CyberIsle 2019 and what I learnt!

By Thomas Clague, Trainee Developer on 31st October 2019

CyberIsle was the first event on the Isle of Man which was organised by the Office of Cyber Security & Information Assurance. The event brought together around 700 people from across the Island and included a 10-strong team from PDMS. The event was focused on the evolution of cyber threats and how people and businesses can help keep the Isle of Man safe.

The event was opened by Dr. Alex Allinson MHK, who has responsibility for Home Affairs and the Cabinet Office. Following this, I attended various talks throughout the day including a talk by Andrew Fitzmaurice, CEO of Templar Executives, where he demonstrated the changing cyber threat landscape, the developments in cyberspace and the potential threats for the Isle of Man.

Afterwards, we were introduced to the ‘Anatomy of a business email compromise, Threat Hunting & Trends’ by David Stubley, CEO of 7 Elements, A British IT security testing company. In the session, he detailed the steps on how a malicious actor was able to compromise an entire business’s email using a common phishing technique which resulted in a $900,000 loss for the organisation. Something which we all need to be aware of!

Following the lunch, I attended a talk by the National Cyber Security Centre (NCSC), a part of GCHQ, where they exhibited their ‘Cyber Security Toolkit for Boards’, a collection of resources designed to encourage essential cybersecurity discussions between boards and their technical experts. Board members of an organisation are not all expected to be technical experts, which is why I find this toolkit to be extremely useful as it provides all the necessary information and questions that need to be asked and discussed as a starting point to planning out your cybersecurity strategy, identifying vulnerabilities and mitigating the risks as a team.

Then, NCSC demonstrated their ‘Exercise in a Box’, an online tool that helps organisations find out how resilient they are to cyber-attacks and practice their response in a safe environment. The exercise which intrigued me the most was the practical challenge where a rogue .html file which transmits rogue network requests, is positioned in a random location within your organisations network. It is down to your technical team to put together a strategy, identify the risk and rectify the situation, while the team leader updates your progress on the website as you continue. Once the exercise is complete, you a presented with an in-depth analytical report which highlights your strong areas, but more importantly, areas that need improvement.

Overall, I found CyberIsle a great event to attend and I learnt a lot about the world of cyber threats. As a developer at PDMS, security is something that is extremely important, it needs to be at the forefront of our minds to fully protect data, sensitive information and digital systems from outsiders. Security needs to be baked into the design of a system or application from day one and supported from the ground up. That includes data storage and transfer, encryption, authentication and much more.