in the uk so uh all of the personal data processed on it is the uk that's fine but if you are using a an email client on the website perhaps to handle fulfillments and that email client is not yours but is provided by an organization let's say in the u.s you will be processing personal data in the u.s and without persons without appropriate measures in place you could find that you are in breach of uk gdpr or eu gdpr as the case may be so you really do need to be clear about what applications are processing what data and where you can't protect data unless you know where it is and how to protect it um and and the wrong time to be trying to work out what's happened is after an event after an incident has occurred many organizations lose hours and days trying to work out exactly what's been compromised because they don't have an upstate data map they don't have an up-to-date data inventory it's a critical component of a robust and resilient response to a cyber incident so an inventory of personal information data flows mapped make sure those data flows are compliant with legal requirements in each of the jurisdictions through which they're going and there are a number of practical steps that you can take to implement what we talk about as a cyber defense in-depth strategy a recognition that defense in depth needs to be built so that you can genuinely become resilient and defence in debt starts off with a front line which is essentially about detecting attacks so that's vulnerability scanning continual vulnerability scanning remediating vulnerabilities remember that the vulnerabilities that you know about cyber criminals also know about they're on a public database the least you can do is make sure you don't have any of them so continually scanning was regularly updated scanners is a logical thing to be doing multi-factor authentication phishing staff awareness updating staff awareness training for staff doing a once a year staff awareness training program simply doesn't cut the mustard because phishing attacks change and the success of fishing attacks the ease of crafting them fishing as a service all of the different ways in which cyber crime gangs and nation states are able to um weaponized attacks means that you need to do first-line anti-phishing and staff awareness training on a regular quarterly or even more frequent update basis your second line of defense would be a much more robust set of responses so cyber incident response data breach reporting penetration testing a step up from vulnerability scanning a trained ethical hacker looking to see how vulnerabilities and configuration issues and websites in the cloud in your cloud infrastructure could be exploited um cyber essentials and cyber essentials plus if you're in the uk proper properly trained cyber uh security it support gdpr staff awareness all of the stuff which enables staff to better recognize attacks when they're taking place be better placed to respond to and deal with them the third line of defense is is effectively maturing it is putting risk-based security control such as iso 27001 certification uh sock2 uh compliance audits uh uh into place so that you know that the way in which you're defending from attacks is in line with the organization's risk appetite management has a much more mature dashboard of the extent to which identified vulnerabilities are under control and threats are mitigated and then fourth line of defense is happening beyond the organization so secure the organization first and then look at what's happening uh in the supply chain make sure that you can rebuild so good i.t disaster recovery business continuity management integrate them into your information security management processes so you can seamlessly go from responding to an incident to invoking a business continuity plan or disaster recovery plan in a way that enables the organization to get its processes back to a minimum operating level within the target time period think of your fifth line of defense as being cyber security insurance it shouldn't be anything more advanced than that cyber security insurance remember simply helps you mitigate impact it doesn't help you mitigate likelihood um you're not going to draw on cyber security insurance until you have been breached and the damage which a cyber attack does is significantly greater most organizations discover than their cyber security insurance will pay them for yes the insurance might until it's banned give you the money that helps you pay for a ransom yes it might help you deal with the initial costs but no mostly it won't help you deal with all of the significant rebuilding that you have to do afterwards and very rarely will it even begin to cover the damage that it does to your reputation um it certainly won't help you rebuild the damage done to director's reputation um and it won't help you rebuild damage done to share price for listed organizations so think of cyber insurance as a fifth line of defense and note that cyber insurance has increased significantly in cost we see and hear from clients that cyber insurance premiums have gone up anywhere between 25 and 125 and the number of organizations prepared to offer cyber insurance has reduced remarkably so you kind of need to put in place cyber defense controls which mean that relying on cyber insurance is simply not something you need to do so build cyber security cyber defense in depth that's fundamental there's a number of ways as an organization we can help you you can read more about services like vulnerability scanning and phishing awareness training programs ongoing monthly and quarterly training programs on our website so when you get the slides you can click through to those two pages you can take a look at uh incident response of the key elements instant response how uh how to put that together at what's required around the data breach reporting stage what elements there have to be in our in-house law company grci law we help clients report a number of breaches to the ico and other supervisory authorities on week in week out which means we're very good at knowing what has to be reported and of course supervisory authorities know that we know so that kind of simplifies the reporting process we've recently launched cyber safeguard it's really cyber security as a service which you could think of as being a packaged cyber defense in-depth offering it's got vulnerability scanning it's got anti-phishing training it's got other training elements in it and it brings with it up to half a million pounds worth of embedded cyber security insurance which you don't have to do anything more for than simply deploy the elements which are in the package so it's a very solid uh route that organizations can go if they're looking for very quick route uh into the beginnings of an integrated uh multi-level cyber defense in depth offering again you can read more about that on our website data flow mapping i've spoken about a number of times there's a data flow mapping tool i think the vigilant software dataflow mapping tool is unique in a number of ways but you can read more about it read more about the actions and steps necessary to give you a genuine and updatable and maintainable database of data flows because not that you need a single today data flow map you need to be able to update it with changes in process uh you need to be able to familiarize new people to join the organization with how data flows you need something which is up to date and robust and the data flow mapping tool should give you that so um all of those and more you can get on our websites in the uk and europe and in the us you can get us by telephone by email um by in social media there's a whole bunch of different ways you can get hold of us which ladies and gentlemen brings me of what i had planned to say um it was only against me 45 minutes so if there are any questions there's a bit of time now left over for anybody who has questions arising from any part of what i said if you've got a question please type it into the um q a section and i'll share the uh question and the answer with uh with folk the q a section you should see on the right hand side of your screen so a question what's cyber security landscape recommendations with ai current trend in cyber security being introduced in all market segments i'm not sure i fully understand this is a bit of a you've left a few a few too many words out of this for me um are you asking what uh ai driven cyber security you should be looking at or what uh ai attacks you should be looking out for um let me perhaps basically answer both um okay so um if we attacks we should be looking out for so ai driven attacks we see a lot more of those at the moment around news and what's happening in bot debts we see limited amounts of ai driven attacks on organizations we would expect to see those escalate fairly dramatically over the course of the next year or two mostly what we see inside networks when attackers get inside are attacks which are designed to execute so they're code they execute their design to proliferate through networks but they're not yet genuinely ai driven um they're simply code executing but i would expect to see uh within the next six to eighteen months of proliferation in ai driven attacks that organizations need to worry about there is beginning to be some organizations who have ai driven uh internet defenses which are designed to try and spot and block ai attacks but it's a whole new area of development that is for us to look forward to but not yet a uh not yet a major issue um i might be getting hung up on language but what is your interpretation of what boosting our cyber offense means what would that look like in practice you you're not necessarily getting hung up on language the logic of cyber offense means attacking back and the most logical ways of attacking back would be identifying uh ip addresses from which attacks come the attacks might be [Music] dod attacks um there might be a um [Music] download of malware and is attacking those with uh floods of uh with data um attacking them with counter malware attacks those are the kind of logical things that organizations could do today there's no reason why because an organization has attacked you with a with a whole bunch of malware you can't identify the ip address and attack back of course if the attack is coming through a set of um lockout routers then you won't find out where the attack originates but you can perhaps take down the uh the intermittent the interlinking routers but if it's coming across multiple uh spaces that gets to be harder so um how cyber offense develops is going to be again one of those particularly interesting areas i think that the government is allocating just 22 million pounds to it in the uk is kind of admitting that it doesn't really know what it's going to do yet but that it's an important area that it needs to be looking at how it can do something and again i would expect to see activity in that area the the reality that the attacks on satellite gps systems already driving uk and u.s armed forces to look at other methods of providing vocational and communication vocational data and communication information to ground troops is an indication of how quickly uh systems can evolve when dealing with uh the reality of warfare but i i'm not yet seeing other than uh the kind of premeditated attacks that you saw on uh that you see israel for instance carrying out on uh iranian nuclear development facilities which are premeditated in the sense that malware is got beyond a um an air firewall by means of get tricking somebody into picking up and plugging in a usb stick which downloads malware those kind of offensive attacks are are simply cyber attacks or nation-state cyber attacks they're not offensive as in counter-offensive uh which is i think the direction that the uk wants to be going um i hope those answers have been helpful uh they from my perspective are mostly saying there's lots to happen it hasn't happened yet are there any other questions folks that you would like to ask at this point if not thank you all for joining us this afternoon do if we can help you deal with uh this evolving set of uh challenges building cyber defense in depth into your organization please do give us a shout talk to your account manager come onto our website get hold of us on social media call us email us email me and we'll we'll talk to you about how we can help you make sure you stay safe in today's environment and good luck bye you