Last month, the iconic Olympia London opened its doors to over 5,000 delegates, for the 2022 International Cyber Security Expo.

With an esteemed Advisory Council, chaired by Professor Ciaran Martin CB (former CEO of the NCSC), the event combines world-class education with practical business solutions, as well as leading products and innovations.

Not ones to miss such an opportune event, our cyber security team headed down to scope out some key insights.

Here’s what they came back with…

Software Bill of Materials (SBOM) as a strategy 101

Recently emerging as a key building block in software security and supply chain risk management, a SBOM is a complete inventory of a codebase – including open source components, their license and version information, and any known vulnerabilities.

Having an SBOM is one of the most effective ways to identify impacted systems, as well as help organisations secure their infrastructure to minimise cyber security risks.

Attack tree analysis: identifying and ranking cyberattack paths

Conceptual diagrams showing how a system or target can be compromised, attack trees are an excellent tool in the world of cyber security.

Utilising telemetry data and estimates to reduce the risk of an attack, David Wiseman of Isograph Software ran through an example of a threat imposed on an automotive infotainment system – and what an insightful demo it was!

Application security – present and future

A panel of cyber powerhouses delved deeper into application security automation testing.

Specifically, the discussion focused on API security, cloud native application security, and supply chain risks – highlighting how our growing reliance upon such services have exposed users to a variety of new security risks, and exploring how to protect them from constantly-evolving threats.

Hunting the actors behind the threat

Clustering is the process of dividing entire data into groups, based on the patterns in the data – allowing experts to observe activity and identify any anomalies that could indicate a threat. Very Jason Bourne!

Zero Trust for applications and protecting yourself from zero-day vulnerabilities

Zero Trust is a hot topic for network security. Yet, many are yet to grasp its impact or understand successful implementation.

Delving into the various endpoint evasion techniques that are undetectable by most Endpoint Detection and Response (EDR) and antivirus solutions, offered some great insight into the need for such architecture in an increasingly connected world.

An insight into  penetration testing

With a whistle-stop demo of penetration testing in action, attendees were encouraged to think like a hacker, and detect vulnerabilities in a sample software system.

But why is this so important?

• It shows real-world attack vectors: These could impact an organisation’s IT assets, data, humans, and/or physical security – ultimately telling you how effective your security controls are against these attacks.
• It uncovers any major vulnerabilities within your environment: Plus, it detects low-medium risks, to help you prioritise fixes and allocate resources accordingly. This is a critical part of tightening up your security posture as the vulnerabilities can lead a hacker all the way through your network to your sensitive data.
• It identifies problems you didn’t know existed: You may need to, for example, fix misconfigurations in a DNS server or a compromised web server you forgot about.
• It identifies recommended security controls: This might present an opportunity to prioritise remediation events, patch IT assets, or layer more security defences in your organisation.
• It reveals poor practices within your security team: Don’t forget the role of humans – are you missing important patches or not hardening applications and operating systems?
• It highlights your team’s strengths: A quality pen test might not only show you the weaknesses in your security posture, but also the strengths and where your team excels. This can instil your team with confidence in detecting and responding to threat actors, as well as becoming more proactive in finding hidden threats themselves, in future.
• It helps to enhance your security strategy: If you already have a solid security strategy and policies, you can show the organisation and end users how important these are. However, if your pen testers can show that human mistakes are causing the biggest gap in your security, you can reinforce the need to re-evaluate your processes.

Want to continue the conversation? Get in touch.

We have received a growing number of enquiries over the past two weeks, from customers concerned about the threat of cyberattacks. And the number of people contacting us in search of guidance is continuing to rise. Our head of transformation and operations – Carol McGrotty – has therefore summarised our advice in this short post. If you wish to discuss this any further, please contact our Service Desk at gethelp@vapourcloud.com, and we will do our best to assist.

With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered.

Vapour is liaising with Tier 1 providers – with no known immediate threat – and shall continue to do so.

There is a heightened sense of concern being felt by many organisations. Our focus is to help clients prepare for potential cyberattacks. For that, we have put together this cyber readiness checklist. While many of these suggestions are standard cyber hygiene protocols and best practices, simple actions can also go a long way towards fighting against cyberthreats.

Key takeaways

Access: Review admin access to Firewalls and Firewall policies to ensure only permitted access has been given and not open to vulnerabilities

Patching: Ensure that all systems are fully patched and updated

Protection Databases: Make sure your security tools have the latest databases

Backup: Create or update offline backups for all critical systems

Phishing: Conduct phishing awareness training and drills

Hunt: Proactively hunt for attackers in your network using the known TTPs of Russian threat actors

Emulate: Test your defences to ensure they can detect the known TTPs of Russian threat actors

Response: Test your incident response against fictitious, real-world scenarios.

We hope you find this helpful, and if you have any queries, please contact our Service Desk at gethelp@vapourcloud.com.