Saga Cibernética

Mind the MDR expectation gap! The number of organisations that are heavily reliant on a security operations centre (SOC) or managed detection and response (MDR) provider is growing. But in an age of increasing cyber risk, who watches these watchers? And what are the warning signs that an ‘MDR expectation gap’ is turning into a chasm?

Our cyber experts explain how to get the most out of your relationship with your SOC/MDR provider, and maximise value and efficiency in this critical area.

Most banks, stock exchanges and other financial institutions have robust cyber security measures in place – but threat actors tend to treat that as a challenge rather than a deterrent.

The numerous third parties involved in the modern supply chain offer cyber criminals easier access to larger, more secure – and more lucrative – targets. In this month’s review, Stephen Green, Threat Intelligence Lead, looks at the third-party cyber attacks in April that left the Department of Insurance, Securities and Banking and the London Stock Exchange Group exposed.

The hype surrounding generative AI tools is understandable. However, there's another, potentially even more seismic technological shift taking shape: the rise of quantum computing.  

For many of us, quantum computing sounds like something from science fiction. In this week’s Cyber Series, Martin Nikel, Director of eDiscovery and Litigation Support, explains that what was once an impossible future is already here, and it’s time to start preparing for both the advantages quantum computing will bring and the risks it will pose to our digital security.

This week, we present some of the stories our cyber experts were willing and able to share about their experiences. And these stories have everything – from pre-dawn flights to undisclosed locations and a CTO who had the worst-ever first day back at work after a holiday. (Spoiler alert – he was arrested.) 

An early alarm, coffee, gardening, a good book, then more coffee and gardening. In between, our cyber governance, risk and compliance director also finds time to get a lot of work done. Follow him down the garden path for a closer look at his typical workday (and to see how the spring bulbs are doing). 

The big news in cyber security in March was all about China, as the UK took the extraordinary step of explicitly naming Chinese state-affiliated organisations and individuals that it alleges are responsible for malicious cyber campaigns against a group of its MPs.

In his review of the key cyber events of the last month, Stephen Green, Threat Intelligence Lead, explains why the UK is not alone in its concerns about Chinese interference and looks at what else kept cyber security experts busy.

Is one of your trusted colleagues a threat to your organisation? For that matter, are you?

There are many reasons why someone with legitimate access to an organisation’s networks and data could become a threat and trigger an ‘insider event’. Perhaps they unwittingly fall for the latest AI-powered phishing scam. Maybe they’re an opportunist looking for career advancement or financial gain. They may even simply make a mistake and deliver information into the wrong hands.

Alistair Purdy explores recent cases of inside actors – both malicious and well-intentioned – and how organisations can prepare for dealing with insider threats and events.

As a group, “hackers” don’t have a great reputation. But there is another kind of hacker – a penetration tester. These security experts work to help organisations improve their defences by identifying weak spots so they can be fixed before threat actors find them. Our resident pen tester describes a typical day in the life of “a hacker who helps.”

The damage caused by cyber crime is often financial or operational in nature. Now, alarmingly, we also know that, by targeting critical infrastructure, threat actors can have a devastating impact on our environment, and our health and wellbeing.

Wastewater and water supply plants are a new focus for cyber attacks, with a reported shift from insider threats to external adversaries. James Thoburn and Alistair Purdy explain the various reasons for why that is, and what wider lessons can be learned by providers of other critical infrastructure services. 

Threat actors never let us have a quiet month, but February was even wilder than usual.

Operation Cronos, a joint effort by the UK’s National Crime Agency and the US FBI, scored a rare and significant victory against the LockBit gang. The celebrations did not last long, as LockBit were back on a different site within days, but even so it has damaged the group’s reputation and will have sparked panic in the ranks.

The other February cyber headlines were dominated by the supply chain breach of Bank of America, and the ALPHV (aka BlackCat, aka Noberus) attack on Prudential Financial.

But which one of these stories is beginning to look like fake news?