Interview with Lisa Forte, Partner, Red Goat Cyber Security
Born – I am from the UK but half my family is from Italy.
Current role / bio – I began my career working in anti-piracy and Counter-terrorism intelligence researching online radicalisation and the risky social engineering process undertaken by terrorist recruiters.
I then moved into one of the UK Police Cyber-Crime Units where I got to know the attackers’ mind sets and methodologies well. I formed Red Goat Cyber Security in 2017 with the goal of reflecting the techniques and methodologies being used by hackers. We provide GCHQ certified social engineering training, security testing and wargaming exercises to help organisations prepare for an attack.
Who do you work for and what does your role entail?
I am one of the Partners at Red Goat Cyber Security. I run the GCHQ cert Social Engineering Course and the Insider threat programs. I also run the cyber-attack crisis simulations for large clients and speak at events around the world.
What’s been your biggest work achievement of the last 12 months?
I won the Top 100 Women in Tech Award which I am still very excited about. I also created the first and only GCHQ certified Social Engineering Course. The most recent achievement has been conducting our insider threat research. We obtained some shocking results but the benefits to all organisations will be huge. I will be presenting our findings at Digital Transformation EXPO Europe.
What is the biggest challenge facing the industry?
Perception of cyber threats. I strongly believe that we in Europe suffer from 2 things - 1) Misunderstanding the threat and where it is coming from and 2) Seeing cyber security as a separate area of business.
Misunderstanding the threat is a huge problem for business men and women who are not in the cyber industry. Reading the news will have people believe that all cyber criminals are backed and encouraged by Putin himself. The reality is far from this. Why is this a problem? Well, recently I was having a conversation with a Partner at a law firm. He said to me, “Why should I invest so much money in cyber defences? Why would the Russians want to hack my firm and steal some pretty insignificant data?”.
My answer was simple. They don’t. Organised crime groups do though. They can make a lot of money from fairly simple attacks on unsuspecting victims. So, by simply misunderstanding the threat people can start believing that their business wouldn’t be at risk. Humans come in all shapes and sizes and so do cyber criminals.
Seeing cyber security as a separate area of business is also a huge challenge. Cyber security is part and parcel of every single operation and transaction your company makes. To treat it as anything else is a grave mistake. When people start to see security as an essential part of every operation the value of investing in it becomes clear. The way we as a society perceive threats plays a crucial role in how we defend against them.
What’s the best piece of advice you have ever been given?
I can’t really pick one! I would say my top two would have to be:
1. “Staff can either be your biggest weakness or your greatest defence”- I say this every time I hear people say that staff are a huge security weakness. They can be but they also don’t have to be! Having a great security culture doesn’t have to cost a fortune and the dividends it will pay in the long run will be worth it.
2. “Find something that can act as your therapy”. My father, a very successful businessman, said to me that he schedules time every week to go horse riding. He referred to it as his therapy. He said it cleared his head and enabled him to go back to work with more energy and enthusiasm.
So, I tried it. I set aside a full day off to go mountain biking. A day full of adrenaline, exercise and sunshine! The next day I was back at work and I felt full of energy and enthusiasm. I even recognised that I was seeing opportunities where before I had seen closed doors.
I couldn’t offer better advice to anyone, whatever stage you are in your career. Find your therapy whether that is. All that matters is that you feel happy, your mind is clear, your work worries leave you and when you go back to work you feel refreshed. When I am feeling low, run down or just out of energy I schedule a day of therapy on my bike. It has never failed to work!
What are your predictions for the IT industry for 2019/20 or beyond?
I think from a cyber security perspective we will see a huge increase in insider threat attacks. We now live in a hyper-connected world and this makes life easier for the insider threat actors. Organisational records are now almost all digital, large amounts of data can be copied quickly and the miniaturisation of data storage enables exfiltration to happen easily. We have seen this threat grow at a much faster rate than expected in the last year with some very high-profile cases involving US and Chinese companies. In industries that are driven by R&D I think we will see some shocking and perhaps even devastating attacks in the next few years.
How do you perceive the hype around AI, a big concern ethically or a huge opportunity?
Both. AI is hugely misunderstood. I think there are a few problems with it, and all of these problems involve humans! Firstly, it requires large data sets and we have seen a few companies hit the headlines for being irresponsible with the data they hold. There is also a big problem with human biases being reflected in machine learning these then can cause the very problems we were hoping AI would fix. There are plenty of opportunities for AI, although I believe we are a little way off these at the moment. AI may well transform our health and manufacturing sectors in the future and has the potential to do a lot of good in the right hands.
What do you think is going to be the next big technology development? Quantum Computing? Smart Robots?
Although unrelated to my area of cyber security, I have seen some fascinating developments in predictive DNA technology. These DNA scoring technologies are currently a bit unreliable, but they are progressing quickly and could lead to an ability to predict all sorts of health issues in the future. This could save money for state-run health services by using preventative medicine to keep people healthy. We all know someone who suffers with a chronic illness, pain or mental health issue.
I am a big believer in “prevention is better than cure” and when it comes to the stress, money and suffering that some of these conditions cause people I can’t help but think being able to avoid even half of these could help so many.
This year I conducted some research into the insider threat issue. The problem was far worse than I had initially thought. I will walk you through the research and share some of the shocking case studies reported by participants. You will learn exactly how far your staff would go to save your company. *Strong liquor recommended*.
Join Lisa's session 'Insider Threats: How far would you go to stop an attack?' which is taking place on Wednesday 9 October at 12:45-1:15pm in the Cyber Security Keynote Theatre.
Click here to return to the full speaker Q&A library.