teissTalk: Fortifying your cyber defences as a mid-sized organisation

 

On 23 May, teissTalk host Tom Langford was joined by Dhruva Pudel, Head of Cyber security, Skillcast Group plc; Kai Michael Hermsen, Managing Board Member and Secretary, Twinds Foundation; and Charlie Milton, VP Strategic Alliances, Censornet.

 

Views on news

The Recall feature will be installed on new Microsoft laptops and is part of their artificial intelligence (AI) programme Copilot+ The feature will record everything a user does by taking screenshots every few seconds. It then allows the user to scroll back through their activity and search. However, after security concerns were raised around the feature, the ICO said: "We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy."

 

The matter, however, has implications beyond cybersecurity and the screenshot functionality can be seen as a surveillance tool. This is a tool that even IT professionals find problematic, let alone laypeople. And this is promoted by a trusted big tech organisation of the sector. Screenshots could provide behavioural context for a user that isn’t available anywhere else.

 

It remains to be seen whether users will have a choice to get co-pilot on their laptops or not. However, at the moment, Co-pilot will appear on your desktop without you opting in. There are vendors who use AI only in a cyber security context, such as Abnormal Security for emails and they do clever stuff. However, this doesn’t mean that previous methods that have proved their worth should be scrapped. Rather, AI should constitute a top layer on what we’ve been doing for decades.

 

How midsized organisations are different when it comes to cyber defence

Midsized companies are often forced to deal with cyber security by their vendors and other partners in their supply chains even if they don’t mean to. The challenge also lies in not having enough money or the right people, and even if they are willing to allocate resources to cyber security, they may not be able to find people with the right skills on the job market. It’s also difficult for them to decide where they should start.

 

That’s where managed service providers (MSPs) can help, but a company can’t just outsource everything. The market is so busy that even a seasoned cyber security expert would recognise only about 20 per cent of the companies exhibiting at InfoSec Europe 2024. Microsoft is a good proposition because it has many functionalities at one place – consolidation can work in the favour of smaller businesses.

 

Frameworks such as  Cyber Essentials and CE Plus can be of great help for medium sized companies by providing a shopping list that can help them identify what they’ve got and what are missing. Start-ups also make invaluable contributions to cyber security regardless of their size. A business also needs to have a clear picture of what it expects of service providers. Technology deployment is just half the story. You also need to raise cyber security awareness for it to work.

 

The panel’s advice

• Don’t trust any technology to be 100% secure.
• As a midmarket organisation, make the most of what you have.
• As a cyber security expert, remain up-to-speed with developments in the space.
• Take a step back and review your security ecosystem.