Held in the Assembly Rooms in Edinburgh on 14th March 2024, Quorum Cyber’s second annual Summit brought 90 customers representing 60 organisations from a wide range of sectors together with representatives from our security partner, Microsoft. COO Mark Lawrence compered the day which enabled the cyber security community to discuss how, collectively, everyone can become more resilient to face the growing number of challenges that lie ahead.
Opening the rich agenda of presentations, panel sessions and demonstrations, Quorum Cyber CEO Federico Charosky welcomed participants and stressed that cyber-attacks are now impacting industry, society and people on a personal level. “If we stand together as a group, we can overcome the challenges better. We can adapt, grow and develop today and increase our resilience to the threats and risks we all see.” He encouraged everyone to interact and share views and ideas throughout the day and keep the conversation going afterwards.
Microsoft keynote: Securing Beyond Boundaries
Tosca Maria Colangeli, General Manager of Solutions for Microsoft, emphasised that the threat landscape is “incredibly complicated” today. “It will only get harder and faster every single day. Attackers only need to be right once, we need to be right 100% of the time. We certainly believe that we are stronger and better together.”
She explained that Microsoft’s CEO Satya Nadella has promised to invest $20 billion in cyber security to help protect its 1 million customers across 120 countries. Currently, organisations each have around 50 to 100 different security tools from multiple vendors, which is very difficult for them to manage.
Governments, corporations, and citizens are asking Microsoft to help them with four complex issues:
- To be more secure
- Lower total cost of ownership (TCO)
- Ensure safe and rapid migration
- Show ongoing proof of value.
Tosca highlighted the problem of the huge skills gap. “There are 4 million vacancies in cyber security around the world, so we can’t only use humans to solve our problems. It’s rare for our customers to say they are flush with talent.”
This led her onto Copilot for Security, which will be available from 1st April 2024. Tosca said that it will completely transform how we manage cyber security going forward.
Microsoft Business Manager Elliot Howells gave a live on-stage demonstration to show how Copilot for Security, which uses generative artificial intelligence (GenAI) technology developed by OpenAI, will help analysts investigate incidents quickly. He showed how it will pull through any supporting information from other Microsoft security tools, produce any code required during the process, record how everything is being done, and write reports on all of this for executives and other stakeholders to learn from.
Tosca warned, however, that the latest GenAI tools can impersonate a person with just 3 seconds of audio and 7 seconds of video, and this is something that could cause security issues.
The Missing Cryptoqueen
BBC investigative journalist, author and podcaster Jamie Bartlett was this year’s special guest speaker. In a highly engaging one-hour session, he told the story of the “Missing Cryptoqueen”, Dr Ruja Ignatova, the most wanted cybercriminal in the world. After setting up an extremely convincing Ponzi scheme when cryptocurrency was in its infancy and fooling over a million people to invest in the fictional OneCoin, she had reportedly amassed as much as $4 billion. In October 2017, the Bulgaria-born German flew to Athens and vanished. The FBI has placed her on its Ten Most Wanted Fugitives list, offering a reward of up to $250,000 for information leading to her arrest.
Highly educated, she presented at an event organised by The Economist magazine, spoke to investors at Wembley Arena and used a paid-for feature in an edition of the Bulgarian Forbes magazine to trick as many people as possible to part with their money. But it was all a huge, well-orchestrated, elaborate lie.
“There was no cryptocurrency, no coin, everything about her was fake”, said Jamie. “She realised that when technology is complicated, people trust other people. The whole of OneCoin was effectively a psychological attack. It targeted people’s fear of missing out, their FOMO. Investors had an irrational fear of missing out on OneCoin.”
Jamie shared his research into the dark web, illegal drug sales and stolen data. “The criminals are very creative and inventive”, he explained. “The dark net marketplace is very good at connecting people, whether you want to buy data or a new ransomware tool. And it’s becoming increasingly specialised too.”
He believes that criminals are quite lazy and are constantly looking for ways to automate processes and make things easier for themselves. Jamie, who has read Quorum Cyber’s Threat Intelligence Outlook 2024 report, also stressed that the FBI and National Cyber Security Centre (NCSC) are worried about how cybercriminals will use AI to exploit people’s cognitive weaknesses.
He advised organisations to focus on human resilience as well as tech security, adding, “Criminals study psychology and they are brilliant storytellers. They are using deepfake scams to target ordinary citizens. All it takes with these online scams is one moment of weakness for them to work.
“Any company that doesn’t take cyber security as seriously as ordinary people is going to be in trouble. But if we can combine machines with human intelligence to stop cybercrime then we really are getting somewhere.”
