.png)
AI for Business with BCN
AI for Business is the essential podcast for business leaders who want to stay ahead of the artificial intelligence curve. Hosted by BCN, each episode invites guests to share stories on how they’re using AI in their field and industry, with the goal to inspire you to bring this to your business.
We break down the biggest AI news, like major model releases, industry-wide shifts, and regulatory changes, translating them into practical strategies for the C-suite and business leaders. You’ll hear from guests, sector specialists, and our own AI consultants, all focused on helping you navigate disruption, seize new opportunities, and future-proof your organisation.
Make “AI for Business” your go-to source for staying informed, inspired, and ready to lead in a rapidly changing world.
AI for Business with BCN
Cyber Security Series, Episode 2
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In the second episode of our Cyber Security series, our host, Peter Filitz is joined by BCN's Michael O'Neill - Managed Security Services Director, Simon Edwards - Head of Compliance and Graeme Dempster - Senior Security Analyst.
This episode takes a look at the continuation of BCN’s Cyber Security Journey, with the team talking through the Managed and Embedded stages of the journey.
For more information, visit BCN's Cyber Security Journey
Thanks for listening!
Hello and welcome to the BCN Cybersecurity Podcast. This is episode two in the series, and today we'll be focusing on the latter part of the journey, homing in on managed, embedded, and talking through the stages, things to consider, and how to progress. On today's podcast, I have the pleasure of speaking to Michael O'Neill, Graham Denster, and Simon Edwards. Gentlemen, welcome and thanks for coming. Let's start with you, Michael. You want to tell us a little bit about yourself?
Michael:Yes, uh Michael O'Neill, managed security services director at BCN. Look after a team, uh, some of which are on the call here uh that cover all things security. 20 plus years in IT, uh focusing on security the last eight years or so. Excellent. Thanks, Mike, for joining us today.
Graham:Graham, over to you. Graeb Dempster, uh MSS, Managed Security Services Senior Engineer. Uh, been working in IT for 23 years with a focus on security for the last five or six years, um both internally and with customers. Excellent. Thanks, Graham.
Simon:Simon, last but not least. Thanks, Pete. Yep, same actually as Graham. 23 years working for a number of different MSPs, number of different roles. Yeah, last sort of few years focusing more on security. Excellent.
Peter:Thank you. So fair to say we've got a wealth of experience on the cybersecurity front with us today. Let's start with a recap on our earlier podcast and the overview of the security journey uh we're working with clients on. Mike, do you want to give us a little recap on that?
Michael:Yeah, I mean, today we're gonna talk a little bit about the top end of the journey. Um but yes, we have a cyber journey that we'd like to work with clients on. And ultimately that produces a strategy of how you know they want to approach cyber risk. And you know, we have four stages uh reactive, proactive, managed, and embedded. So the reactive is as it sounds, you know, it's security isn't really a major priority in the business. If anything goes wrong, they essentially react and rely on partners like ourselves to help them deal with whatever the problem is. Proactive is a little bit more security aware. The business may take some proactive measurements, you know, and including having a regular assessment, maybe the odd vulnerability scan because of a contract they have or supply chain requirement. But you know, it's just to meet that bar really. Um, managed, where we're going to cover a little bit today, as well as the top-end embedded, is um you know a bit more comprehensive for sure. You know, taking services from companies like ourselves that are not just fire and forget, they are managed services and evergreen type approaches with outputs, reports, and materials needed to prove that things are managed. Uh, helping with incident response plans, having one and having that understood in the business, you know, regular assessments and updates, you know, not just once a year or once every time a need comes in. Embedded, being top of the tree, if you like. Usually a client is very serious about security, highly mature security posture, constantly aware and alert to security issues, integrated into the business, you know, so security discussed whenever any new system changes or comes in. It's seen as a business enabler and not just something we have to get through, and the whole business goals and objectives are aligned around security and other top uh areas. So that is our cybersecurity journey. We like to get into this with clients and understand where they think they are and potentially help them assess where they are and then give them a roadmap and clear plan to get to where they want to be or need to be. Thanks, Mike. That's super useful.
Peter:Now, I guess it's also important to touch on the sort of threat landscape today. Do we have any updates in terms of how that's looking?
Michael:So recently, just before Christmas, we had a service provider, a local service provider, was essentially hacked, and ransomware. Their business was providing services to solicitors and lawyers, helping manage the process to sell houses and things like that. They were offline for a month and have serious downtime for their clients and ultimately their supply chain people buying and selling houses. This was due to a set of unfortunate circumstances that basically made their servers unaccessible by the clients. This issue with their Citrix servers is known in the press as Citrix Bleed. Basically, it was a zero-day attack that basically hadn't been patched yet to you know protect against this issue. There was plus four weeks of downtime, and a lot of obviously bad press and damage claims, um, and a lot of clients obviously had to leave. So, you know, this is um an example of you know it can happen to anyone, and the knock-on effects can affect you, even if obviously you weren't hacked, or in this case, ransomware. Another example, I think I mentioned again in the last podcast, was a logistics firm that had ultimately went into insolvency and 730 redundancies. Basically, a similar idea, there was a ransomware attack, it crippled the business functions of the business, no one knew where the parcels were, you know, how to pick them up. All the things you would imagine crippled a logistic business happened. They they couldn't get any funds to help them because they were in that state, and while it's devastating, and a lot of people lost their jobs in the business and along the supply chain for those businesses supplying the logistics firm. We know that from stories on BBC that the backups were um encrypted, therefore they couldn't use those, they didn't have air gap or backups they could rely on. The instant response plan clearly didn't work as intended. And just for background, the Akira gang, you know, there are a lot of gangs out there. This one's called the Ikira. They're well known, and they're sort of their way of operating is to scan the dark web for credentials that are being sold on the dark web. Low-level credentials, they expose then what was at the time a Cisco problem that was on the VPN side. Get into your actual network at that point and use various techniques, referred to sometimes as living off the land or lateral movement, to get access to an account without MFA or bypass it with various techniques and use that to push themselves off the chain until they have control of the network, of which they did in this case. Would our journey have helped this particular client? I believe that would have, absolutely, because we look for all these things and we keep an eye on what the games are doing and provide solutions at the top end of our journey to help with that.
Peter:Thanks, Michael. That's a comprehensive overview, and I think it it just shows that it's so indiscriminate, right? And it's it's a question of when rather than if these days, given our exposure to what's out there. I think the audience would like to know a little more about the BCN baseline. We talk about that as a sort of standard. Can you elaborate in a little more detail what that means?
Michael:Yeah. There's an overview, and as part of our cyber pledge, you know, we would love everyone to have the BCN baseline, but we understand that just may not be practical for many, many reasons. But should you have concerns, you know, we absolutely want to assess where you are via some tools that we have and understand where you want to go, but make map it along our baseline. So, you know, we have technologies and services in that four layers that I mentioned that we will map your business to and show where gaps are and output to you along our baseline where you might be and where you might feel, and where we could potentially help you. The baseline is you know, we mentioned Cyber Essentials, which is a great baseline for most businesses to have. BCM baseline is just a little bit more uh security, of course, requires a little bit more investment and a little bit more knowledge and understanding, but adds more security, adds a few more services that are managed that give you that that more confident stance and security posture and can help you prove to others how seriously you take security if you need to prove it for supply chain insurance or regulatory bodies.
Peter:That's a great overview, and I think it is so important to have a set standard to work from that gives you at least a good starting point and something on which to build. Right, so let's get into the specifics. Simon, why don't you give us an overview around the managed services that we provide uh from a cybersecurity perspective?
Simon:Sure, yeah, not a problem. I'll sort of go into a bit more detail on the the kind of the managed sort of um pillar. I like to almost think of them as the four steps. Now, obviously, the third step, is what we call the managed kind of pillar, is where we have placed our baseline. That's where we would like our clients to sit, ultimately. That's a comfortable position where we feel like most areas are covered. So, as Mike sort of mentioned, the managed kind of pillar or stage or step is where the business sort of takes security a little bit more posteriously. So this means the business has implemented more comprehensive security measures on top of the previous two. So this would include security policies, procedures, security monitoring tools, incident response plans, and we'd also expect these types of things to be monitored and reviewed on a regular basis. So some of the sort of things that we're talking about is data security, it's managed firewalls, immutable backups, might mention obviously security awareness training, regular penetration tests, having a decent EDR in place, which is obviously something that we can help with or managed defender service, and then DR again. It's all of those kind of services that we can help our clients implement. You know, I'm a big advocate of Cyber Essentials. Obviously, it's one of the services that my team is responsible for delivering. We talked a lot about cyberessentials in the previous podcast and how that can kind of mitigate 80% of your risk. But then actually, on top of that, you know, stepping up these kind of steps, you're further mitigating that risk. We all know that you're going to struggle to be assured 100% that you're going to mitigate your chances. But what we try to do is minimize that risk where possible. And so we hope that in the instance where you are targeted, it's almost too difficult, or then they just kind of move on to an easier target. So that's kind of what we're trying to achieve. Having these kind of these services in place should put you in good stead to protect your business.
Peter:Great. Yeah, and I think you know, emphasis on on managed, right? So it's about it's all good and well having services in place, but if they're not kept evergreen, if they're not evolving, updated, and and managed, so to speak, on an ongoing basis to ensure they provide that required protection and service, it's almost it makes them know and void. So so if we we move on with a journey and the the next stage at the top of the tree, as Mike said, is embedded. Graham, why don't you give us an overview on what that exactly is?
Graham:Uh thanks, Peter. Yeah, so embedded security is whenever it it's used as a tool within your business. It's high priority. It's there as a means to ensure that data integrity, data security, and that all the tools and services and your supply chain are all protected as much as possible. As Simon mentioned as well, you can never be 100% secure. But the whole idea of an embedded security solution is that you have the tools in place to be able to tell if you're being targeted, and if you are being targeted, that it has been actioned and dealt with as quickly and as painlessly as possible. As Mike mentioned on the logistics firm, one of the things that a SOC seam solution, which is one of the technologies that would be included in an embedded company, is that it would be looking for those lateral movement actions. So as people get access to the systems and try and do things like privilege escalation or try and crack a security database, that should trigger an alert. And those alerts through AI, through security professionals, through use of tools means that you can action against that. So if you're actioning against that at that very, very critical early stage, then things like ransomware attacks can't be prevented. You can use tools like Windows Defender and the Managed Defender service that BCM provide. So just jump in, um, it's because it's a good point.
Michael:We go back to the logistics file that I mentioned, that was ransomware and ultimately Winton Solvent. One of the first steps that could have triggered one of our services or one of the SOC services that Graham mentioned was these guys were searching for login details and information about the logistics company. If we're managing the dark web for such client via one of our managed services tools, that information can also be seen by us and reported. And potentially then with our service get back to the company and say, listen, we've seen Joe blogs' information about his login has been sold on the dark web. You really want to go through your system and make sure you've removed that person if they've left, because those credentials are elsewhere now and could be used to get in an issue to the system. That would be a trigger at our end to phone you up straight away, or we might actively, depending on what level of agreement we have with each other, we might automatically do something based on that. So just to tie it all together, that's how how these services you know work together.
Graham:Those tools need to talk to each other as well. Because as we were discussing before, the the vendor service will talk to your same service, your firewall will talk to your same service, your dark web will talk to your same service, and it all that information makes it an embedded system. It's not a product, it is a way of doing business that needs to be included in all your processes, and that's why businesses they need to be looking at an embedded security solution to keep them ahead of the game where possible.
Simon:I think you know, one thing that's really clever, obviously, because it you know got the introduction of AI into this, the problem is when you are under attack, whether you have a plan in place or you don't, everything is always very reactive. You're receiving logs in, you're trying to close things down, and you're trying to react off that. And I think the difference with this particular service is because it's AI generated, it takes a good guess as an understanding of where the potential next step may be for an attacker to compromise. So it can help get ahead of the game in that sense.
Graham:Yes, and again, Simon, the pitfall is that a lot of companies will try and say that, oh, we can do security ourselves. Because security professionals are professionals by definition. It's the same with any product. If you have professionals dealing with it, generally you'll get a better outcome. So there are many pitfalls in any security solution that may arise. Any security product or any security solution is better than having no solution. But whenever you're installing it and setting it up yourself and potentially not having that partner or security professional available to help you along with that journey, it may end up costing a lot more in time, money, and effort than it really needs to. And also it may end up not being fit for purpose for your business. So you need to be looking into the pitfalls and embedding the solution into your business processes in order to get the best value out of your SOC solutions and your security posture as in general.
Peter:Gray mentioned around time and speed at which vulnerabilities can be identified or suspicious activity on the network. That's obviously huge, right? Because with a lot of these cyber attacks, what transpires following the post-mortem or subsequent investigation is that these hackers have had free reign on the network for weeks, often months, which you know makes the attack so much worse because it's given them time to gain access to more systems and to wreak more damage. So having that system in place which allows you to more readily identify it is obviously a massive plus point.
Simon:I think as well, especially you know, you take our EDR service, for example, as soon as it spots any unusual behaviour, it's looking to isolate that machine straight away. It won't be able to communicate across the network, and that's the second that it sees it. It's not going to sit there in the background working away without you even being aware. It's not just an antivirus, it is next level. But it's all about that all-encompassing service.
Peter:Graham, in terms of you know, the embedded journey and and obviously looking at technologies that that are included, what do you still need to be aware of once once you're there?
Graham:You still need to be uh keeping an eye on trends. It's a manage service generally that you would you would have. So that managed service will constantly change and evolve as the threat landscape changes and evolves. So whenever a new method of attack is prevalent, you build in solutions within your SOC same platform in order to look for that. So if that's AI or people driven, it's still going to change and evolve as time goes on.
Michael:Part of the managed services of which all these guys are involved in, we provide that intelligence as well, and that information, we we break that down into understandable advisories and communication on the back of our managed services. So if a new feature or threat issue is targeted or we get any dark web intelligence, we bring that together in a monthly or quarterly type approach and appropriately distribute that information and/or inform that we've already taken steps to manage it, and that wraparound service becomes part of our manage offerings.
Peter:Yeah, absolutely. It's sometimes difficult though to fight an enemy that you can't tangibly see, but that's why I guess it's good having a security partner like BCN on your side who's tapped into numerous sources for ensuring we keep our clients up to date and on the forefront of their security needs. Gentlemen, thank you so much for your time today. Just before we sign off, any parting words from you, Mike? Any thoughts, any advice?
Michael:The parting word from my perspective is there's a lot of information to consume out there, you know, and we're as part of our pledge, you know, our genuine pledge to help clients on the security journey, which is complicated. We get we have podcasts, we have in-person events, webinar events, and again, we have some tools that will help us explain this and help you through the journey and leave you with a roadmap at the end. And I would just encourage you to engage with us as much as possible. One more passing bit is you know, if you're managing your security, pay attention to these advisories and updates that are sent out because they're being exploited quicker than ever. And you know, what used to be 30 days to allow for your patching is easily fourteen and less these days. You know, question if it's being patched, ask for evidence because that's one of the first ways into your network and your systems.
Simon:We kind of second that really, just following on from what Mike was saying, you know, security is a complete minefield, and most businesses, you know, maybe won't know where to start. So I think even if a business doesn't have any immediate plans to address any of the security or budget, I think it's still worth carrying out the kind of the analysis with our guys just to understand where they may be on that journey, and it might sort of open the eyes a little bit, I suppose. Uh Graham, thoughts?
Graham:Well, I think the thing that has probably been mentioned most of all is it's a journey. It starts with what first step. First step is to try and get on a decent security footing using things like CE as your first step along the journey. The journey doesn't end, it takes time, it takes effort, but it starts with one step, and that one step is CE. So we're essentials.
Peter:Yeah, and as you say, one step at a time, and and I think that's also important to mention that you know we appreciate that we live in a real world. Businesses have everyday concerns about just keeping their businesses afloat and their staff working. So, you know, what we're talking about yeah is working with you to understand your business needs, your requirements and budgets, and slowly introduce the required security measures to help protect you and your staff. On that, thank you so much for joining us today. If you want to know more about what we've discussed or the other services that we provide, then please visit us at our website www.bcn.co.uk for more information around the products and services we offer on the cyber front. And if you'd like a personalized one on one conversation with one of our cybersecurity experts to see where you are on your journey, then don't hesitate to get in touch.