e-Crime 2019 – what did we learn?

18th March 2019


Simon Whitburn
Senior Vice President Cyber Security Services

The 17th annual e-Crime & Cybersecurity Congress took place over 5th & 6th March 2019 in London. Nominet took a stand and hosted a very well-attended talk on how domain name system (DNS) analytics can protect businesses while also extracting value from a network layer that’s present by default in all organisations.

The attendees are high-level, well-informed cyber security practitioners so there’s little need to raise awareness on current threats. Instead the Congress is valued for information sharing and education on a deep level, about the challenges facing CISOs and other security professionals from a technical, practical and management perspective.

With that in mind, here are the key things we learned from the event.

1. ROI is becoming more and more important

With damaging cyber security events hitting the news on a daily basis, few organisations, public or private, are unaware of cyber security at board level. One of the key challenges now faced by CISOs is justifying expenditure on protective measures in a way that (perhaps less technical) board members can understand.

The problem with current ways of calculating ROI for technology investments is that they are all about proving time/money saved or business opportunities enabled. Comparing the return on a cyber security investment against those metrics is a no-win situation – you can only estimate time/money saved by preventing potential losses. As Martin Sivorn, Head of Cyber Security at the Government Digital Service pointed out in his talk, accurate asset value assessment is critical to making ROI decisions.

Different approaches to ROI positioning for cyber security investments are emerging; a trend we’ll be reporting on soon.

2. Cyber security products and services can add value

A more positive way to assess ROI is to look at the value cyber security initiatives can deliver. This helps counter the problem with traditional ROI methods, in that you can only estimate potential savings.

Instead organisations need to look at where cyber security investments can add value. By reducing noise in the network Nominet’s NTX, for example, can help networks run more efficiently, allow complementary cyber security technology to be more effective and save staff time – both in security teams and across the wider organisation.

The quantitative and qualitative metrics provided by such a tool can be used to measure the performance of cyber security investments post-installation.

3. Cyber risk management requires greater effort

It’s crucial to assess and rank the risks organisations face from cyber threats. This feeds directly into the ROI piece above, as does accurate asset analysis and valuation. This ensures businesses aren’t paying more in cyber protection than the cost of recovering assets and reputation after breaches.

Pete Shorney, Global Head of Information Security for Rentokil, spoke in detail about the importance of ranking risks on likelihood (from highly unlikely to certain) and effect (negligible to catastrophic). Realistic assessment management and ranking helps organisations recover from cyber threats as well as prevent them in the first place

4. The voice of the CISO

Underpinning the three points above is a less tangible point – CISOs are having to work hard to be heard at board level, whether they have a regular seat there or not. Getting the right level of board engagement is critical but there is stress and strain all around. Nominet’s recent report on the pressures facing CISO’s identified that 17% rely on drugs and alcohol. Over a third believe they would be sacked or given an official warning if their organisation suffered a significant security breach.

In our CISO survey we asked: “How much expertise would you say your board members and executive management have about truly understanding the nuances and implications of cyber security issues?”. Over 30% answered “None” and more than 45% said “Some”.

Being heard is critical.

5. Cryptocurrency is a cyber-threat enabler

Those in the cyber security industry are well aware of the thriving cyber economy, a black market where criminals can rent ‘malware-as-a-service’, that often even comes with customer support. This is allowing ordinary criminals, not just sophisticated computing geniuses, to launch all sorts of cyber attacks.

But the role that cryptocurrency plays has perhaps been underplayed. Without it, criminal hackers would likely be working alone, or being paid in currency that can be traced. Charl van der Walt, Chief Security Strategy Officer at SecureData spoke about cryptocurrency increasing the incentive to hack for money.

Simple, confidential payment, easy to obtain hacking tools and the exceptionally low risk of capture by enforcement agencies are all combining to make hacking for gain increasingly attractive to ordinary criminals.

6. Cyber resilience is fast becoming a key selling point

There was lots of talk around the conference about sales staff being questioned in B2B environments about their organisations’ cyber resilience. This is related to the previous point about seeing the value added by security products and services, as well as protection.

Organisations can use the strength of their cyber posture to sell themselves to potential clients or partners. On the other hand, how well would your business stand up to being questioned?

7. Is AI a double-edged sword?

Artificial intelligence (AI) and machine learning (ML) were also big topics, with many senior security professionals hoping that they would help relieve the shortage of trained security staff. If AI and ML take the heavy lifting, security analysts can work on real, high risk, threats rather than spending time on false positives, duplicate alerts from disparate systems and other time-sappers.

AI and ML systems are less corruptible than humans, which should help with the increasingly damaging insider threat, but do they present yet another attack vector? And beware – the criminals are at it too, using new technologies to bypass protective measures and make their stealth programs look more like ordinary activity, to evade detection.

8. Capability – time to detection and time to remediation

On a technical point there was much discussion on two related elements of detection: reducing the number of false positives and shortening the period (‘dwell time’) between threats appearing and being detected and blocked.

Nominet’s NTX platform does exactly that. Recent analysis has proved that NTX identifies previously unknown malicious domains 10 days earlier than other intelligence solutions, and on average identifies phishing domains 7 days earlier.

Protecting your organisation

Nominet’s NTX service takes advantage of a network layer that’s present in all organisations, regardless of the number and type of endpoints – DNS. It complements and reinforces other cyber defence products like firewalls, SIEMs and end-points, to protect your business and add value.

Contact us to find out more about NTX or, to see the report we’ve referenced in this article, click on the download button below.

Life Inside the Perimeter: Understanding the Modern CISO

Download Here
CISO report