19th June, the London Chapter hosted their 2nd member meeting of the year at the now well know venue of WeWorks @ Moorgate, courtesy of DeepSecure and was extremely well attended with the occupation at full capacity!
James Packer [President] provided the customary chapter overview and started by introducing 2 new members who have joined the Chapter Committee:
Amar Patel has joined as the Education Officer and brings with him a wealth of experience within the Education sector, both within his work and privately as a school governor.
Jessica Roussou has joined to assist Mohin Gulzar with organising events, which will further enable the Chapter to organise smaller more tailor-made workshops and meetings with niche topics for different interested parties as well as in administrative activities such as the recording of member CPE’s for event attendance.
We welcome them to the team!
As a prelude to providing an informative evening by ‘subject’ matter presentations were then given around 2 very different approaches to ‘incidents’
The first talk was by Jason Shafferman from SecureWorks who presented a ‘Whack a Mole’ approach to an incident response where the concept is around ‘how to get an adversary out of your network and ensure they can’t get back in’! Jason provided two case studies at polar ends of success with adversary eviction and where the dependency of success is all around the timing of eviction. i.e. a delayed eviction is more likely to ensure permanent eviction of the adversary.
There was a keen interest in this methodology with questions being asked around the legal position due to delaying an eviction, the impact of ‘tipping the hand’ and where in the experience of SecureWorks was the majority of adversaries found. Ultimately each incident needs to be dealt with on a case by case basis, but it was noted that typically an immediate response usually led to a quick re-entry.
Scott provided an interesting overview and view of what Cybercrime actually consisted of, how it is defined and the current challenges facing law enforcement officers globally.
Key challenges highlighted were: Jurisdiction, Anonymity, Ease of Access, Instantaneous and working with the victims themselves.
The AFP has adopted a 5D model [Define, Detect, Deter, Disrupt, Dismantle] to deal with Cybercrime incidents and they see their key role being one of ‘Attribution’.
Again our members had many questions for Scott, particularly around how civil court cases are managed especially when the lawyers and jurors themselves are not knowledgeable enough to understand the intricacies of Cybercrime technicalities. In these cases, this is where the Cybercrime police dept are brought in to explain concepts…using graphics and pictures
After a lively Q&A drinks and pizza were served!
Looking forward to the next meeting and we welcome any suggestions around topics and ideas. If you have a venue that you can help us with please do let us know!