Guernsey SASIG event highlights

Latest ransomware tactics, hybrid Clouds and more discussed at Guernsey security forum

After a three-year hiatus, Guernsey’s Security Awareness Special Interest Group’s (SASIG) forum returned in February this year and faced up to a very different global landscape than that of 2019. Iain Davidson, Head of Enterprise Products at Sure Business, was in attendance and shares his insights on an important event.

A lot has changed in the three years since the last SASIG forum: we’ve faced up to a global pandemic, geopolitics has become a much more sensitive area, regulation has evolved and, of course, cyber threats continue to adapt and morph in cyber criminals’ endless pursuit of profiting off of businesses’ data.

The forum was split into sessions, and we first heard from Director of Mourant Consulting Sally Rochester, who spoke about risk and keeping up with regulators. The UK is continually updating its regulatory framework, to include the dynamic landscape of cybersecurity. Although many of the jurisdictions represented at the forum share the same core framework, it was interesting to note the different focus and tone in each jurisdiction -Guernsey’s focus on fighting financial crime was particularly noteworthy.

The audience was asked to consider ‘how secure is your data?’ In the past protection and prevention have been adequate to provide you with peace of mind your data is safe, but now ransomware is evolving. Once your data is compromised, how do you detect and recover? Bradley Bosher, Senior Systems Engineer at data protection platform, Varonis, briefed the forum on threat intelligence, the way cyber criminals use ransomware and how this is rapidly changing.

We’ve seen a drastic shift in just five years from data extraction, which is when cyber criminals would try and steal your data and ransom it back to you, to hidden changes made internally to your data, which is when they access your systems, make numerous changes to your data, and then ransom that information back to you so that you can correct the changes. This can pose a huge risk to corporate firms, forcing them to use extra manpower to track and rectify these changes.

Sure’s Guernsey Chief Executive Justin Bellinger facilitated a panel discussing the issues facing supply chains today. The panel concluded that a trustworthy supply chain is key to providing your customers with the tech they need, and fast. Today, we are seeing wait times of up to six months for everything from laptops to chipsets. Instead of seeking alternative suppliers, we’re increasingly seeing businesses work with their own supply chains to mitigate this risk and work with them to resolve the issues they’re facing.

Discussions on Cloud have moved on from ‘to Cloud or not to Cloud’ to ‘which type of Cloud do we need?’ and ‘how much data should we put in the cloud?’ Tarquin Folliss OBE, Vice Chairman of SASIG, led a panel that explored the shift from companies at first rushing to store the entirety of their data in the cloud, to what concerns remain around regulations, security, and the safety of data stored. With this in mind, most companies are likely to choose a hybrid model. One thing is key, you’ll need to choose a provider whose knowledge stretches across all the clouds.

With more than 80 guests attending the forum, from cyber tech enthusiasts to CEOs of large enterprises, everyone seemed to welcome the SASIG forum back into the local calendar. The world in 2023 needs to consider security in all its guises, and the more intelligent conversations we can have about protection, the better.