Unpacking State Responses to Cyber Security Challenges

Cyber Security is a growing concern for the majority of organisations. On Episode 15 of The Cyber Security Matters Podcast we were joined by Adam Gwinnett, the CTO & CISO of Nine23. With a legal background, he’s experienced in managing stakeholders in the heavily regulated state sector, with 10 years of experience at the Department for Constitutional Affairs, the UK Ministry of Justice, and the Metropolitan Police. Adam joined us to talk about how cyber security impacts state systems, from the challenges facing the police to the government’s response to major incidents. 

What challenges are the police facing from the increase of cyber crime?

I think because of the global pandemic, when people were locked at home with their computers, cyber crimes and quantum growth crime grew dramatically. That raises some really interesting challenges generally, because cyber crime is often transnational. The person committing offences against you is very unlikely to live in your jurisdiction, so even if you do report it, investigation can be very frustrating. As a result, under-reporting is rife. One of the fundamental challenges you have from a law enforcement point of view is that you don’t actually know how much it’s occurring or how impactful it is, because people are quite embarrassed to admit when they’ve had issues with it. They’re often worried about being scrutinised, and worry that people will be critical of their responses to it or how they handled it. People end up suppressing certain information which otherwise could be very interesting and beneficial, not only to the investigation process, but actually to their peer group who might have suspiciously similar looking things in their environment. 

From the law enforcement point of view, I was keen to couple cyber security with the cybercrime division. One of the things that we focused on was ‘How can I take my investigation of a cyber incident, and turn that into a potential initial bundle for the investigating officer to take forward? How can I give the best evidence? How can I provide you with the best material?’ I didn’t have the mandate to do the investigation and proceed because I was civilian styled, but I could take the information from my logs in the digital forensics team and give them the best chance of bringing the offender to justice. I used to talk about it at conferences, where people would just say ‘That’s not our jurisdiction. We haven’t really thought about how we could give them a leg-up or considered how we could best enable them.’ How many SOC analysts can say they’ve actually put a cyber criminal in prison? Several lawyers could say that I contributed to making sure that that offender actually went to prison, and that’s the ultimate closure for me. 

How do cyber security decisions get made within big government departments? 

Some of it’s quite straightforward. Effectively, most decisions that impact the risk appetite, risk acceptance, or risk tolerance will go to a named individual on their board of advisors. They will then review it, look at the balanced risk case like ‘Why are we doing this? What are we hoping to gain through it? What are the potential mitigations we can put in place? Are they proportionate? What is the net impact on our risk position? Does that take us outside of tolerance?’ That makes it quite straightforward. It’s an interesting one, because those people are fundamentally dependent on the advice they’re given. The people asking them to make decisions, accept the risk or present the view will seldom be impacted when the risk emerges. They’re incredibly challenging positions for people in the regulated and public sectors. 

What are the challenges facing cyber security leaders in the sector?

One of the things that can be really challenging is that it can be really hard for those people to understand the net effect of the things they’ve agreed to. So I’ve spoken to CROs from other organisations that said, ‘I’ve had like 40 risk acceptances presented to me this year.’ It’ll happen every couple of weeks where I’m asked “Can we accept this risk?” I don’t know if I can reliably tell them what the net impact on our overall risk is, or the cumulative effect of all of those things that we’ve agreed to.’ In large, complex enterprises, can you understand all the systems, processes and risks that are undertaken? Because the people who own those systems, processes and fundamental aspects of the business will be separate from the people doing the risk acceptance. They don’t always have the mandate to go in and correct all of the issues. They won’t normally have a budget or available resources to do it. If they don’t, it just becomes one of 100 other competing priorities that organisation has to deal with.

In the event of a major security incident, what does the internal decision making process within a big government department look like?

It’s very dynamic. You’ll normally find war rooms and incident response teams almost immediately. Most large organisations have very mature, robust and practised responses, because it’s never quiet. Even when I worked at the Met, I was talking to people from banks, insurance companies and financial services who were a big target, and they had a 10th of the attempted attacks that I did in a week. Our response and investigation processes are incredibly well drilled, because somebody’s always trying something. One of the biggest challenges is that your teams end up being in high alert and response mode all of the time. That level of anxiety, stress and mental overload is not useful for people. It leads to poor decision making. What you will find is that a lot of organisations start putting things like shift rotations in place to tackle those issues. If your response mechanisms are really effective and really well tested, you can rely on them slightly too much. Actually preventing issues is dramatically less problematic than being able to respond to and deal with them effectively, but if you’re always able to jump out in front of it and catch the issue, people will get relaxed about the fact that that’s what will happen. 

To learn more about the threats facing cyber security teams, tune into The Cyber Security Matters Podcast here

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

The Growth of Global Commerce in the Content & Media Industry 

Content is a rapidly expanding industry, with huge numbers of platforms and creators all vying for exposure. With vast amounts of money to be made, it’s no surprise that it’s such a popular industry. 

On The Content & Media Matters Podcast we were joined by Simon Miller, who until recently was the MD at Gracenote International Metadata for Product Sales. Simon is an energetic Newcastle United fan, who was previously the Global Director of Sports Specialisation for Grace Knight, CEO of Betfair TV, Head of International and Online Marketing for Ladbrokes e-gaming and the Commercial Executive Producer at Bloomberg TV Africa. 

With such an extensive career in the entertainment industry, we were keen to hear his perspectives on the growing global commerce that’s coming from the Content & Media industry. Here are his predictions for the coming years: 

In the betting industry – which is, in some ways, the ultimate example of commerce emerging from the back of content – if you can’t see it, you can’t bet on it. We relied on content to run our business. That’s why it’s essential to provide excellent video services to the major betting platforms, because it’s those videos that people can bet on. That video can be football, horse racing, table tennis… It can be all sorts of things, but the point is to get the videos in front of people who are interested in placing a bet. That’s an industry that’s often at the leading edge of commercialising content, and it will continue to be there. 

As the demand for profitability is becoming more and more prevalent, advertising and e-commerce becomes increasingly relevant. The industry has long considered this, and in some ways it’s not a new idea. Selling what Jennifer and friends were wearing after a piece of content was released is almost a cliche in the industry that goes back well over 20 years. 

When it comes to valuing the industry, there are a few things to consider. Look at what’s happening in China, where the e-commerce industry that’s been created off the back of content is worth in excess of $400 billion, compared to the US equivalent only being $40 billion. Now, some of that difference can be explained by some basic building block differences between the way the media and those two markets work. I’m not suggesting that you always compare like for like, but nevertheless, I think it’s a clue that many companies are looking at how they can replicate some of the e-commerce giants in China. 

Technology is always evolving the ability to push messages at people. Those messages can be information, they can enhance the viewer’s experience or they could be e-commerce messages. As more and more people watch video on small individual devices, which are naturally far more interactive, e-commerce can grow off the back of that content. What’s going to happen is that e-commerce platforms will learn the difference between different types of video format and the different needs that those videos fulfil, and understand that e-commerce is only relevant in some of those. I think that growth is going to happen, but not everywhere. The technology will enable it and grow it in really specific areas. 

To learn more about the growth of e-commerce off the back of content, tune into The Content & Media Matters Podcast here

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

Global Leadership in Cyber Security

Cyber Security is becoming a growing concern for businesses across the globe. On Episode 14 of The Cyber Security Matters Podcast we were joined by Hajar El Haddaoui, who is an international executive. She speaks four languages: French, Arabic, German and English, which has allowed her to lead a large sales team in multiple continents. She is currently leading Swisscom’s managed security services, as well as serving as a board member for the Chamber of Commerce, MOD-ELLE and WIN Women’s International Conference, where she works to support women in business. With such an extensive and exciting background, we were keen to hear her insights on global leadership in cyber security. 

How does Switzerland’s approach to Cyber Security differ from other key European markets?

Switzerland is one of the most innovative countries I’ve worked in. Cyber Security is a part of the business transformation of any company, and in Switzerland they are sensitive to where the data goes and is used. They create security by design, which weaves their Cyber Security into the fabric of their products. 

Do you expect adoption of managed security solutions to continue to increase as a proportion of the overall cybersecurity marketplace?

Absolutely. There are many challenges facing our clients, including the complexity of digital business, where there is an increasing skills and resource gap. There’s a 3.1 million gap in resources and talent worldwide for Cyber Security. Lots of our clients don’t know how to use the hybrid cloud. Therefore, managed services are key for those clients in order to respond to their challenges. We want to transform the industry by making products and services that are secure by design, but there are several clients who need someone to manage those products for them anyway. It’s important to have management in your Cyber Security portfolio in order to meet that need in the market and address the challenges that clients are facing. 

Silicon Valley is seen as leading innovation. How influential are they to Cyber Security?

Research and development are key to innovation, not just in Cyber Security. They give you confidence to innovate and inform how you take a digital solution and rapidly provide insurance to our customers. We’re not just providing security to our customers, we are providing consultancy, technical support services and managed security services too. It’s those three layers where innovation needs to be. Research and development can be applied to intelligent and managed security services to identify and respond to threats, giving us a proactive level of protection. 

There’s a lab in Silicon Valley that is the hub of innovation, not merely for Cyber Security. There are also labs in Israel and Japan, but Silicon Valley is still playing a huge part in global Cyber Security efforts because of the amount of investment that they’re able to attract. Everyone needs to invest in innovation and in hub centres for security. Silicon Valley aren’t the only one doing it, but they are still big players. 

What have the different places you’ve worked taught you in a business and leadership context?

Working internationally has given me the ability and agility to deal with challenges. Being a resilient leader is essential to what we do. The second thing is confidence. Moving from one country to another I’ve learned to build a community and a support system, which plays into that self confidence. The third lesson is humility. I’ve become a continuous learner, because the technology field in Cyber Security is rapidly changing, and I have to accept that I’m not going to stay an expert if I don’t learn from other people. The market is fast and furious, so to be fit for the future I have to learn skills and humility. 

To hear more about global Cyber Security efforts, tune into The Cyber Security Matters Podcast here

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

How Technology and Automation are Transforming the Industry 

Cloud technology has been rapidly adopted by various industries, including Content & Media. On Episode 13 of The Content & Media Matters Podcast we spoke to Steven Stewart, the Chief Operating Officer at Take 1, about how this technology is transforming the industry. Steven’s experience includes positions in the BBC, advisory board membership for Rise and serving as Vice Chair for the Royal Television Society, making him an ideal person to provide insights on the subject. 

What do you think it takes to make a transformational project successful?

I think it takes vision, and you need to know what you’re trying to transform to. It’s no use just saying, “We need to transform the business.” You have to work with your team at board level and an operational level. Taking people through the transformation is important, because people generally don’t like change. Usually when you automate a process, people worry that their job is on the line. Taking them through the transformation means assuring them that that’s not the case. People’s jobs become more interesting when you automate processes, so transformation becomes a process of bringing your team across to new departments where they do less mundane work, because the automations are doing that for them. It also allows the business to grow rapidly, which requires new people coming in, as well as keeping the old people. The key to successful transformation is having that vision and taking the team on the journey with you by giving them opportunities, and listening to what they’ve got to say, and doing things for the right reasons. 

Why do you think cloud and SaaS based platforms are so attractive and interesting to the broadcast and media industry?

The cloud isn’t really a thing, it’s just someone else’s datacenter. The reason why SaaS or other people’s software sitting on the cloud is so interesting for broadcasters is because things are changing so quickly. You used to build a broadcast centre, and you’d spend millions of pounds, but you’d have to write off the capital investment over five or 10 years. If you ask somebody nowadays, what their business will be doing in five years, they’ll throw their hands up in the air and say, “We don’t know what it will be doing next year, let alone in five years!” Being able to hire those services rather than paying out for something that won’t last is incredibly lucrative. 

For example, if you want to launch a live channel that’s going to last for six months, because it’s broadcasting a particular sport season for example, you can launch it, run it for six months, then you turn it off again. Then some other organisation will use that cloud technology for their project. Most big companies are not just brands, they’re media brands. They have YouTube channels, they are broadcasters, they’ve got content they need to distribute worldwide to both their customers and their stores. Cloud tech is enabling that distribution without the massive upfront costs. 

Are there limitations that mean it’s not right to do a big transformation or move over to a cloud or SaaS based system?

You need to look at the problem you’re trying to solve. Let’s use the BBC as an example. If they have 20 million viewers watching the terrestrial service all day every day, then that’s a really efficient way of distributing that content. That’s not the reality anymore. You might have the odd show that gets four or 5 million, 6 million like Traitors. But at three in the morning, you might only have 10,000 people watching stuff, but the transmitter power being used is exactly the same. They don’t turn the transmitters off anymore, they leave them on. Therein lies the problem. 

Sustainability is going to be the focus for a lot of companies. There’s obviously advancements like moving from 2k to 4k, then 8k or HDR etc. The quality is as good as it needs to be for what we’re doing at the moment, but there are some really scary statistics that between 1 and 2% of all the world’s energy is used for streaming TV. That’s the same as all the aviation industry around the world put together. That’s something that we need to change. There’s an organisation called Greening of Streaming who are doing some really cool work in that area. 

There’s another statistic that says around 90% of all the packets that are generated to make streaming TV work go unconsumed. That’s another big issue with old systems. We have to make the solutions to these issues into a business case. I would love Netflix to save the planet. Imagine if you had a big dial on your Netflix where you could turn down the quality and pay less for it. If I don’t want to watch Friends reruns in HD, I just want it at a lower bit rate, then I’m going to save money. If you turn that down, Netflix saves money on their data centre processing and you save money on your electricity bill too. Now there’s probably loads of different technical reasons why that can’t happen, but imagine if we as an industry started creating that kind of solution. It would change the world. 

What problems are we currently facing as an industry, and how are we creating solutions to them? 

The problems we have are around measurement and making the devices consumer aware.When you go to tech shows, you still see the latest big thing with all these LED volumes. And has anyone done the measurements of all the power it takes to run a studio of LED volumes? How does that compare with driving some trucks to the real location? Now, logically, you’d think the LED volumes must be more efficient, because you’ve got fewer people travelling around. But has anyone ever done the sums? People should focus on measuring that kind of thing. 

People like the BBC are setting up sustainability requirements for their providers. I think the big players are leading the way with consumption, which is going to change the market for these huge pieces of technology. At home, you don’t put all the lights on all the time and boil cyclicals in the driveway. As an industry though, we have been doing that just to drive quality. Let’s turn the lights off. There’s no downside to that. 

To hear more about improving the sustainability of technology in the broadcast industry, tune into The Content & Media Matters Podcast here

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.