Security Panel – The Cybersecurity Show – S1Ep2
WILL SPALDING [00:00:31] Hello and welcome to Security Panel, episode two brought to you by Celerity in this episode, we’re going to be covering all things with early threat detection and reducing the impact of cyber security breaches on your business. I’m joined by two dapper gentlemen who can give us more of an insight into this area and how it’s going to affect businesses in particular. I’m joined by Chris Hannett, who’s Security as a Service Business Development Manager for Celerity. Quite some title there, actually, no problem at all. And also joined by Conor Champion as well who’s a Client Technical Professional at IBM Security. Gentlemen, thanks for joining me.
CONOR CHAMPION [00:01:11] Thanks for having us.
WILL SPALDING [00:01:12] Thanks for coming on. So start with you, Chris, give us a little bit of an overview of your background in cyber security and sort of what what led you into joining Celerity?
CHRIS HANNETT [00:01:23] Yeah. So I’ve worked in security in one way or another for nearly 10 years now. So kind of mainly focussed in and around money services, security, technology. When I first started, we were talking about things like network security and intrusion detection and things have changed a bit since then. So I joined Celerity to help build their Citadel security as a service product. And yeah basically trying to make security more, I guess, accessible and feasible.
WILL SPALDING [00:01:56] Fantastic stuff. Well, thanks. Thanks for your introduction there, Chris. And Conor, can you do the same and give us a little bit of an overview of what brought you to IBM?
CONOR CHAMPION [00:02:03] Absolutely. So I’ve been with IBM security for about four years now. I’ve done a variety of roles starting in a technical background. So we have in cybersecurity, we’ve got security operations centres where you’re actively monitoring networks in real time against threats. So I worked as a security analyst within those both for IBM and and for within client security operation centres themselves. From there, I’m now doing a more advisory role before products and solutions get sold to basically advise clients on on what they need to be doing with real time threat detection.
WILL SPALDING [00:02:37] Great stuff. Well, obviously, you’ve both been doing it for a little bit of time right now as well, so you as we would expect on this show. Give us your expert opinions on all things with cyber security now. Chris, can you start us off? I mean, what are the biggest challenges for organizations when it comes to cyber security?
CHRIS HANNETT [00:02:55] Well, I mean, there’s so many really I think the main ones really are the two key ones, really. It’s just the pace of change, how quickly things are changing. And I think a lot of businesses are probably feeling quite overwhelmed how quickly things are changing and the dimension before when a first started in security. It was kind of looking at the network and network security and stuff like that I think things have changed a huge amount now to be more focussed on the user and the users kind of the problem. And I think also with that pace of change, I think everyone’s trying to keep up. But then, you know, I’m sure you can vouch for this as well it’s like actually when you put the products in place and you’ve got the solutions in place, it can be quite difficult to manage the output. So I think it’s just it’s keeping pace and trying to make sense of what’s happening is, you know, it’s probably the main problem that a lot of businesses are facing.
WILL SPALDING [00:03:50] Can you could you also sort of the vouch for that there as well Conor?
CONOR CHAMPION [00:03:53] Absolutely. I think yes. So it’s sort of two factors to the pace of change in one technology moves so quickly. That’s been true ever since technology has been around. And now companies are really getting to grips with every sort of solution or process or technology or a people orientated process has a security consideration to it. So the pace of change applies to security as well. So it’s relevant to protecting environments, whether it’s from a technology perspective or from a process perspective. But it’s also the bad guys. It’s a bit of a cliche, but the adversaries that are going to be exploiting are moving at a rate of change as well. So you constantly got to be keeping up with developments in technology because they’ve only got to get it right once, I suppose is the key. Key point, once they discover a vulnerability and a new piece of kit, they’ll exploit that. And that will give them access to potentially the the wider picture.
WILL SPALDING [00:04:46] We touched on that on the previous episode, actually. And basically covering it is this is this is affecting everybody. You know, it’s not just, you know, big banks or big organizations or anything that it’s affecting everybody. I mean, in particular though Conor. Why is early threat detection so important to to organizations? I mean, we just covered it a little bit. But, you know, why is it why should it be on the agenda?
CONOR CHAMPION [00:05:11] Absolutely. So, I mean, the key point is the impact of that breach or whatever that threat might be. And the longer it’s undetected and the longer, therefore, that it’s not being contained or dealt with, the more damage it’s going to cause tht environment to that customer or organization, whatever it might be. So you know the obvious impact is a financial related one, but there’s obviously reputational impacts. There’s you know, we were throwing around some statistics before we went on. But, you know, there’s some really scary stats out there about how many businesses are affected by breaches actually go under because it’s so detrimental to their operations. We’ve got some statistics out there that so the Poneman Institute, the cost of a data breach study for 2018, it’s one hundred ninety seven days across a sort of sample size of about 500 companies. The mean time to actually discover a threat was 197 days. That’s terrible in itself. Right. But on top of that, the mean time to actually contain once it had been discovered, it’s like an additional 69 days. You’re looking at two hundred sixty six days to actually detect and respond on average and over that time.
CHRIS HANNETT [00:06:21] That’s basically like an entire working year.
CONOR CHAMPION [00:06:23] Exactly.
WILL SPALDING [00:06:24] And also, I like how accurate those those figures are as well. I guess they I mean, and puts it into into real scale as well. I mean, like you said before, we actually came on and we are having a little bit of a chat in our green room beforehand. And, you know, you used the analogy of of comparing it really to workplace and fire hazards really as in physical fires.
CHRIS HANNETT [00:06:46] Well, yeah, I think like what a lot of people struggle with and maybe people watching this will understand what I’m kind of driving at is that we kind of work in security. So we’re talking about security all the time. We were saying this before. It’s easy to assume that people know who what you’re talking about. And I think the majority of people don’t. So it’s about kind of context, I guess, and try to put it in the terms that people would understand in, you know, in a business scenario rather than just an IT security bubble. So, yeah, like you said, in terms of a fire. So let’s say you were a production company. You’ve got a big site. You don’t want that site to burn down. So you would have some kind of plan in place. You’d have like you’d invest in a fire suppression system, for example, or, you know, you’d have a plan in place so that if it does set on fire, people know what to do and how to respond to it. Because the alternative is to just watch it burn down and everyone’s panicking and running around. And, you know, there might be some fire extinguishers somewhere. But, you know, the point being that as a business, you see there’s a potential problem. And the impact that that problem would have on your business, as in your financial impact, loss of stock or equipment, the damage to your reputation and your customer relationships, because you can’t fulfil all that kind of stuff. You can see that as a tangible problem. So you plan for it and everyone gets that. You know, that’s a deveryone understands that. You know, it’s kind of it’s putting it in the terms that the board can understand. It’s not just an IT problem this it’s a kind of entire business problem. just like that would be.
WILL SPALDING [00:08:20] And following on from that as well. I mean, what sort of questions should businesses be asking themselves in relation to cyber security threats then what specific questions should it be brought in I suppose board level.
CHRIS HANNETT [00:08:31] I think it’s a similar to bring it back to that fire analogy again and without kind of going on about it too much. But, you know, there’s an issue and you need to look at what the potential real term impact on your business could be if the worst happened. And you plan for that. So you plan for the worst to happen and you plan as to how to minimize and mitigate the risk that comes from that. It’s exactly the same conversation here. So it’s about, you know, looking at what would the impact be realistically, you know, how are we geared to respond to that risk right now. Is that enough? And I would say the majority of businesses, if they’re if they’re honest and they understand the problem, probably nowhere near where they should be.
WILL SPALDING [00:09:13] You were going to answer that as well Conor?
CONOR CHAMPION [00:09:15] Yes, absolutely. I mean. Yeah. Because, you know, the original question being, why is early threat detection so important? You know, the output to detecting is responding. That is the key importance there. So when we’re talking about, you know, the fire analogy or whatever it might be, all that preparation is all about. Okay. The detection is obvious in something like fire. The important bit is how do we respond? What is the plan? So the questions that you’re asking in terms of a risk assessment and a sort of proactive approach. The detection is actually a means to an end, the end being the instant response plan and the actions that the company has to take to control it. As you know, to minimize the impact on the business as quickly as possible.
WILL SPALDING [00:09:55] Chris, this is a question for you. There’s so many different types of cyber threats from both outside and inside organizations. I mean, how can organizations go about combating these threats from numerous different directions, really?
CHRIS HANNETT [00:10:09] That’s a very good questions. Well, I think you’re right. I mean, there’s so many different angles now. And, you know, whereas it used to be, as I said before, kind of network focus to be kind of like I don’t know trying to get through the firewall or whatever. Now, there’s so many different angles and it might be as simple as, you know, your people are your biggest asset. I’m sure everyone has identify with that. But at the same time, they can also be a biggest risk and your biggest liability. And I think with things like digital transformation and making them into cloud and all the good things that businesses do, it’s kind of opening up a lot of different avenues of of of kind of risk, I guess, and threat. So you know, it’s a combination, really. You need the technology. See, there are a myriad of technologies out there that all deal with very specific and equally important elements of your risk and mitigated it. So whether it be endpoint security, whether that be security awareness, whether that be a ransomware protection. The list goes on. But the point the point being is that you have to try and kind of mitigate risk across a number of fronts, and that is a technology and that is also a feasibility and an operational capability question. Yeah. So you’ve kind of you need to invest in the right technology, but you also need to be able to get something from that what that technology generates and you know, we were talking about before with with SIEM is a great example. You need SIEM for visibility and control, but also you’ve got to be able to manage the output of that. Yeah.
WILL SPALDING [00:11:53] Yeah. And so I suppose before we move onto to really going in depth about SIEM as well, I mean this is a question for you as well Conor, because you know the I heard the other day that data is basically nowadays equivalent of oil really. And it has a lot of wealth involved in it as well. So when data is collected from cyber security tools in particular, how can companies deal with the huge amount of data and spot really the potential threats because there is so much data there. How can they go about it? Is it using technology such as AI or is it, you know, automation? What how can they go about it really and really spot where those threats are coming from?
CONOR CHAMPION [00:12:39] Absolutely. So, you know, the important thing is that there there is an awful lot of data. So the statistics out there that it’s not uncommon for organizations to have 80 different tools from 40 different vendors. And because of the general approach to IT procurement, you know, that has been point out, there’s a there’s an approach that technology will fix it. It will do one thing very well and we can deploy it. And that’s job done. And that leads to this landscape of lots of different tools that don’t necessarily integrate well with each other, producing lots of noise, you know, lots of output data that might have a security connotation. It might not. And then there’s a real difficult challenge with analyzing that and sort of orchestrating it into an actionable response. You know, it comes back to that whole point of detection is only important when you can do something about it, you know. And the earlier you detect, the earlier you can do something about it. So, you know, the key piece of technology here and what I’m very much involved with in my role at IBM security, is this this thing that’s come up very briefly, is SIEM, you know, security information and event management technology. And it’s and it’s important in the sense that it can interpret all those different sources of information. It can take, you know, log events from these security devices in whatever protocol. You know, that there’s lots of different tools out there. But essentially, you know, it’s it’s value is measured on how agnostic it can be in terms of what data it can take in. And the importance with all of that information is what level of analysis, what sort of understanding of security can it then present back to the processes whether it’s automated or, you know, importantly, back to the people that are going to inevitably have to action.
WILL SPALDING [00:14:20] I mean, what are the benefits, though does it does a SIEM platform have as well? Is there anything else obviously you mentioned that it’s pretty agnostic as well? So what else can it bring to the table as well?
CONOR CHAMPION [00:14:33] Okay. So, I mean, the difficulty here is I’m, you know, from a specific company I’m from IBM. So I might accidently slip into talking about our capabilities because there’s a whole field of technology. Right. There’s lots of competitors in this space. But essentially, the more it comes down to, the more it can do with that information and the more intelligent it can treat that information and enrich it with external sources. So this idea of threat intelligence is using things like sticks, so structured threat intelligence exchange to enrich the data and say, oh, we know that this address has just been contacted. We know that that’s a known malicious address. We’re going to present that back in a readable way to an analyst, to an automated process so that the instant response can take place. This is it, you know, this is achieved in a variety of ways, sort of rule based logic in terms of if this condition is met and this then triggers something that tells your team. We think that there is a denial of service taking place on our web server, but it could also be anomaly based. And this is becoming more and more important as the user is, you know, being understood as a real vector and a real threat.
CHRIS HANNETT [00:15:40] Yeah. And I think the key thing is that like we said technology is massively important, but the value to a business is in the visibility and the being able to respond to something as it happens. You know, like we’re talking about a fire before, you know, you need to respond to a fire quickly, quickly respond, the less damage it’s going to do. You know, we were talking earlier about how long it takes on average for a business to even detect that they’ve got a problem, let alone respond to it. That can be a full working year. You know, the value of of breaching data is in real time. You know, that the currency of it and the problems caused by it happen very quickly. So you need the tools in place to see you’ve got a problem. Then you’ve got to be able to do something about it.
WILL SPALDING [00:16:24] You react to it essentially as well.
CHRIS HANNETT [00:16:26] I think like Conor was saying these things could generate a huge amount of information. And it’s being able to cut through that volume to see what you need to worry about and then we actually be able to respond to that problem. And I think realistically nowadays with 40 different tools or 80 vendors or whatever we talking about before, you need an ability to actually get some return on investment from that, get some value from it. And I think now what we’re doing with Citadel at Celerity is delivering that as a service. So having the capability to get the data and that that the important stuff from from those tools and be able to do something with it and react to it.
WILL SPALDING [00:17:09] Well, this is the thing as well, because essentially what you’re doing is is enabling so that it doesn’t get there in the first place really. Rather than when, you know, I’ve heard before on another exposing shows and talking specifically about how within within cybersecurity and when there is a attack that does happen, the likelihood is you’re not going to know about it in real time at all until afterwards. And, you know, you’re not going to interact to it them.
CHRIS HANNETT [00:17:37] And that’s the thing. And it’s about realistically, we will talk about Celerity and, you know, hashtag, when not if and all that kind of stuff. It’s like, you know, we’re past the point of of preventing this stuff. You know, the reality is that at some point, the likelihood is there’s going to be a problem, whether that be ransomware, whether that be a specific breach of your data, whether that be one of your suppliers, your third party suppliers, is compromised in some way, which then affects your business. Well, you can’t avoid it. So realistically now the shift is towards mitigating that risk and being able to say to stakeholders in whatever guise that is, you know, this these are the reasonable steps that we took. Yeah. These were the things that we put in place to safeguard against it. Yeah. Again, like having a fire suppression system in your warehouse, whatever you can say we mitigate the risk.
WILL SPALDING [00:18:29] We love that one today.
CHRIS HANNETT [00:18:33] But I suppose it’s a good analogy to kind of put it in layman’s terms, I guess. There’s a lot of acronyms and a lot of kind of, you know, this bubble around security.
WILL SPALDING [00:18:42] Bringing it back to basics again really so people can understand it.
CHRIS HANNETT [00:18:43] Yeah because at the end of the day, like we said before, is this isn’t an IT issue. This is a this is a whole business issue. And the first steps it’s like therapy. You’ve got to recognize you’ve got a problem before you can do anything about it. And, you know, once you know you are a problem, you can deal with it. And it’s a similar kind of mindset, I guess. So that’s the thing it’s is kind of how do you make sense of it? Yeah. And how do you get some value from all of that information that’s generated? And realistically, for the majority of businesses that can’t afford their own sock or can’t afford whatever tool, you know that might take their fancy. It’s about getting the value as a service.
WILL SPALDING [00:19:23] Yeah, I’m going to put it out there to both of you really? I mean, we spoke about SIEM just just now as well. I mean, is it enough, though, to have SIEM to protect your organization, who wants to go first? Who wants to take this one?
CONOR CHAMPION [00:19:36] An important message, I suppose, if if that’s the attitude, I think the short answer is no. Exactly. Because of, you know what it’s there to do it. It’s absolutely there to give you real time visibility and to interpret that sort of security context to what you’re seeing across the network. But, you know, in order for that to function and in order for that to work, you one need the things feeding. You need the network devices, whatever it might be, the applications, the end points themselves. You need all of those in place to feed that data and you need those to potentially have a useful use case within security. But also you need a process driven approach. So you need to have an understanding of actually what you want to get out of the tool, what, you know, potential attacks. Are you looking to protect yourself against insider threats, malicious actor groups, these sort of things? You need to have that proactive sort of approach to let the tool be the means to the end, to let you respond if an incident occurs.
CHRIS HANNETT [00:20:33] Yeah. And I think that’s absolutely right. Like we said before, I think you need technology to be able to provide you with the visibility to see what is happening, to see if you’ve got a problem, really. And then it’s about what you do with that problem and how do you respond to it. And that is a more sort of a policy and procedure that, you know, that’s kind of how do you actually get the value from that information? And I think the reality is now with the amount of and the volume of data that’s generated by these tools and that we said before, you know, 80 solutions from 40 different vendors and stuff, you know, you can’t see wood for the trees. So it’s kind of how do you make sense of it? And I think the reality is that now more than ever, it’s about the right technology to give you the right visibility to to be able to have the right controls and for the majority of businesses, that the realities of actually doing that is to have security consumed as a service. Really so you kind of almost you’re effectively outsourcing the monitoring of that information and seeing whether the problem to a partner that is geared up to do that full time, not as part of your job as an IT manager or whatever. Which is more often than not an operational, you know, keeping the lights on, keeping the email going.
WILL SPALDING [00:21:56] You know, a lot of time IT managers, they have jobs within jobs. Well, they are looking after teams holiday, sick, whatever. And software development, all that stuff in-house. And then they’ve got this to deal with.
CHRIS HANNETT [00:22:09] But that’s it. And, you know, contacts that I deal with on a regular basis an old customer of mine in financial services that, you know, they would have 70 projects on at any one time. And only a certain percentage of those would relate to security. You know, they might be doing cloud transformation or hyper convergence or whatever it is, I don’t know new storage data, disaster recovery, whatever it is. Security is part of a bigger data protection conversation. And I suppose that’s kind of from a Celerity perspective. That’s where we’re approaching it from it’s you know, we’ve got a very good pedigree in data protection, data management. And then you take that in as security becomes part of that conversation rather than kind of this standalone bubble over here. That’s security on its own. So it’s about the value to the business, you know, the executives in a business and even the IT manager in lot of cases, the nuts and bolts and, you know, nitty gritty bits of security don’t necessarily matter. It’s about the outcome for the business and deriving some value from that. And that’s that’s the important thing.
WILL SPALDING [00:23:12] I mean, Conor I mean, from from your standpoint as well, from IBM, are companies investing in cyber threat detection? More often than not, though, because we covered it slightly earlier on. But is it is it something that they’re going, wow, we’ve really got to we’ve really got to do this? Or are we just seeing a trend? And I suppose it varies from company to company, but.
CONOR CHAMPION [00:23:33] It is a difficult one. I mean, I think it’s the classic of trying to put across the idea of something that might happen. I mean, the reality, though, is that this is happening more and more and the actual threats that are active and out there are becoming more and more advanced themselves. So traditional ways of protecting perimeter controls, firewalls, sort of limiting sort of access these sort of approaches are very difficult, you know, are not appropriate for these advanced persistent threats that exist now. You know, just sort of throws a few statistics in there. The IDC recognize that I think across all industries it’s a it’s about 10 percent, but they’re recommending IT so 10 percent of an IT budget is spent on security. I mean, that’s an average again. And you know that that’s okay. But they’re recommending it should be at 15 percent even now. And that’s going to grow because of this recognition that it that it is getting more of a problem and that is underpinned into everything that’s happening, you know, it not only is it really negative for it to be an afterthought, it just doesn’t work as an afterthought. Because then you’ve got things such as insecure software development, which vulnerabilities will be exposed in gaps in your visibility, gaps in your network that are going to be exploited.
WILL SPALDING [00:24:50] Essentially, what we’re saying is simply doing it as an afterthought kind of doesn’t really work as well.
CHRIS HANNETT [00:24:55] It is the definition of closing the gate after the horse has bolted. There is no point. And unfortunately.
WILL SPALDING [00:25:01] Another great analogy for you there Chris, I love it.
CHRIS HANNETT [00:25:04] You know, I think I but I think it’s important to kind of get it across. I mean, I deal with customers on a daily basis that, you know, new potential customers. It’s part of my remit. And what you find is there’s still even 10 years into working security. There’s still this kind of perception that, well, the hackers won’t want anything we’ve got and we’ve got security controls in place because we’ve got a firewall and we had a pen test a year ago. You know, that is that’s not enough. Simply put, you know, I think there’s still this preconceived idea that because we haven’t had a problem yet, we must be fine. And that’s that’s a dangerous position to be.
WILL SPALDING [00:25:44] Are we seeing a way in the way how cyber criminals are changing out or mixing up their approaches and tactics in attacking organizations?
CONOR CHAMPION [00:25:54] Yes, absolutely. I mean, this comes back to that original kind of key problem of, you know, quickly changing environments. What’s really quite common now and as a subject area in itself is sort of this idea of living off the land. So threat actors and criminals will be using existing processes and vulnerabilities in sort of controls that are in place in order to get a foothold laterally, move along a network. And therefore, you know gain you know escalate privileges and then exfiltrate data. And the really scary thing about that is with you so, you know, sort of filter controls and looking for malware signatures and so on is that these are legitimate things that have to work for the network to operate. And that’s what the cyber cyber criminals are sort of pivoting on. So you need a sort of enriched monitoring of both the internal network as well as what’s going outside to understand those those sort of different vectors of attack. I mean, it’s still really common because of the nature of, you know, addressing risk. And, you know, from a attacker’s perspective, what’s the easiest way of getting in? It’s still massively the majority of attacks take place through a socially engineering vector. So through phishing emails, through, you know, using data exfiltrated from a different breach to kind of build that trust and therefore get people to to hand over information.
WILL SPALDING [00:27:15] You just sort of mentioned it there as well, this sort of internal threat, I suppose, as well. And some of that maybe can come down to education part of it. And stopping it from that, I mean, what do organizations from from both your standpoints, from from both your companies? I mean, what’s your thoughts on what your clients are thinking about these internal threats? Is there is there a seriousness taken about that properly or is it? Is it mainly do people think of it just mainly as outside?
CHRIS HANNETT [00:27:43] Okay. Yes, I understand what you mean. Yes, the tendency is that it’s trying to stop the bad guys getting in. You know, that sort of firewall mentality stuff, which again, is still an important part of the picture is just that picture is getting bigger. So I think, you know, the reality is that there’s a reason why there’s all these data breaches. You know, I think there’s a big piece of the puzzle missing. When I did a Marriott has 500 million email addresses and user credentials stolen, it’s kind of like, oh, no, that’s really bad. And then it stops there. There’s a point to stealing information. One is that it has a tangible value. So on on that sort of dark web or whatever you want to call it, where there’s a marketplace for that data. And each record is a way of generating income for these criminals. And it’s you know, it’s it’s a fairly low risk free way of generating a lot of money. So why would they do it? Well, why would they not do it? But does it again we talked about it before there’s a shift towards the user. And the point being that if you’ve got real credentials, so a username and password data about an individual person that physically works at a business, you’ve got a key to that network, whether that be directly into the network straight away or whether that’s through a third party by, you know, going through a cloud service or whatever that they use. And then you you it’s like a staging. We’ve talked about it before off camera. It’s kind of like, you know, you see on a film where you get you know, you get the the employee to steal the blueprints to the bank vault or whatever. So you can you know that you know what to do and you can start your plan.
WILL SPALDING [00:29:28] The inside job.
CHRIS HANNETT [00:29:29] Exactly. And that’s it. And it’s like, you know, you’ve got to if you’ve got those blueprints or you’ve got an ability to get those blueprints, it’s then as a staging point in what could be a myriad of different things that you want to achieve. So it’s kind of like you see this perception of the bad guys trying to get it is is bright, but it’s also once they’re in what they’re doing and being. And again, that links back to SIEM and the activities on the network.
WILL SPALDING [00:29:58] Anything to add to that as well quickly Conor before we unfortunately, have to to wrap things up shortly. But have you got anything you’d like to add to that as well?
CONOR CHAMPION [00:30:05] Definitely. Yeah. So to bring it back to the insider and you know, detecting that threat is difficult because these insiders, whether it’s accidental or malicious, they’ve got those credentials. They’ve got those rights and privileges to access confidential information in some cases to, you know, transfer funds for the company, et cetera, et cetera. All of those accesses already exist and they need to exist. You know, they need to do their job from a detection and from a cyber security perspective. That’s really difficult because you can’t rely on abnormalities that are obvious, you know. You know, binary matches of signatures and so on. You have to rely on changes in behaviour. So this user never communicates with this external address, you know, and they shouldn’t need to for their day job. Let’s investigate this. But for that whole scenario that I’ve just thrown in a sentence, you need to know what a normal user’s responsibilities are. You need to have real time monitoring of those activities and to actually be able to correlate that to. We know that this is John Smith at this address and he’s a sysadmin. So these are the responsibilities he should be doing. And, you know, when you understand all of those things actually having to be correlated, interpreted and then producing an output, you know, as quickly as possible if something malicious or John Smith has accidentally just sent loads of confidential information by sending the wrong email. It’s you know, it’s is a cliche, but it is then, you know, a ticking clock in terms of as quickly as you can respond. You need to have that detection. And it’s an interesting case because I think, you know, the original question, are people taking this seriously? I mean, this cyber security industry is taking it very seriously because most you know, the statistics out there where 60 percent of data breaches are from the inside, whether it’s malicious or accidental. And then how do you do that? How do you detect that? And it brings you into the sort of advanced capabilities of certain SIEM technologies out there using things like machine learning to, you know, propagate a timeline of a user behaviour and then point out when an abnormality takes place. You know, advanced stuff that cannot be done without real time detection, without data sources feeding that information in and actually interpreting it.
WILL SPALDING [00:32:17] So, you know, incredibly interesting stuff. And like you rightly said there as well, obviously it’s incredibly important to cyber security companies. And I think, you know, the message is getting out there to businesses as well and to end users to, you know, take care and basically think twice. But, gentlemen, unfortunately, we’re going to have to wrap things up now. Anyway, it’s been a pleasure having you on. You’ve been really good, from my perspective, to learn a little bit more. And I think we’ve had a great chat.
CONOR CHAMPION [00:32:45] Thank you for having us.
CHRIS HANNETT [00:32:45] Thanks.
WILL SPALDING [00:32:46] No problem. So, guys, that was Pecurity panel. Join us next time for another episode where we’re going to be discussing all the things we have cyber security. I’d just like to once again thank my guests, Chris Hannett and Conor Champion as well. Gentlemen, once again, thank you very much for joining me. But yeah, join us next time where again, we’ll be discussing more interesting stuff with Celerity. We’ll see you then.