organisation’s leaked credentials or for evidence that a company’s information is being sold there, indicating that their systems have been breached. New offerings Services are a growing area of business for Core to Cloud and it has a number of additional new offerings in the pipeline, predominantly around third-party risk, but also shadow IT defence and validation of networks for risk and vulnerability. For Cunningham, they provide another opportunity to do what he does best, which is tracking down innovative solutions that really help to differentiate Core to Cloud and excite the company’s customer base. “I'm off to San Francisco in a few weeks, to RSA, the largest cybersecurity conference globally. My objective is to find a platform to support DevSecOps, development security. We’re finding that most organisations, especially in enterprise and finance, are building their own applications in the cloud which potentially exposes them to risk and vulnerability. I see Development Security becoming a huge requirement for organisations in the next three to five years. There is some new technology currently being built that I am aware of and I'm going out to San Francisco to find it and hopefully bring it into this country.” www.coretocloud. co.uk Labs and its own scripts to identify security weaknesses. “We essentially simulate an attack as a tabletop exercise with various stakeholders within an organisation. It’s gamified and people get to vote on the decisions they make that affect the business,” explains Cunningham. “Immersive Labs is a great platform; the difficulty lies in building customised scenarios for clients, which is what we do. We are trying to recruit as many people as we can to support the amount of business that we've won in that area. For example, we're currently doing an NHS roadshow across the whole of England, where we actually go in and deliver the crisis simulation.” He adds that simulations are a valuable way of highlighting weaknesses in clients’ security and dispelling complacency. “We did one simulation with a Board of Directors and Chief Executive Officer in which an application that is absolutely critical to that organisation was compromised. At the end of the simulation, the CEO turned around to the Director of Cyber and said ‘How exactly are we securing this application?’ and he said ‘Not well right now because we need more funding’. That conversation was at board level and right in front of my eyes.” He adds that as a result Core to Cloud now uses simulations as a means of finding out more about potential customers and initiating discussions on their current defences, their business continuity plan, how they manage risk and vulnerability and so on. “We offer them free of charge at first because we gain so much insight into what the organisation is concerned or worried about. Following that we would make some suggestions that they may or may not want to take up." n Dark Web monitoring. A new service line for Core to Cloud, this involves searching and monitoring the Dark Web for signs of unusual activity based an
RkJQdWJsaXNoZXIy NDUxNDM=