LORCA digs deeper to understand industry’s need for cybersecurity incident management
The mission of the London Office for Rapid Cybersecurity Advancement (LORCA) is to scale the most promising companies that can help ensure the UK is the safest place to be online, writes Lydia Ragoonanan
LORCA is a UK Department for Digital, Culture, Media & Sport funded programme and will support 72 companies over the coming years, growing up to 2,000 jobs and attracting £40 million of investment to the sector.
It convenes industry partners to understand where their true pain points are before running open calls to select the most promising companies with scalable solutions that can address these challenges.
LORCA recently sought input from industry partners to inform the challenges that its third cohort will focus on. Unsurprisingly, incident management and scenario planning to prepare and respond to cybersecurity crises were among the top challenges.
Here’s an overview of the top themes that have emerged:
Know your domain
Detecting and understanding the range of incidents that could occur is an ever-changing task. Not only is the nature of attacks evolving, but as more devices get connected we’re also seeing a plethora of products that could be the cause or subject of an incident.
Being able to identify and detect threats in real time can help isolate and manage incidents. LORCA is working with a number of companies that play a strong role in the threat knowledge landscape:
Xanadata’s analytics hardware and machine learning algorithms help organisations hunt for threats in real time in a matter of minutes.
RazorSecure’s anomaly detection for the transport industry can actively detect, report and protect a system from attacks whether the mode of transport is connected or not.
Ampliphae’s cloud and SaaS application solution allows enterprises to control businesses’ continuity risks and take appropriate actions.
CyNation provides an integrated risk management solution to allow enterprises and SMEs to have real-time visibility of their cybersecurity risk exposure.
Industry partners tell LORCA that there’s a strong desire for products and services that serve as a go-bag in the event of a major cyber crisis, which contains everything you need in one place that can be accessed anywhere. In the cybersecurity world, this would allow enterprises to have secure and quarantined access to enable vital business operations to continue.
Encryption products are starting to provide part of the answer.For example, LORCA cohort member Distributed Management Systems has technology that enables customers to own and control the identity verification of their users when they attempt access to IT resources.
Other solutions and opportunities draw threats away from valuable assets. One example of this is provided by LORCA cohort company, Aves Netsec, which reduces exploit opportunities for attackers through vulnerability containment, detection and prioritisation.
Plan, test, repeat
Any decent incident management plan should include a routine process to test the robustness of the plan in real time. A routine part of natural disaster management involves these sorts of drills and we’re seeing approaches to simulate and test these plans become more robust and akin to real-life scenarios.
LORCA has heard from many players, from state-level actors to large enterprises and beyond, who want to ensure their preparedness is shored up. Knowing defences are working is key, and we see some of our LORCA members supporting these large enterprises and participating in cross-sector planning. For example, CyberOwl supports critical infrastructure providers to identify whether their controls are working, and whether they’re effective in reducing the cyber risk.
Scenario planning is a key element of this, and LORCA is a fan of approaches such as the Centre for Security Information Technology’s (CSIT) state-of-the-art Cyber Range, which is a virtual environment that’s used for cyber defence training and cyber technology development.
Managing intelligence sharing
Industry experts, particularly those from the financial services sector, tell LORCA that secure mechanisms to enable communication for executives to continue is important, as is having continued oversight of these communications for regulated industries. For example, the LORCA Innovation Forum discussed the opportunity for an extension to WhatsApp that would enable CFOs to respond to Freedom of Information requests.
This approach goes a step beyond the existing strong methods for information sharing. The UK’s National Cyber Security Centre’s Cyber Intelligence Sharing Platform played a key role in helping the right information get to the right people during the WannaCry crisis. The platform, powered by LORCA member Surevine, allows users to indicate how far to share the information (and with whom) using a traffic light system.
Just like with natural disasters, cyber attacks can impact anyone. Awareness of how to prepare and respond to crises are not limited to IT teams. Severe cyber-attacks such as NotPetya and WannaCry have provided a similar wakeup call to business, and GDPR legislation has reinforced the need for all staff to be aware of the risks and responses in managing personal data.
Industry tells LORCA that user awareness is more important than ever. This’s why many of its second cohort members are focussed on improving awareness and responsiveness of staff. For example:
Think Cyber Security empowers its customers’ users to protect themselves from cyber threats. Its RedFlags software product draws on behavioural science to deliver context-sensitive, just-in-time guidance.
Aquilai stops targeted phishing attacks and alerts employees before they mistakenly act on deceptive emails.
Bob’s Business delivers award-winning cybersecurity awareness training and simulated phishing campaigns. By focusing on the human side of cybersecurity and understanding how people behave, it can help make employees an asset rather than the weakest link.
OutThink’s award-winning, web-based software and training identifies and reduces risky workforce behaviours while building a risk-aware culture.
CyberSmart provides an intelligent platform for SMBs at risk of a breach. It implements and maintains recognised security standards with the click of a button via a real-time, cloud-based smart platform that allows companies to check, fix, certify and protect their organisation within days instead of months.
What strikes me about the gearing up of the resilience of organisations to prepare and respond to threats is the importance of working within and across sectors, adapting well-practised approaches from other areas and stimulating new ideas through innovation. Crises are being turned into an opportunity for collaboration, learning and new ideas.
For more information on LORCA, click here