Small and medium-sized enterprises (SMEs) and non-profit organisations often face unique challenges when it comes to cyber security. They may not have the same resources…
Meet one of the most dynamic leaders of the Scottish Business Resilience Centre, Declan Doyle, Head of Ethical Hacking and Client Services, who is not only a trailblazer in the Scottish cyberverse, but is also a well-known name in the Scottish tech and business landscape for being an active mentor and coach to the next generation of cyber security professionals.
Read on to find out about Declan’s motivation to encourage better cyber exercising practices for your organisation, and his journey as an emerging cyber resilience leader.
What does ethical hacking entail in the context of cyber security and tell us a bit about your role with SBRC.
A lot of people have asked me how can a hacker be ethical? That I think is the real question. In simple words, the answer to that is it’s hacking with permission. A company would approach an ethical hacker in order to hack into their systems and check if they’re at risk of a cyber incident. They would agree on the boundaries of what the hackers are allowed to investigate, and the hackers will use techniques and tools to get to the root of the problem. Normally, the hacker on job will even produce a report for the company and respectively demonstrate how to fix it.
Our team of ethical hacking students at SBRC play an important role in working with businesses across Scotland to identify vulnerabilities, as well as raising awareness about cybersecurity, and eventually in educating organisations on how to secure sensitive data. Identifying weaknesses in an enterprise infrastructure is an essential component of combating cybercrime.
I work at SBRC as the Head of Ethical Hacking and Client Services. Aside from building relationships with the clients, and understanding the needs of each sector, one of my main responsibilities is to train our ethical hacking team. We work with Abertay University to hire talented ethical hacking students and work with us at SBRC. During their tenure with SBRC, we support them with professional development, and train them in the field of cyber exercising. Subsequently, it’s absolutely fantastic to see them evolve and develop skillsets, and make a real positive change in the Scottish environment.
Do you think Exercise in a Box is an essential cyber exercising tool for Scottish businesses and organisations?
Exercise in a Box , in my opinion, is an essential tool for all organisations, irrespective of the size and sector. The truth of the matter is that a lot of organisations are talking about cyber security, but not enough people are actually taking action and preparing to defend themselves an event of a cyber breach. And that’s where Exercise in a Box (developed by NCSC) comes into play, as it’s a free, 90 minute non-technical workshop where a real-world scenarios is recreated, and the collaborative discussions with our ethical hackers help organisations find out how resilient they are to cyber-attacks, and practise their response in a safe environment.
To support the Scottish Government’s wider work to drive incident response advice and guidance in particular, SBRC took up the delivery and promotion of Exercise in a Box in order to ensure Scottish businesses had the knowledge to, and could defend themselves in the event of a cyber breach. So far, SBRC have successfully delivered over 70 EiaB workshops to over 450 organisations with over 1200 participants in less than two years. One of our first scenarios was ‘Working from Home’ that proved to be immensely popular, Many of us had to move to 100% remote working having never done it before due to COVID-19, which has created the potential that your organisation’s IT services will be accessible to people other than your remote workforce. The sessions were well-received by most.
Then, unfortunately, throughout the pandemic, we also seen a rise in ransomware attacks, and decided to launch the ‘Ransomware’ scenario to demonstrate and discuss how your organisation would respond to a phishing attack that leads to a ransomware infection. The scenario covers how well you would be able to continue operating if you did get infected with a ransomware, and whether you would be able to rely on your current backup solution.
Following that, we launched the ‘Digital Supply Chain’ scenario, by public demand for companies asked to understand the impact that an organisation’s supply chain can have in relation to cybersecurity. This scenario begins by exploring how you would ascertain how secure potential suppliers are.
Most recently we launched the most relatable of all scenarios, ‘Micro Exercises’. With this, you can learn about the very basics of cyber security irrespective of the size, sector or level of knowledge of your organisation. This scenario was created as the very starting point in your cyber journey, and to identify what areas need improvement more than the others when it comes to cyber safety. Even though all our scenarios are tailormade for organisations and businesses from all sectors, we strongly recommend this scenario to third sector organisations as cyber resilience needs to sit on top priority for the charitable sector of Scotland.
Find out more and register for our upcoming Exercise in a Box sessions here – https://cyberfraudcentre.com/event
What role do ethical hackers play in facilitating the Exercise in a Box sessions?
During cyber exercising, companies are paired with our experienced ethical hackers to share experiences and ask questions. They take you through and facilitate the set of questions designed to re-create a certain scenario. This means you have someone on hand who will help you understand if what you are doing is enough, and what else you could potentially think about implementing. It’s invaluable for many reasons as ethical hackers have got real world experience. We go out to businesses, big and small, all across Scotland, to identify issues and suggest solutions in the event of a cyber incident. It’s our responsibility to ensure businesses feel confident enough to be able to seek support and guidance when it comes to cyber risks and incidents.
Almost all sectors, including sport, oil and gas, finance and banking, energy, and academia are among those working with and learning from the ethical hacking approach in preventing cybercrime.
What do you think is the future of Exercise in a Box? Will there be more in-person sessions in the coming months?
So far the future of cyber exercising in Scotland looks great and certainly has huge potential! We are now considered delivery experts by hundreds of organisations across the country and the feedback received up until now for NCSE developed, Exercise in a Box, is overwhelmingly positive.
According to constant needs assessment surveys done with Scottish organisations far and wide through our Cyber Scotland partnership in addition to monitoring the evaluation findings of our sessions, it is clear at this point that there is a huge appetite for cyber exercising.
We have been interacting with organisations across the Scottish landscape, whether it is the islands up north to the borders down south, we’ve received the same feedback to deliver both in-person and virtual workshops as it’s proved hugely beneficial to businesses. Our aim with Exercise in a Box is to take it to each and every city of Scotland for in-person events (keeping in mind the safety protocol), and continue to deliver virtual workshops to those who are unable to attend it. It is our intention that every Scottish organisation have the skills and knowledge to protect themselves against online attacks. We achieve this through the delivery of education and preventative training, as well as actively raising awareness of threats throughout the business community.
If you are still here reading the interview with our Declan, read up below to find out more about Declan’s outlook on how Scottish businesses can benefit from learning more on cyber resilience!
- Young ScotCast Podcast on online privacy and safety
Declan is a tireless advocate of promoting STEM skills to the younger generation and is an active mentor and coach to the next generation of cyber security professionals in Scotland. While we have been working with Declan since Jan 2018 in SBRC, he has designed, curated, delivered, hosted and organised a huge number of cyber education, cyber exercising, and cyber security related events.
One of Declan’s most celebrated strengths is that whether working with internal or external group of people, he looks to find the best outcome for all involved and truly exemplifies the core values of our organisation, where we strongly believe in having the people at the heart of it all.
Declan has and continues to take an active role in the success of all of the Ethical Hacking students from Abertay University working with SBRC. As Head of Ethical Hacking, his role involves shortlisting, interviewing, hiring and subsequently supervising, mentoring and coaching SBRC’s Ethical Hackers for all Cyber Education and Cyber Exercising activities and projects.