Taking place on March 12 and 13 at Park Plaza, Riverbank, London, PrivSec & GRC Connect London provides a platform for organisations to address the cumulative nature of risk.

PrivSec & GRC Connect London’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Lesley Holmes is DPO at MHR Global, and will be attending PrivSec & GRC Connect London to talk about how ransomware “tabletop” exercises can help organisations to mitigate cyberattack risk.

Below, Lesley answers questions on her professional journey and introduces the key issues.

 

Could you outline your career pathway to date?

I started my career in the late 70s, early 80s, working in local authority revenues and benefits. It was an interesting time because we had just picked up from the 1984 Data Protection Act, which meant that we had to be extra careful with personal data. In my role, I was dealing with personal data all the time, whether it was someone’s income details or just their name and address.

I continued to work in revenues and benefits for quite a long time, but eventually, I moved into management consultancy, still mainly in the public sector. I was still dealing with personal data, but I also started to look at document process automation – document management systems and implementing them.

As I progressed, I moved into information management and governance, learning how to manage data effectively. And then I found my way into data protection. I became particularly interested in privacy and how it relates to data protection.

For the last ten years, I have been working purely in data protection, and I must say that everything I’ve done in the past has helped me to support what I do now. Data protection is not just about privacy; it’s much more than that. I find it fascinating, and I am grateful for the opportunity to work in this field. It has been a long and varied career journey.

What mistakes are businesses continuing to make regarding their security posture, and in terms of preparedness in the event of a security incident?

When it comes to the security posture of businesses, the size of the business matters a lot. Smaller businesses, unfortunately, often underestimate the importance of robust security measures. Many think, “That won’t happen to me,” but in reality, they’re just as much at risk as larger corporations. Moreover, it’s not just about protecting themselves but also their supply chains – cybercriminals can target smaller companies to gain access to larger ones.

One common mistake is the failure to implement failover systems. Failover is the ability to seamlessly switch operations from one set of servers to another in the event of an attack, such as a ransomware incident. However, many businesses fail to practice this regularly, so when an actual incident occurs, they’re not prepared enough to follow plans through. The importance of failover cannot be overstated, as it’s one of the most effective ways to prevent ransomware from crippling a network.

Another issue is the lack of multi-factor authentication (MFA). MFA is no longer considered bleeding-edge technology; it’s a standard practice for good reason. It adds an extra layer of security beyond just a password, making it significantly harder for unauthorised users to gain access. It’s akin to the security measures we’ve come to expect in other aspects of our lives, like fingerprint or facial recognition for banking.

Preparedness is another area where many businesses fall short. They don’t have a concrete plan in place for when an incident does occur. This lack of preparedness can lead to confusion and panic, delaying the response and potentially exacerbating the impact of the incident. Having a playbook—a documented plan outlining the steps to take in the event of a security breach—can make all the difference. It answers critical questions like who to contact, what actions to take, and when and how to inform affected parties.

The reality is that cybersecurity is a continuous battle. Threats are constantly evolving, and businesses must adapt their defences accordingly. This means staying informed about the latest threats and best practices, as well as regularly updating and testing security measures. It’s also crucial to foster a culture of security awareness among employees, as human error remains one of the most significant vulnerabilities in any organisation.

How are organisations responding to AI’s presence on the ransomware landscape?

AI has become a double-edged sword in the hands of cybercriminals, enabling them to launch more sophisticated and realistic phishing attacks. For instance, AI can mimic human voices with startling accuracy, enabling scammers to impersonate high-ranking company officials and coax employees into transferring funds or disclosing sensitive information.

This new breed of AI-driven attacks poses significant challenges, and businesses must adapt their defences to counteract the growing sophistication of cybercriminal tactics. On the defensive front, AI is also being harnessed to fortify cyber defences, particularly in monitoring and detecting anomalous behaviour on networks and identifying potential threats, such as ransomware, before they can wreak havoc.

However, as organisations work to strengthen their defences, cybercriminals are also leveraging AI to refine their attacks. This creates a dynamic where both sides continually adapt and innovate, in a “race to knowledge.”

Ultimately, the human element remains critical in navigating this arms race. Regardless of the tech advancements, it’s people who must interpret and act upon the information provided by AI-driven systems. Hence, user education, awareness, and vigilance are paramount in safeguarding against AI-driven cyber threats. In essence, the battle against AI-powered ransomware is as much about understanding human psychology as it is about deploying cutting-edge technology.

What are “tabletop exercises”, and how can they help organisations to prepare for and respond to cyberattacks?

Tabletop exercises are essentially practice runs for real-life cyber incidents. They allow organisations to simulate various scenarios, such as a ransomware attack, and test their response plans and procedures. By going through these exercises, organisations can identify any gaps in their response plans, update them accordingly, and ensure that everyone involved knows what to do if a real incident occurs.

During a tabletop exercise, participants typically play different roles, such as the incident response team, IT team, legal team, and communications team. They are presented with a hypothetical scenario, such as a ransomware attack, and are asked to respond as they would in a real-life situation. This allows companies to test their communication and coordination, as well as their technical capabilities, in a controlled environment.

One of the key benefits of tabletop exercises is that they allow teams to see weaknesses in their response plans and procedures. For example, they may discover that certain team members are unclear about their roles and responsibilities, or that there are gaps in their technical capabilities. By identifying these weaknesses during a tabletop exercise, organisations can take steps to address them before a real incident occurs.