Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Trending Techies meetup: The Cyber Security Defence Line
A few days ago, we held the meetup "The defensive line in Cyber Security", a face-to-face event that we organised at the Ironhack space in Matadero Madrid, through Telefónica Tech's Trending Techies initiative.
The meetups around the Cyber Security Techies and Data Techies communities generate conversation and networking spaces in a relaxed atmosphere (and some snacks) between professionals, students, companies, and the public interested in new generation digital technologies such as IoT, Cloud, Big Data, Artificial Intelligence, Blockchain and Cyber Security.
On this occasion, the meeting was dedicated to the role of the Blue team as the first line of defence before, during and after a cyber security incident occurs.
The master of ceremonies for the event was Martiniano "Marty" Mallavibarrena, Global head of incident response at Telefónica Tech. Or, for that matter, our "SWAT chief" when it comes to intervening quickly in a cyber security incident.
During the meeting, the speakers shared their professional experience and knowledge through three different cases that brought together the technologies, roles, techniques, and professions involved in detecting, preventing and recovering from a cyber-attack.
Intelligence (human and artificial) against cyberthreats
Álvaro García-Recuero, senior researcher at the Barcelona Supercomputing Center (BSC), spoke about federated learning as an alternative for training AI models in a secure, private, and robust way. In his case applied to a project for the classification of sensitive content on the internet that is able to learn and protect itself from malicious attacks or user errors.
Álvaro explained how this type of technology can also be applied to cyber security, for example, to detect or prevent cyber-attacks. And he addressed the need to use Artificial Intelligence in a "responsible and ethical" way, and to take advantage of the capacity of machine learning to protect us from cyber threats.
Artificial Intelligence can also be applied in cyber security, both to attack and to defend
Of course, assuming that these techniques and technologies are also used by "the bad guys", so their attack tools are getting "better and better at doing evil", in Marty's words.
Silvia Hernández, Threat hunter at Telefónica Tech, dedicated her talk "Studying threats to defend ourselves against them" to talk about an intrusion related to Conti and some malicious artefacts to explain how human analytics combined with machine learning and EDR-type systems make it possible to extract information, analyse, block, and respond to threats and complex attacks, as in the case of ransomware attacks to hijack data.
The figure of the threat hunter, although a relatively recent role, has become a figure without which “today's cyber security would be totally chaotic”.
Cyber Security Policy for SMEs
And lastly, Eugenio Martín, risk advisor at Jori&Tech, focused his presentation on preventive cyber security for small and medium-sized companies. He focused more specifically on the cases of educational centres and start-ups, two examples of organisations that are highly exposed and vulnerable because they have a very large "attack surface" (as happens when hundreds of devices and young people are combined in a school) and because of their lower technical and financial capacity to protect themselves and deal with a cyber-attack and its consequences.
“We are witnessing ransomware attacks that in just three days, over a weekend, are capable of completely hijacking complex computer systems of all kinds of organisations, educational institutions and businesses."
Eugenio presented the 'cyber insurance policy' or cyber security policy for SMEs and organisations. A resource that is still little known but essential, especially for small and medium-sized companies that, in general, are less prepared for common cyber-attacks such as ransomware, phishing or theft of credentials and information.
The cyber policy focuses on both prevention (audit, implementation of basic resources, ...) and solution (coverage, risk management, incident intervention...) when all else fails.
The problem is that cybercriminals also make use of these technologies, knowledge, and intelligence to increase the "firepower of their attacks" which, correctly applied, can be "impossible to stop", Marty explained, when there are no active cyber security measures in place.
