Navigating the Future of Cyber Security Together

Held in the Assembly Rooms in Edinburgh on 14th March 2024, Quorum Cyber’s second annual Summit brought 90 customers representing 60 organisations from a wide range of sectors together with representatives from our security partner, Microsoft. COO Mark Lawrence compered the day which enabled the cyber security community to discuss how, collectively, everyone can become more resilient to face the growing number of challenges that lie ahead.   

Opening the rich agenda of presentations, panel sessions and demonstrations, Quorum Cyber CEO Federico Charosky welcomed participants and stressed that cyber-attacks are now impacting industry, society and people on a personal level. “If we stand together as a group, we can overcome the challenges better. We can adapt, grow and develop today and increase our resilience to the threats and risks we all see.” He encouraged everyone to interact and share views and ideas throughout the day and keep the conversation going afterwards.   

Microsoft keynote: Securing Beyond Boundaries 

Tosca Maria Colangeli, General Manager of Solutions for Microsoft, emphasised that the threat landscape is “incredibly complicated” today. “It will only get harder and faster every single day. Attackers only need to be right once, we need to be right 100% of the time. We certainly believe that we are stronger and better together.” 

She explained that Microsoft’s CEO Satya Nadella has promised to invest $20 billion in cyber security to help protect its 1 million customers across 120 countries. Currently, organisations each have around 50 to 100 different security tools from multiple vendors, which is very difficult for them to manage.  

Governments, corporations, and citizens are asking Microsoft to help them with four complex issues: 

1. To be more secure 
2. Lower total cost of ownership (TCO) 
3. Ensure safe and rapid migration 
4. Show ongoing proof of value. 

Tosca highlighted the problem of the huge skills gap. “There are 4 million vacancies in cyber security around the world, so we can’t only use humans to solve our problems. It’s rare for our customers to say they are flush with talent.”   

This led her onto Copilot for Security, which will be available from 1st April 2024. Tosca said that it will completely transform how we manage cyber security going forward.   

Microsoft Business Manager Elliot Howells gave a live on-stage demonstration to show how Copilot for Security, which uses generative artificial intelligence (GenAI) technology developed by OpenAI, will help analysts investigate incidents quickly. He showed how it will pull through any supporting information from other Microsoft security tools, produce any code required during the process, record how everything is being done, and write reports on all of this for executives and other stakeholders to learn from. 

Tosca warned, however, that the latest GenAI tools can impersonate a person with just 3 seconds of audio and 7 seconds of video, and this is something that could cause security issues. 

The Missing Cryptoqueen 

BBC investigative journalist, author and podcaster Jamie Bartlett was this year’s special guest speaker. In a highly engaging one-hour session, he told the story of the “Missing Cryptoqueen”, Dr Ruja Ignatova, the most wanted cybercriminal in the world. After setting up an extremely convincing Ponzi scheme when cryptocurrency was in its infancy and fooling over a million people to invest in the fictional OneCoin, she had reportedly amassed as much as $4 billion. In October 2017, the Bulgaria-born German flew to Athens and vanished. The FBI has placed her on its Ten Most Wanted Fugitives list, offering a reward of up to $250,000 for information leading to her arrest.  

Highly educated, she presented at an event organised by The Economist magazine, spoke to investors at Wembley Arena and used a paid-for feature in an edition of the Bulgarian Forbes magazine to trick as many people as possible to part with their money. But it was all a huge, well-orchestrated, elaborate lie. 

“There was no cryptocurrency, no coin, everything about her was fake”, said Jamie. “She realised that when technology is complicated, people trust other people. The whole of OneCoin was effectively a psychological attack. It targeted people’s fear of missing out, their FOMO. Investors had an irrational fear of missing out on OneCoin.” 

Jamie shared his research into the dark web, illegal drug sales and stolen data. “The criminals are very creative and inventive”, he explained. “The dark net marketplace is very good at connecting people, whether you want to buy data or a new ransomware tool. And it’s becoming increasingly specialised too.” 

He believes that criminals are quite lazy and are constantly looking for ways to automate processes and make things easier for themselves. Jamie, who has read Quorum Cyber’s Threat Intelligence Outlook 2024 report, also stressed that the FBI and National Cyber Security Centre (NCSC) are worried about how cybercriminals will use AI to exploit people’s cognitive weaknesses.  

He advised organisations to focus on human resilience as well as tech security, adding, “Criminals study psychology and they are brilliant storytellers. They are using deepfake scams to target ordinary citizens. All it takes with these online scams is one moment of weakness for them to work. 

“Any company that doesn’t take cyber security as seriously as ordinary people is going to be in trouble. But if we can combine machines with human intelligence to stop cybercrime then we really are getting somewhere.” 

How Copilot for Security Empowers Defence Strategies  

Leon Butler, Quorum Cyber’s Head of Compliance, presentation outlined how Copilot for Security would enable our security teams to outpace adversaries, enrich our expertise and defend customers at machine speed and scale.  

At a time when everyone is seeing a greater frequency of cyber-attacks, he said, “We need to empower our analysts to give more contextual insights and to review faster than they would be able to otherwise. Copilot still needs a human to drive it, but it will empower analysts to investigate more complex challenges. It will make everything more accessible and summarise investigations to specific audiences. In short, Copilot for Security is a force multiplier for Quorum Cyber, it will enable us to do more with what we already have.” 

Matt Isbell, Senior Security Technical Specialist at Microsoft joined Leon on stage and gave a demonstration of the tool’s powerful capabilities. He showed how it flags potential malicious activity quicker than a person and how it provides a summary of each incident so that the analyst can decide exactly what to do next. The analyst can ask it to pull information from Microsoft Defender Threat Intelligence, Microsoft Entra and other security tools, and request Copilot to write code – all to “lower the barrier to entry” for an analyst to achieve more. Copilot will also write reports for non-technical executives and for other analysts to take over the investigation, if needed.    

Threat landscape — a review of 2023 and what to expect in 2024  

In the afternoon, James Allman-Talbot, Quorum Cyber’s Head of Incident Response and Threat Intelligence, introduced the Threat Intelligence Outlook 2024 report, which paints a rich picture of the threat landscape for 2024 and highlights the year’s global events that could be targeted by criminals.  

“The report is our view of what the threat landscape looks like, what the threat actors are doing, how they are doing it, and, most importantly, what you can do about it. We fight bullies together and we can only do that if we share information.” 

Quorum Cyber’s Senior Threat Intelligence Consultant Jack Alexander outlined the key messages from the report, including the threats of brand impersonation, deepfake exploitation and social engineering to influence the outcome of elections. “Three-quarters of democratic nations are holding elections this year.”   

Jack ran through the main threats and targets of the ‘Big Four’ nation states, Russia, China, Iran and North Korea, explaining their “overarching threat characteristics”. On screen, he showed the 2024 threat timeline which includes the NATO Summit in July when “support packages for Ukraine and Israel will be decided” and the Olympic Games in Paris in July-August.   

“We’ve seen a massive spike in hacking since the invasion of Ukraine and this year we can expect significant influence operation campaigns to spread misinformation.” 

James concluded, “Be aware of the timeline of events and where your organisation fits into the threat landscape.”  

Navigating the Future: A Discussion on the 2024 Threat Intelligence Outlook and Beyond  

Hosted by James Allman-Talbot, Quorum Cyber’s Strategic Advisory Board members discussed what could unfold in the immediate future and further ahead. Bob Hayes, who has spent ten years as a Senior Fellow of the Microsoft Institute for Advanced Technology in Governments, Lesley Kipling, Chief Cybersecurity Advisor at Microsoft EMEA, and David Aucsmith, a former naval officer and scientist in the US intelligence community, covered a wide range of topics. They shared their thoughts on how organisations should balance getting the fundamentals of cyber security right against trying to prepare for potential threats from AI-empowered cybercriminals, how to distinguish genuine information and content from fake, and how to get the most from Copilot for Security.    

Closing remarks 

In summary, Federico reminded the audience that the Summit is just one part of the company’s community engagement. “If we continue to engage in dialogue, trust one another and share lessons learnt then we can all build resilience.”  

He asked the audience to “Challenge Quorum Cyber and give us feedback so that we can add as much value to your organisation as we can.”     

Demonstrations on the day  

Attendees were invited to engage in discussions with our knowledgeable experts on five key topics throughout the day.  

Clarity  

Quorum Cyber’s Ronald Gray, Senior Product Manager, talked about all things Clarity, Quorum Cyber’s purpose-built customer platform, answered any questions and welcomed feedback. He delivered live demos of Clarity and shared a tour of the exciting roadmap of new features that customers can look forward to in the near future.  

“Our Clarity demo stand was buzzing! It was amazing to showcase how Clarity is evolving, and the positive reactions have been inspiring. Hearing our customers’ feedback drives us to exceed their expectations,” said Ronald. 

Managed XDR 

The Managed Extended Detection and Response (M-XDR) stand showed how, combined, M-XDR and Managed Detection and Response (MDR) deliver truly holistic security. Our M-XDR service manages the Microsoft Defender suite for organisations, ensuring it is always optimised for their business operations and security needs. Maximillian Skinner and Stan Dimitrov explained how we’ve driven a more resilient security posture for our customers, ensuring they can focus where it matters.  

“We had lots of interest from customers who were keen to learn more about the many benefits of our XDR service and how we can help them minimise the risks of ever-evolving threats,” said Maximillian. 

Advisory Services  

Quorum Cyber provides a comprehensive set of technical, strategic and business-related security advisory to manage our customers’ cyber risks, enhance their cyber resilience, and achieve their business objectives. 

Scott Burman, Head of Advisory, and Karl Innes, Head of Presales, and shared advice on how we can work closely with organisations of any size in any sector to improve their cyber security by providing insights into unique and value-driven services and products. 

“It was great to meet so many of our customers and discuss the importance of having trusted advisers shaping clear security leadership with Quorum Cyber,” said Karl. 

Data Security  

Our experts shared the latest data security insights throughout the day. Leon Butler, Head of Compliance, and Matthew Newington, Principal Data Security Consultant, discussed the data journey that organisations need to go on to maintain full control of their data, from where it’s stored, to how it’s stored and where it’s sent, and how it’s used. This session explored the importance of data security strategies, best practices in data security, and the regulatory compliance that is needed to protect data. Leon and Matthew addressed the challenges and advantages posed by new technologies in a hybrid world. 

“Our customers were very engaging on our demo stand and they were keen to find out how we can provide them with world-class data security – it’s clearly an increasingly important topic,” said Matthew. 

Threat Intelligence 

Our Threat Intelligence experts explained how enriched intelligence can help organisations in the fight against the growing list of cyber threats. James Allman-Talbot, Head of Threat Intelligence and Incident Response, and Jack Alexander, Senior Threat Intelligence Consultant, were in attendance to answer participants’ questions and discuss the Threat Intelligence Outlook 2024 report.

“Presenting the 2024 threat landscape to our customers was a great privilege. It was really encouraging to see how receptive our customers are to the ever-changing dangers impacting the cyber domain,” said Jack.