May 26, 2025 • 31 mins
Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM
FULL SHOW NOTES
https://www.microsoftinnovationpodcast.com/691
What happens when cybercrime becomes as organized—and profitable—as a Fortune 500 company? In this episode, Louis Arthur-Brown, a cybersecurity leader and solutions partner at CodeStone, pulls back the curtain on the evolving threat landscape. From ransomware-as-a-service to deepfake deception, Louis shares real-world insights and practical strategies for defending your organization in an AI-accelerated world. Whether you're a tech leader or a curious professional, this conversation will sharpen your security instincts and help you build resilience where it matters most.
KEY TAKEAWAYS
Cybercrime is industrialized: Ransomware-as-a-service and affiliate models make it easy for anyone—even non-technical actors—to launch attacks for as little as $50.
AI is amplifying threats: A 1,300% rise in phishing emails last year is just the beginning. Deepfakes and voice cloning are reshaping social engineering tactics.
MFA and basic hygiene go a long way: Implementing multi-factor authentication and conditional access can block up to 92% of cyberattacks.
Zero Trust is essential: Organizations must move beyond the “walled garden” mindset and adopt a “never trust, always verify” approach to access and data.
Data strategy is security strategy: Tools like Microsoft Purview and Windows 365 help classify, protect, and monitor sensitive data—especially in AI-enabled environments.
RESOURCES MENTIONED
👉Microsoft Purview – https://www.microsoft.com/security/business/information-protection/purview
👉Windows 365 – https://www.microsoft.com/windows-365
👉Microsoft Sentinel – https://azure.microsoft.com/products/microsoft-sentinel
This year we're adding a new show to our line up - The AI Advantage. We'll discuss the skills you need to thrive in an AI-enabled world.
Accelerate your Microsoft career with the 90 Day Mentoring Challenge
We’ve helped 1,300+ people across 70+ countries establish successful careers in the Microsoft Power Platform and Dynamics 365 ecosystem.
Benefit from expert guidance, a supportive community, and a clear career roadmap. A lot can change in 90 days, get started today!
If you want to get in touch with me, you can message me here on Linkedin.
Thanks for listening 🚀 - Mark Smith
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Mark Smith (00:01):
Welcome to the Power Platform Show.
Thanks for joining me today.
I hope today's guest inspiresand educates you on the
possibilities of the MicrosoftPower Platform.
Now let's get on with the show.
In this episode, we'll focus onAI and cybersecurity.
(00:26):
Today's guest is from GreaterBournemouth in the United
Kingdom.
I don't know that I've everbeen there.
He works at CodeStone as asolution partner.
He holds multiple Microsoft andnon-Microsoft certifications
and exhibit a dynamic leadershipstyle, championing
modernization and application ofemerging technology Beyond
professional realms.
(00:47):
He is pursuing his privatepilot's license and learning how
to kite surf.
If you'd like to know moreabout that, you can find links
to his bio and socials in theshow notes for this episode.
Welcome to the show, Louis.
Hello, good to have you on.
Tell us about food, family andfun.
I always like to start withthese questions to get a bit of
background on what people dooutside of their professional
(01:07):
lives.
Louis Arthur-Brown (01:08):
Absolutely yeah.
So food I do love a curry and aroast dinner you could say it's
the national dishes of the UKAbsolutely love them.
Family I've got a lovelyfiancee and I've got a
five-year-old daughter and an18-month-old daughter as well.
And in terms of fun, uh, yeah,I'm absolutely um enthralled
(01:30):
with the possibility of kitesurfing.
It's something which I'm quiteearly in my journey in, but I am
learning how to kite surf, um,and I'm also um a few lessons in
to my private pilot pilot'slicense.
So, yeah, in terms of pickinghobbies, I know I've picked the
hardest and most expensive andit doesn't really go well with
family, but yeah, it's somethingI can work at at least.
Mark Smith (01:53):
I think that flying is just phenomenal right, the
ability to take a wholedifferent perspective of the
world.
And so, yeah, good luck withthat.
I hope you do well.
And, of course, kite surfingpretty amazing.
I see a lot of kite surfersaround where I live and, uh, I
think I've got to do a bit morework on my body before I'll be
in a position to be able to getout there and throw myself
(02:14):
around over the uh, over thewater, with the?
Uh.
Maybe one day, maybe one day.
Maybe these aerofoils thatthey're on these days are pretty
amazing.
Yeah they truly are.
Tell me about your career path,your career journey.
How did you get into the areaof tech you're in today?
Louis Arthur-Brown (02:37):
Good question.
So I actually started asbelieve it or not as an
aerospace engineer apprentice.
So I did that for maybe five orsix years, hence my interest in
in aviation and getting myprivate pilot's license.
And then I kind of fell into it.
Just I did.
There was a placement availablein my apprenticeship.
I thought, why not?
I'll go sit in the itdepartment for a few months and
(02:59):
I never left.
I did it supports for a fewyears and then got aligned into
service delivery, it managementand then, more recently, it
leadership, in terms of creatingdepartments, cyber departments
focused on revenue growth andexpanding solution portfolios.
Mark Smith (03:17):
Wow, amazing, amazing.
And I find this subject ofcybersecurity incredibly
interesting, particularly as wemove into an age of ai, and I
suppose that the level ofignorance that a lot of people
have at how sophisticated andhow advanced, uh, cybersecurity
(03:37):
is, uh.
One of the cvps at microsoftthat a conference I was recently
at, she said that ifcybersecurity was like an entity
, a government or anorganization or a country entity
, it would be the third largestbased on GDP in the world.
And so I looked that up.
(04:00):
What does it mean to be thethird largest?
Well, the US is the largeststate by GDP, followed by China,
and then third is Germany.
Now, between China and Germany,the amount of money made in
cybercrime globally is thatequivalent of GDP, which is?
That is mind-blowing.
(04:21):
Just how sophisticated,organized.
This is not script kiddies,this is not people just
tinkering on the edges.
This is organized criminalactivity.
And now we introduce AI intothe mix and there needs to be an
increased awareness andeducation around this area of
(04:42):
cybercrime.
What are you seeing?
Louis Arthur-Brown (04:44):
Well, it's exactly that, mark, and I think,
coming back to the fundamentalstatistics, you know like we
still have a worsening skillsshortage.
You know, I think, a status 50%of all UK businesses have a
basic cyber skills gap.
The cost of breaches is risingrapidly and I think last year it
rose by just under two percentglobally, but in the uk it was
(05:07):
8.1 percent.
Just calling that out, becauseI think that isa fantastic stat.
Either uk is being targeted orwe're doing something really
badly, badly wrong.
But I I think I think it comesback to there's never been it's
never been easier to launch acyber attack and nor has there
been a better time to and what Imean by saying it's never been
easier to launch a cyber attackand nor has there been a better
time to, and what I mean bysaying it's never been easier,
(05:28):
is these cyber criminals, theones you mentioned.
You know that they're not justscript kiddies, they're actual
organizations and they'veadopted legitimate business
models and commercial models inorder to to provide things like,
you know, ransomware as aservice.
Even, you know, anybody, evenmy nan, could go and initiate a
cyber attack, as long as she'sspeaking to the right person and
(05:49):
has between $50 and $100 spare.
She can buy a ransomware kitand that can be delivered.
And there's affiliate modelswhich ransomware gangs use in
order to say just point us tothe target and give us a bit of
money and then we'll share 30%of the spoils.
All of those options areavailable to anybody, so your
(06:13):
disgruntled employees or someonewho is more opportunistic can
launch a successful cyber attack.
So that's what I mean by sayingit's never been as easy.
And coming back to the stats, Iwas saying at the off, you know
, nor has there been a bettertime to that.
People are struggling,businesses are, have regulatory
pressures, they have budget cuts, especially post-covid, and and
(06:36):
that skills gap is worsening.
So people can hit businesseswhere it hurts.
And I think what you weresaying about just how profitable
cybercrime is, I think that isa direct result of the symptoms
that we're seeing in the markettoday.
Mark Smith (06:52):
What does the role of somebody in your position,
where you're focusing oncybersecurity what does the day
in the life or the month in thelife of somebody like you look
like?
What does it involve?
Louis Arthur-Brown (07:05):
Yeah, I mean in terms of being a solutions
partner and looking atcybersecurity.
It's trying to predict what'sgoing to happen next and it's
trying to make sure that we havethe readiness, we have the
capabilities in order to react.
You know to respond to thosethings and you know AI is making
that 10 times worse.
(07:25):
The proliferation of AI isaugmenting all of those efforts
which we were talking about.
And again, another stat for youlast year there was a 1,300%
rise in malicious phishingemails.
Well, why?
Because it's so easy to do now,especially with the likes of
ChatGPT and other LLMs out there.
(07:45):
So you know what my day-to-daylooks like is really trying to
get solutions, take solutions toour customers that can help
combat, to help protect themagainst those things.
But one of the things that I'mseeing at the moment is people's
security posture.
It's not complete or it's gotgaping holes, and and one thing
(08:07):
is is that the fundamentalspeople are doing the
fundamentals wrong in terms ofcyber security.
You know there areorganizations out there that I
know they don't have mfa appliedto.
You know, not even 10 of theiruser base, or sometimes not at
all.
And if you're not doing that,yeah, you are setting yourself
up to fail.
So, in summary, really it'sproviding customers with the
(08:28):
tools, with the capabilities todefend against that
ever-increasing threat.
Mark Smith (08:34):
Nice.
So you mentioned MFA,multi-factor authentication.
That's a critical step that youknow.
If you're ever prompted to setthat up on any of your accounts,
you're saying that's a really,that's a fundamental starting
point.
Everybody should be setting upMFA.
Louis Arthur-Brown (08:48):
A hundred percent.
And actually, again, I'm fullof stats today, mark.
You know, I think it says, andthis is a stat from Microsoft so
if you set up MFA and have somebasic cyber hygiene and what
that means is you have aconditional access policy, um,
and you know basic passwordpolicy out there, that can
actually help defend you fromlike 92 percent of all cyber
(09:10):
attacks.
It is crazy.
And and if you add on someother very fundamental things
like vulnerability and riskmanagement you know pen testing,
if you have data lossprotection, you know enabled
microsoft purview, dataclassification, if you have, if
you can afford a SOC service andyou can really look at your
(09:31):
human risk in terms of manage,quantify and manage your human
risk, that will protect you fromabout 98% of all cyber attacks.
This is one thing.
What I'm championing at themoment is because I believe
solutions like Windows 365 canreally help organizations get to
grips with those technologies.
You know, use it as a kind of atestbed if you like to roll out
(09:55):
these policies to, you know, asubset of users to then prove it
before they then roll it out tothe rest of the organization.
And I think you know one of thereasons why some of these
basics aren't in place isbecause of an inherent fear or a
perceived risk, which you knowit's like I don't want to impact
(10:15):
my users.
You know I don't want to lockthem out of the system.
You know it's that usabilityversus security age-old balance.
It's that usability versussecurity age-old balance.
And I do think there is a sortof ignorance in the channel
where it's like I'll do thesethings later, or cyber attacks
that's never going to affect me,when in fact, it's not a case
(10:37):
of if it should be, a case ofwhen.
Mark Smith (10:39):
Really, yeah, I was watching a video recently about
I think it was Steve Jobs beforeApple and how they hacked the
telephone network around theworld, basically reverse
engineered the old dial tonetype phones which would allow
(11:00):
you access into the network andthen you could do an
international dial withoutgetting charged, just because
the way that protocol worked andthe concept of what's called a
walled garden came up and I'dnever understood the concept of
security as a walled garden,which is like an old English
garden, you'd have a very highwall around it and it was done
(11:21):
that nobody could get in.
There was no securityprocedures inside the walled
garden because nobody can get inuntil somebody gets in.
And I see this as a stance thata lot of people take.
They go, listen, our firewallis rock solid, nobody can get
into our organization, ourdefenses are absolutely
(11:43):
impenetrable.
And then they have a network,san.
They have all their data storedin various hard drive formats,
locations and I'm talking aboutlarge financial institutions
still doing this type ofbehavior Because nobody can get
into the walled garden.
And then somebody gets into thewalled garden, they do a
(12:05):
ransomware attack and inAustralia in the last couple of
years we had major scenarios ofthis.
One big healthcare provider hadthis.
They didn't realize thecriminals had got into their
environment and been probably inthe environment for a couple of
months slowly extracting awayall their patient data records,
(12:27):
et cetera, for a major providerin Australia.
And it also happened for atelecommunication company in
Australia and they releasedafter the event the chat
backwards and forwards with thecyber criminals who said listen,
you think that we are not aprofessional business?
We absolutely are.
We're a criminal business, butwe operate under professional,
(12:53):
like any other business would.
And to take us serious in whatwe're saying here, because one
of the things we're like, how dowe know that you're gone when
we pay you out?
And so it was so interestingseeing this whole dialogue come
out.
They overplayed their hand notthe cyber criminals, but the
actual company and the data wasreleased and the data had a
(13:14):
massive impact on a lot ofindividuals because their
passports data was releaseddriver's license data people had
to go get new passports,driver's license and then, of
course, all the medical datawhat diseases individuals had,
which were quite private, whatmedical conditions they had, et
cetera.
That was all published, all inthe public domain for people.
Louis Arthur-Brown (13:38):
Very damaging.
Mark Smith (13:39):
Yeah, so massively impactful and I feel that in
recent, you know, with Purviewas example, from Microsoft, is
that there's there is a need togo and look at security beyond
your walled garden, beyond yourfirewall, beyond like and it is
in so many you know I work for alarge organization that I will
(14:00):
get emails sent out to me thatare phishing emails by the
organization and with the optionto you know, report this as is
uh, spam or report this asphishing email, and then I get
an email back sayingcongratulations, you passed the
test, you know, because youidentified this email as and I
(14:22):
think there's an amount ofeducation in cybercrime as an
awareness Is- that right.
Louis Arthur-Brown (14:28):
You've hit the nail on the head because and
again coming back to the pointyou made about a walled garden,
technically that walled gardenmay be completely impenetrable,
but you need users and users usesystems, users interact with
data and ultimately that's wherethe attack surface has changed,
because they are targetingusers through phishing and
(14:50):
things like that.
So I would agree with youcompletely and say you know,
it's that awareness, um to notonly spread the awareness
through training because, let'sface it, you can all jump onto a
, you know quite a boringtraining course.
You know click, click throughand get a little certificate at
the end.
But I think you know phishingsimulations, social engineering
tests like that that really testthe metal of your users.
(15:13):
You know, test that culture interms of how, how people respond
and how they deal with.
You know, suspect cyber attacksis critical and and I suppose
that that's kind of what I meantby talking about human risk
management, because it's that'show you quantify your human risk
you know you would run like aphishing simulation or that sort
of something physical even, youknow, trying to get someone to
(15:35):
shadow someone for a door, forinstance.
Um, you know, oh, hey, hold thedoor open for me, see if you
can get in the building, see howfar far you know physical pen
testing.
So, yeah, I would say it'sdefinitely the education piece
and it is a bit of a cultureshift, especially when you
consider what's happening withAI.
And you know AI is exacerbatingthis because it is going to
(15:56):
change the game really.
And I think for me the scariestexample of how AI is changing
the game is at the outset of therussia ukraine war, russia did
an attempt to and I say it wasan attempt because it was, it
wasn't very well executed, butthey had, they did an attempt to
deep fake president zelensky ofukraine and and you know, for
(16:19):
those of you listening, you know, a deep fake is, is where a bad
actor can create a video with aperson that looks and sounds
just like the target person thatthey're trying to replicate,
and then the deepfake basicallycalled for ukrainians to lay
down arms, etc, etc.
And it was good enough thatpresident zelensky had to go on
(16:39):
to an emergency press conferenceand say look, this is not me,
this is not me talking.
You know we're still fightingthe fight, etc.
So voice, so voice cloning,deepfake technology is going to
change the game because it'sgoing to expand it outwards.
You know a cyber criminal maylook at someone's LinkedIn
profile and say, okay, you knowthey're going on holiday, you
(16:59):
know, to Malta, and you know, orsomeone's you know child might
be going away to a certaindestination.
And if they, if they can getthat information through social
media, there's nothing stoppingthem calling that parent or that
spouse with someone who soundsexactly like the target or looks
exactly like the target, askingthem, you know, to wire some
money.
So and I think this is whereeducation comes in because you
(17:23):
know you can spot various talesat the moment with this type of
attack, but you know it'smindset.
You know, even if it looks andsounds just like you know the
person who they're purporting tobe, just ask them.
Do you mind if I call you back?
You know, hang up and thencontact them.
You know that's one example ofhow you can adopt some really
(17:43):
basic principles to help defendagainst this emerging threat.
Mark Smith (17:48):
Yeah, yeah, so interesting about that whole
area of deepfake in video andaudio.
I read a book called AI 2041.
It was written in 2021.
So the idea of within 40 years,where will we be, and that
whole concept, you know, in thepast we used to have virus
(18:09):
scanners on our computer waspretty standard, and now it's
inherently built into the systemand we don't think about
getting a third-party virusscanner.
But in the future of deepfakes,is that they will be so good
that humans will not be able todetect them at all?
You won't say, well, I canalways tell an AI it's going to
be so good that humans will notbe able to detect them at all.
You won't say, well, I canalways tell an ai, well, it's
going to be so good you won't beable to tell.
(18:29):
And and therefore we'll needsoftware to tell us that, hey,
what you're looking at isactually not the real person,
it's not there.
You know that type of thing.
And then, of course, you'regoing to have the cat and mouse
game is is your got the latestdetector of copy as to what the
cybercrime is happening?
(18:49):
The other thing I saw the otherday a stat that was if we looked
at the World Wide Web, www, theinternet as we know it, and
then looked at the dark webbelow it.
It's like the World Wide Web isthe tip of an iceberg and
there's a lot that goes on underthere that 99% of probably most
people would never have anyidea of.
(19:11):
That's right, the element thatexists under that layer and that
iceberg concept.
How does you know?
We've talked about MFA.
We're talking aboutunderstanding what looks like a
phishing email and what lookslike somebody doing a deep fake.
(19:31):
What other type of securitypostures should people be
building into their lives?
Louis Arthur-Brown (19:37):
So yeah, in terms of looking at a security
framework, I think it's probablythe best way, and the best one,
which is widely agreed upon, isdefinitely zero trust.
You know, it's that element ofdefense in that having fail
safes so that if one systemfails, another system will pick
it up.
But also taking it further tosay, well, you know, never trust
(19:59):
, always verify, you know, don't, you know, reduce your implicit
trust, because that, ultimately, is how bad actors will spread
laterally across a network.
It's because of, you know,implicit trust and things that
they shouldn't have permissionsto, that they do.
So it's really those things.
So I would say, yeah, zero trustis the primary one.
(20:20):
So I would say, yeah, zerotrust is the primary one.
But, of course, if you're going, you know, if you're looking at
AI, if you're going to initiatea project and try and develop
your own large language model,it's also other things like well
, actually there is a standardISO 42001, which is, you know,
which will help keep you a bitmore secure in your AI endeavors
.
But fundamentally, iso 27001,cyber Essentials Plus and
(20:54):
aligning to a zero trustframework is probably the best
things you can do right now.
Mark Smith (20:56):
Interesting.
I've noticed in the lastprobably 18 months, maybe a bit
longer Microsoft really seems tobe investing a lot in the zero
trust area and that insideorganizations things like
SharePoint have proliferatedacross an organization and in
there is often data that's beenthere for whatever reason, you
(21:20):
know.
Let's say it's an onboardingform in HR which asks for who
are your next of kin, who's yoursupport contact in case of
emergency.
Of course, that's all PIIinformation, and a protocol has
been used across organizations,called security by obscurity.
(21:42):
Nobody knows how to find it.
It's there in plain sight butnobody knows how to access it.
So we're all good.
And then we introduce AI intoan organization, we bring in
Copilot.
It looks at the Microsoft Graph, all those data points are all
lined up and then all of asudden, a model that is
brilliant at understandingpatterns and identifying pattern
(22:04):
matching et cetera, starts topull all this PII data together
because somebody says, hey,what's Bob in accounting?
You know where does he live?
Louis Arthur-Brown (22:15):
Hello, how much is he getting paid?
Mark Smith (22:17):
Yeah, how much is he getting paid?
Has he got any passwords stored?
Right?
Let's see if there's anypasswords or credit cards or
anything like that.
And so you get this potentialfor an internal bad actor inside
an organization.
But then there's just the dumbstuff that people do without
thinking because they're busy.
I have an incredibly popularname, mark Smith, very common in
(22:41):
the Western world.
Name Mark Smith, very common inthe Western world, and the
amount of times I get emailssent to me because Mark Smith
has been selected in theautocomplete of their email and
attachment has been added.
And then I get an email thatwas never intended for me.
I wasn't the intended person byany stretch.
I'm talking about loandocuments I'm talking about so.
(23:02):
Therefore, you know, imagine aloan document, all the
addressing details, all theguarantors, the financial
amounts, all that all sent to mefor my approval.
Um, from other countries, youknow.
And so you get this scenario ofpeople accidentally doing
things, accidentally oversharing.
I mean, the simplest one issomebody putting in the CC field
(23:23):
an internal group right, whichhas a thousand people in that
group, and now all thosepeople's addresses are exposed
and you know it could be addedto an email scam list or
anything like that?
What are organizations doing tokind of harden up their
position, or what technologies,or to for the accidental, uh
(23:46):
threat you know, made by folksthat are not not malicious by
any stretch, but oopsie well.
Louis Arthur-Brown (23:53):
So, yeah, to answer the question directly,
you know it's using things likemicrosoft purview, so dlp or
data loss prevention, uh,policies that you know they,
they're super, super important.
You know, and that willactively you know, if it's
applied and set correctly, thatwill actively prevent that type
of data being leaked to the, youknow, unintended recipient.
(24:15):
And then, you know, going a bitfurther in terms of, you know,
classification, label policiesof your data.
Then, fundamentally, what itboils down to is having a solid
data strategy.
You need to, and this is whatwe're seeing at the moment is in
terms of customers reallyneeding that support in terms of
, well, where is my data?
(24:36):
Just like you were saying,we've got data all over the
place.
It's years old Applying dataretention policies, um, to tidy
up that data, because of course,gdpr states that.
You know you can't keep datafor longer than what is
necessary.
So you know, comes intoregulatory compliance realms as
well, but but you know it'sdiscovering what, where your
(24:57):
data is, what it's doing, whoneeds it, is it still relevant?
And then really creating a planto then classify and label your
data so you understand it, andthen applying the policies to
then control the data so itcan't leave the organization if
it's got a certain label, forinstance.
So you know, those things areabsolutely crucial.
And again I'll sort of come backto windows 365, because that is
(25:21):
a fantastic tool for, you know,if you've got a remote work,
you know, a fully remoteworkforce, or contractors, or
temporary workers, you don'thave to.
You know, give them a laptopwith a hard drive full of
company data that you knowsomeone, given enough time and
effort, could decrypt and sortof take away.
You know everything's in thissecure bubble that they have to
connect to.
And you, you know I'm actuallytalking to you now from a cloud
(25:44):
pc.
So you know, the fidelity isdefinitely, you know, improved
from from the old days, if youlike.
But yeah, you know, I thinkwindows 365 can really help with
those early kind of initiatives.
But you know, the whole dataand dlp thing is a bit of a task
and it's something whichorganizations need to spend a
(26:05):
lot of time on and thereforeit's not attractive to do, you
know, in terms of that effort,that spend.
And yeah, ultimately that'swhere we're seeing customers now
wave a flag and say help.
You know AI is surfacing thisinformation and actually I don't
even remember what happenedwith Microsoft Delve.
It was kind of similar, wasn'tit?
(26:25):
In terms of, you know, suddenlyusers were given this tool
where they could go in and sortof ask questions of data or see
what their colleagues wereworking on, and it's like you
shouldn't see that.
And you know it comes back topermissions creep.
You know, admins, when they'recreating new users, just going
right click copy and you know,instead of creating a brand new
one and you know we do thosethings to save time, to be much
(26:49):
more effective, but ultimatelyit leads to situations like
we're in now, where permissionscreep and oversharing are
definitely problems.
Mark Smith (26:57):
So so, yeah, to summarize that, because I did
ramble for a little bit is is is, you know, per view, it's dlp,
it's getting the data strategyright and and when you talk
about classification, nobody'sgot time to classify their
documents, right and and say youknow, this is, uh, this should
be secure, this should beprivate, this should be, you
know, for inside our networkonly.
(27:19):
Uh, blah, blah, blah.
And so a lot of these tools nowright, are, they're looking at
the content of, let's say, it'sa Word document you have.
They're looking at the contentand then they're
auto-classifying or auto-taggingup a document.
Because I've found myself righton network and M365, which is,
you know, I'm, on ahighly-policied network is that
(27:39):
I will save a document and in notime at all.
It is that I will save adocument and in no time at all.
It has now become non-shareable, extremely hard to transport it
in any format because of thatclassification.
Of course, if I override theclassification that's been
logged and recorded, et cetera,in case a pattern is starting to
(28:00):
emerge of me moving files offnetworks, the other thing I've
come across with organizationsor individuals leaving
organizations and going.
You know how can I take somestuff and not realizing that
these days, you know, a robustnetwork will be monitoring, just
auto monitoring, not somebodyeyeballing it, but we'll be
(28:20):
logging all that and andcreating a secure um, or what we
call legal hold right of ofwhat is actually going on.
How does that kind of work, andare you seeing that more in the
organizations you're workingwith?
Louis Arthur-Brown (28:34):
yes, definitely, and that's mainly
you know the whole what I wastalking about there in terms of
you know the data strategy andand the power of you.
That's like the precursor toexactly what you're saying there
in terms of you know the autoclassification based on you know
certain indicators within adocument could be a credit card
number, social security number,phone number, any of that and
(28:54):
you can set a policy to say ifit detects.
You know a credit card numbermarkers, highly confidential and
just like you're saying, youknow you can say don't allow
sharing, don't allow X, y and Z.
So, yeah, you can really starthaving some fantastic control
over your data when you get tothat point.
And your point about you knowsomeone leaving the organization
(29:14):
potentially being a threat ofdata exfiltration yeah, you know
, using the Microsoft Stack, asyou're saying you, yeah, you
know, using the Microsoft Stack,as you're saying, you can
absolutely see all thoseindicators.
You need somebody there to lookat those alerts when it flags
up, you know, and to managethose alerts.
And this is where we're seeingcustomers come to us for help
because you get alert fatigue.
You know so much is happening.
(29:36):
You do get false positives andthis is where Sentinel really
comes into its own because ofcourse Sentinel is a SIEM tool.
Where Sentinel really comesinto its own?
Because of course Sentinel is aSIEM tool, but when you start
you know really customizing itand you start tuning it
effectively and it becomes moreof a SOAR tool.
It becomes invaluable Becauseyou know some of those
detections it's closingautomatically.
Your SOC team doesn't havealert fatigue.
(29:58):
At that point you know whatthey're looking at are real
alerts which need real humaneyes on them.
So, yeah, I would say it's veryimportant to do that, but it
does present that challenge,like I said, in terms of alert
fatigue and and making sure thatyou've got eyes on those alerts
.
Mark Smith (30:14):
Louis, this has been an incredible chat.
I've really enjoyed it andgetting your insights.
Anything else you'd like to saybefore we go?
Louis Arthur-Brown (30:21):
No, no, apart from thank you very much
for having me and it's been agreat experience to join your
podcast.
Yeah, it's been fantastic,thank you.
Mark Smith (30:32):
Hey, thanks for listening.
I'm your host businessapplication MVP Mark Smith,
otherwise known as the NZ365 guy.
If there's a guest you'd liketo see on the show, please
message me on LinkedIn.
If you want to be a supporterof the show, please check out
buymeacoffeecom.
Forward slash nz365guy.
Stay safe out there and shootfor the stars.
Welcome to the Power Platform Show.
Thanks for joining me today.
I hope today's guest inspiresand educates you on the
possibilities of the MicrosoftPower Platform.
Now let's get on with the show.
In this episode, we'll focus onAI and cybersecurity.
(00:26):
Today's guest is from GreaterBournemouth in the United
Kingdom.
I don't know that I've everbeen there.
He works at CodeStone as asolution partner.
He holds multiple Microsoft andnon-Microsoft certifications
and exhibit a dynamic leadershipstyle, championing
modernization and application ofemerging technology Beyond
professional realms.
(00:47):
He is pursuing his privatepilot's license and learning how
to kite surf.
If you'd like to know moreabout that, you can find links
to his bio and socials in theshow notes for this episode.
Welcome to the show, Louis.
Hello, good to have you on.
Tell us about food, family andfun.
I always like to start withthese questions to get a bit of
background on what people dooutside of their professional
(01:07):
lives.
Louis Arthur-Brown (01:08):
Absolutely yeah.
So food I do love a curry and aroast dinner you could say it's
the national dishes of the UKAbsolutely love them.
Family I've got a lovelyfiancee and I've got a
five-year-old daughter and an18-month-old daughter as well.
And in terms of fun, uh, yeah,I'm absolutely um enthralled
(01:30):
with the possibility of kitesurfing.
It's something which I'm quiteearly in my journey in, but I am
learning how to kite surf, um,and I'm also um a few lessons in
to my private pilot pilot'slicense.
So, yeah, in terms of pickinghobbies, I know I've picked the
hardest and most expensive andit doesn't really go well with
family, but yeah, it's somethingI can work at at least.
Mark Smith (01:53):
I think that flying is just phenomenal right, the
ability to take a wholedifferent perspective of the
world.
And so, yeah, good luck withthat.
I hope you do well.
And, of course, kite surfingpretty amazing.
I see a lot of kite surfersaround where I live and, uh, I
think I've got to do a bit morework on my body before I'll be
in a position to be able to getout there and throw myself
(02:14):
around over the uh, over thewater, with the?
Uh.
Maybe one day, maybe one day.
Maybe these aerofoils thatthey're on these days are pretty
amazing.
Yeah they truly are.
Tell me about your career path,your career journey.
How did you get into the areaof tech you're in today?
Louis Arthur-Brown (02:37):
Good question.
So I actually started asbelieve it or not as an
aerospace engineer apprentice.
So I did that for maybe five orsix years, hence my interest in
in aviation and getting myprivate pilot's license.
And then I kind of fell into it.
Just I did.
There was a placement availablein my apprenticeship.
I thought, why not?
I'll go sit in the itdepartment for a few months and
(02:59):
I never left.
I did it supports for a fewyears and then got aligned into
service delivery, it managementand then, more recently, it
leadership, in terms of creatingdepartments, cyber departments
focused on revenue growth andexpanding solution portfolios.
Mark Smith (03:17):
Wow, amazing, amazing.
And I find this subject ofcybersecurity incredibly
interesting, particularly as wemove into an age of ai, and I
suppose that the level ofignorance that a lot of people
have at how sophisticated andhow advanced, uh, cybersecurity
(03:37):
is, uh.
One of the cvps at microsoftthat a conference I was recently
at, she said that ifcybersecurity was like an entity
, a government or anorganization or a country entity
, it would be the third largestbased on GDP in the world.
And so I looked that up.
(04:00):
What does it mean to be thethird largest?
Well, the US is the largeststate by GDP, followed by China,
and then third is Germany.
Now, between China and Germany,the amount of money made in
cybercrime globally is thatequivalent of GDP, which is?
That is mind-blowing.
(04:21):
Just how sophisticated,organized.
This is not script kiddies,this is not people just
tinkering on the edges.
This is organized criminalactivity.
And now we introduce AI intothe mix and there needs to be an
increased awareness andeducation around this area of
(04:42):
cybercrime.
What are you seeing?
Louis Arthur-Brown (04:44):
Well, it's exactly that, mark, and I think,
coming back to the fundamentalstatistics, you know like we
still have a worsening skillsshortage.
You know, I think, a status 50%of all UK businesses have a
basic cyber skills gap.
The cost of breaches is risingrapidly and I think last year it
rose by just under two percentglobally, but in the uk it was
(05:07):
8.1 percent.
Just calling that out, becauseI think that isa fantastic stat.
Either uk is being targeted orwe're doing something really
badly, badly wrong.
But I I think I think it comesback to there's never been it's
never been easier to launch acyber attack and nor has there
been a better time to and what Imean by saying it's never been
easier to launch a cyber attackand nor has there been a better
time to, and what I mean bysaying it's never been easier,
(05:28):
is these cyber criminals, theones you mentioned.
You know that they're not justscript kiddies, they're actual
organizations and they'veadopted legitimate business
models and commercial models inorder to to provide things like,
you know, ransomware as aservice.
Even, you know, anybody, evenmy nan, could go and initiate a
cyber attack, as long as she'sspeaking to the right person and
(05:49):
has between $50 and $100 spare.
She can buy a ransomware kitand that can be delivered.
And there's affiliate modelswhich ransomware gangs use in
order to say just point us tothe target and give us a bit of
money and then we'll share 30%of the spoils.
All of those options areavailable to anybody, so your
(06:13):
disgruntled employees or someonewho is more opportunistic can
launch a successful cyber attack.
So that's what I mean by sayingit's never been as easy.
And coming back to the stats, Iwas saying at the off, you know
, nor has there been a bettertime to that.
People are struggling,businesses are, have regulatory
pressures, they have budget cuts, especially post-covid, and and
(06:36):
that skills gap is worsening.
So people can hit businesseswhere it hurts.
And I think what you weresaying about just how profitable
cybercrime is, I think that isa direct result of the symptoms
that we're seeing in the markettoday.
Mark Smith (06:52):
What does the role of somebody in your position,
where you're focusing oncybersecurity what does the day
in the life or the month in thelife of somebody like you look
like?
What does it involve?
Louis Arthur-Brown (07:05):
Yeah, I mean in terms of being a solutions
partner and looking atcybersecurity.
It's trying to predict what'sgoing to happen next and it's
trying to make sure that we havethe readiness, we have the
capabilities in order to react.
You know to respond to thosethings and you know AI is making
that 10 times worse.
(07:25):
The proliferation of AI isaugmenting all of those efforts
which we were talking about.
And again, another stat for youlast year there was a 1,300%
rise in malicious phishingemails.
Well, why?
Because it's so easy to do now,especially with the likes of
ChatGPT and other LLMs out there.
(07:45):
So you know what my day-to-daylooks like is really trying to
get solutions, take solutions toour customers that can help
combat, to help protect themagainst those things.
But one of the things that I'mseeing at the moment is people's
security posture.
It's not complete or it's gotgaping holes, and and one thing
(08:07):
is is that the fundamentalspeople are doing the
fundamentals wrong in terms ofcyber security.
You know there areorganizations out there that I
know they don't have mfa appliedto.
You know, not even 10 of theiruser base, or sometimes not at
all.
And if you're not doing that,yeah, you are setting yourself
up to fail.
So, in summary, really it'sproviding customers with the
(08:28):
tools, with the capabilities todefend against that
ever-increasing threat.
Mark Smith (08:34):
Nice.
So you mentioned MFA,multi-factor authentication.
That's a critical step that youknow.
If you're ever prompted to setthat up on any of your accounts,
you're saying that's a really,that's a fundamental starting
point.
Everybody should be setting upMFA.
Louis Arthur-Brown (08:48):
A hundred percent.
And actually, again, I'm fullof stats today, mark.
You know, I think it says, andthis is a stat from Microsoft so
if you set up MFA and have somebasic cyber hygiene and what
that means is you have aconditional access policy, um,
and you know basic passwordpolicy out there, that can
actually help defend you fromlike 92 percent of all cyber
(09:10):
attacks.
It is crazy.
And and if you add on someother very fundamental things
like vulnerability and riskmanagement you know pen testing,
if you have data lossprotection, you know enabled
microsoft purview, dataclassification, if you have, if
you can afford a SOC service andyou can really look at your
(09:31):
human risk in terms of manage,quantify and manage your human
risk, that will protect you fromabout 98% of all cyber attacks.
This is one thing.
What I'm championing at themoment is because I believe
solutions like Windows 365 canreally help organizations get to
grips with those technologies.
You know, use it as a kind of atestbed if you like to roll out
(09:55):
these policies to, you know, asubset of users to then prove it
before they then roll it out tothe rest of the organization.
And I think you know one of thereasons why some of these
basics aren't in place isbecause of an inherent fear or a
perceived risk, which you knowit's like I don't want to impact
(10:15):
my users.
You know I don't want to lockthem out of the system.
You know it's that usabilityversus security age-old balance.
It's that usability versussecurity age-old balance.
And I do think there is a sortof ignorance in the channel
where it's like I'll do thesethings later, or cyber attacks
that's never going to affect me,when in fact, it's not a case
(10:37):
of if it should be, a case ofwhen.
Mark Smith (10:39):
Really, yeah, I was watching a video recently about
I think it was Steve Jobs beforeApple and how they hacked the
telephone network around theworld, basically reverse
engineered the old dial tonetype phones which would allow
(11:00):
you access into the network andthen you could do an
international dial withoutgetting charged, just because
the way that protocol worked andthe concept of what's called a
walled garden came up and I'dnever understood the concept of
security as a walled garden,which is like an old English
garden, you'd have a very highwall around it and it was done
(11:21):
that nobody could get in.
There was no securityprocedures inside the walled
garden because nobody can get inuntil somebody gets in.
And I see this as a stance thata lot of people take.
They go, listen, our firewallis rock solid, nobody can get
into our organization, ourdefenses are absolutely
(11:43):
impenetrable.
And then they have a network,san.
They have all their data storedin various hard drive formats,
locations and I'm talking aboutlarge financial institutions
still doing this type ofbehavior Because nobody can get
into the walled garden.
And then somebody gets into thewalled garden, they do a
(12:05):
ransomware attack and inAustralia in the last couple of
years we had major scenarios ofthis.
One big healthcare provider hadthis.
They didn't realize thecriminals had got into their
environment and been probably inthe environment for a couple of
months slowly extracting awayall their patient data records,
(12:27):
et cetera, for a major providerin Australia.
And it also happened for atelecommunication company in
Australia and they releasedafter the event the chat
backwards and forwards with thecyber criminals who said listen,
you think that we are not aprofessional business?
We absolutely are.
We're a criminal business, butwe operate under professional,
(12:53):
like any other business would.
And to take us serious in whatwe're saying here, because one
of the things we're like, how dowe know that you're gone when
we pay you out?
And so it was so interestingseeing this whole dialogue come
out.
They overplayed their hand notthe cyber criminals, but the
actual company and the data wasreleased and the data had a
(13:14):
massive impact on a lot ofindividuals because their
passports data was releaseddriver's license data people had
to go get new passports,driver's license and then, of
course, all the medical datawhat diseases individuals had,
which were quite private, whatmedical conditions they had, et
cetera.
That was all published, all inthe public domain for people.
Louis Arthur-Brown (13:38):
Very damaging.
Mark Smith (13:39):
Yeah, so massively impactful and I feel that in
recent, you know, with Purviewas example, from Microsoft, is
that there's there is a need togo and look at security beyond
your walled garden, beyond yourfirewall, beyond like and it is
in so many you know I work for alarge organization that I will
(14:00):
get emails sent out to me thatare phishing emails by the
organization and with the optionto you know, report this as is
uh, spam or report this asphishing email, and then I get
an email back sayingcongratulations, you passed the
test, you know, because youidentified this email as and I
(14:22):
think there's an amount ofeducation in cybercrime as an
awareness Is- that right.
Louis Arthur-Brown (14:28):
You've hit the nail on the head because and
again coming back to the pointyou made about a walled garden,
technically that walled gardenmay be completely impenetrable,
but you need users and users usesystems, users interact with
data and ultimately that's wherethe attack surface has changed,
because they are targetingusers through phishing and
(14:50):
things like that.
So I would agree with youcompletely and say you know,
it's that awareness, um to notonly spread the awareness
through training because, let'sface it, you can all jump onto a
, you know quite a boringtraining course.
You know click, click throughand get a little certificate at
the end.
But I think you know phishingsimulations, social engineering
tests like that that really testthe metal of your users.
(15:13):
You know, test that culture interms of how, how people respond
and how they deal with.
You know, suspect cyber attacksis critical and and I suppose
that that's kind of what I meantby talking about human risk
management, because it's that'show you quantify your human risk
you know you would run like aphishing simulation or that sort
of something physical even, youknow, trying to get someone to
(15:35):
shadow someone for a door, forinstance.
Um, you know, oh, hey, hold thedoor open for me, see if you
can get in the building, see howfar far you know physical pen
testing.
So, yeah, I would say it'sdefinitely the education piece
and it is a bit of a cultureshift, especially when you
consider what's happening withAI.
And you know AI is exacerbatingthis because it is going to
(15:56):
change the game really.
And I think for me the scariestexample of how AI is changing
the game is at the outset of therussia ukraine war, russia did
an attempt to and I say it wasan attempt because it was, it
wasn't very well executed, butthey had, they did an attempt to
deep fake president zelensky ofukraine and and you know, for
(16:19):
those of you listening, you know, a deep fake is, is where a bad
actor can create a video with aperson that looks and sounds
just like the target person thatthey're trying to replicate,
and then the deepfake basicallycalled for ukrainians to lay
down arms, etc, etc.
And it was good enough thatpresident zelensky had to go on
(16:39):
to an emergency press conferenceand say look, this is not me,
this is not me talking.
You know we're still fightingthe fight, etc.
So voice, so voice cloning,deepfake technology is going to
change the game because it'sgoing to expand it outwards.
You know a cyber criminal maylook at someone's LinkedIn
profile and say, okay, you knowthey're going on holiday, you
(16:59):
know, to Malta, and you know, orsomeone's you know child might
be going away to a certaindestination.
And if they, if they can getthat information through social
media, there's nothing stoppingthem calling that parent or that
spouse with someone who soundsexactly like the target or looks
exactly like the target, askingthem, you know, to wire some
money.
So and I think this is whereeducation comes in because you
(17:23):
know you can spot various talesat the moment with this type of
attack, but you know it'smindset.
You know, even if it looks andsounds just like you know the
person who they're purporting tobe, just ask them.
Do you mind if I call you back?
You know, hang up and thencontact them.
You know that's one example ofhow you can adopt some really
(17:43):
basic principles to help defendagainst this emerging threat.
Mark Smith (17:48):
Yeah, yeah, so interesting about that whole
area of deepfake in video andaudio.
I read a book called AI 2041.
It was written in 2021.
So the idea of within 40 years,where will we be, and that
whole concept, you know, in thepast we used to have virus
(18:09):
scanners on our computer waspretty standard, and now it's
inherently built into the systemand we don't think about
getting a third-party virusscanner.
But in the future of deepfakes,is that they will be so good
that humans will not be able todetect them at all?
You won't say, well, I canalways tell an AI it's going to
be so good that humans will notbe able to detect them at all.
You won't say, well, I canalways tell an ai, well, it's
going to be so good you won't beable to tell.
(18:29):
And and therefore we'll needsoftware to tell us that, hey,
what you're looking at isactually not the real person,
it's not there.
You know that type of thing.
And then, of course, you'regoing to have the cat and mouse
game is is your got the latestdetector of copy as to what the
cybercrime is happening?
(18:49):
The other thing I saw the otherday a stat that was if we looked
at the World Wide Web, www, theinternet as we know it, and
then looked at the dark webbelow it.
It's like the World Wide Web isthe tip of an iceberg and
there's a lot that goes on underthere that 99% of probably most
people would never have anyidea of.
(19:11):
That's right, the element thatexists under that layer and that
iceberg concept.
How does you know?
We've talked about MFA.
We're talking aboutunderstanding what looks like a
phishing email and what lookslike somebody doing a deep fake.
(19:31):
What other type of securitypostures should people be
building into their lives?
Louis Arthur-Brown (19:37):
So yeah, in terms of looking at a security
framework, I think it's probablythe best way, and the best one,
which is widely agreed upon, isdefinitely zero trust.
You know, it's that element ofdefense in that having fail
safes so that if one systemfails, another system will pick
it up.
But also taking it further tosay, well, you know, never trust
(19:59):
, always verify, you know, don't, you know, reduce your implicit
trust, because that, ultimately, is how bad actors will spread
laterally across a network.
It's because of, you know,implicit trust and things that
they shouldn't have permissionsto, that they do.
So it's really those things.
So I would say, yeah, zero trustis the primary one.
(20:20):
So I would say, yeah, zerotrust is the primary one.
But, of course, if you're going, you know, if you're looking at
AI, if you're going to initiatea project and try and develop
your own large language model,it's also other things like well
, actually there is a standardISO 42001, which is, you know,
which will help keep you a bitmore secure in your AI endeavors
.
But fundamentally, iso 27001,cyber Essentials Plus and
(20:54):
aligning to a zero trustframework is probably the best
things you can do right now.
Mark Smith (20:56):
Interesting.
I've noticed in the lastprobably 18 months, maybe a bit
longer Microsoft really seems tobe investing a lot in the zero
trust area and that insideorganizations things like
SharePoint have proliferatedacross an organization and in
there is often data that's beenthere for whatever reason, you
(21:20):
know.
Let's say it's an onboardingform in HR which asks for who
are your next of kin, who's yoursupport contact in case of
emergency.
Of course, that's all PIIinformation, and a protocol has
been used across organizations,called security by obscurity.
(21:42):
Nobody knows how to find it.
It's there in plain sight butnobody knows how to access it.
So we're all good.
And then we introduce AI intoan organization, we bring in
Copilot.
It looks at the Microsoft Graph, all those data points are all
lined up and then all of asudden, a model that is
brilliant at understandingpatterns and identifying pattern
(22:04):
matching et cetera, starts topull all this PII data together
because somebody says, hey,what's Bob in accounting?
You know where does he live?
Louis Arthur-Brown (22:15):
Hello, how much is he getting paid?
Mark Smith (22:17):
Yeah, how much is he getting paid?
Has he got any passwords stored?
Right?
Let's see if there's anypasswords or credit cards or
anything like that.
And so you get this potentialfor an internal bad actor inside
an organization.
But then there's just the dumbstuff that people do without
thinking because they're busy.
I have an incredibly popularname, mark Smith, very common in
(22:41):
the Western world.
Name Mark Smith, very common inthe Western world, and the
amount of times I get emailssent to me because Mark Smith
has been selected in theautocomplete of their email and
attachment has been added.
And then I get an email thatwas never intended for me.
I wasn't the intended person byany stretch.
I'm talking about loandocuments I'm talking about so.
(23:02):
Therefore, you know, imagine aloan document, all the
addressing details, all theguarantors, the financial
amounts, all that all sent to mefor my approval.
Um, from other countries, youknow.
And so you get this scenario ofpeople accidentally doing
things, accidentally oversharing.
I mean, the simplest one issomebody putting in the CC field
(23:23):
an internal group right, whichhas a thousand people in that
group, and now all thosepeople's addresses are exposed
and you know it could be addedto an email scam list or
anything like that?
What are organizations doing tokind of harden up their
position, or what technologies,or to for the accidental, uh
(23:46):
threat you know, made by folksthat are not not malicious by
any stretch, but oopsie well.
Louis Arthur-Brown (23:53):
So, yeah, to answer the question directly,
you know it's using things likemicrosoft purview, so dlp or
data loss prevention, uh,policies that you know they,
they're super, super important.
You know, and that willactively you know, if it's
applied and set correctly, thatwill actively prevent that type
of data being leaked to the, youknow, unintended recipient.
(24:15):
And then, you know, going a bitfurther in terms of, you know,
classification, label policiesof your data.
Then, fundamentally, what itboils down to is having a solid
data strategy.
You need to, and this is whatwe're seeing at the moment is in
terms of customers reallyneeding that support in terms of
, well, where is my data?
(24:36):
Just like you were saying,we've got data all over the
place.
It's years old Applying dataretention policies, um, to tidy
up that data, because of course,gdpr states that.
You know you can't keep datafor longer than what is
necessary.
So you know, comes intoregulatory compliance realms as
well, but but you know it'sdiscovering what, where your
(24:57):
data is, what it's doing, whoneeds it, is it still relevant?
And then really creating a planto then classify and label your
data so you understand it, andthen applying the policies to
then control the data so itcan't leave the organization if
it's got a certain label, forinstance.
So you know, those things areabsolutely crucial.
And again I'll sort of come backto windows 365, because that is
(25:21):
a fantastic tool for, you know,if you've got a remote work,
you know, a fully remoteworkforce, or contractors, or
temporary workers, you don'thave to.
You know, give them a laptopwith a hard drive full of
company data that you knowsomeone, given enough time and
effort, could decrypt and sortof take away.
You know everything's in thissecure bubble that they have to
connect to.
And you, you know I'm actuallytalking to you now from a cloud
(25:44):
pc.
So you know, the fidelity isdefinitely, you know, improved
from from the old days, if youlike.
But yeah, you know, I thinkwindows 365 can really help with
those early kind of initiatives.
But you know, the whole dataand dlp thing is a bit of a task
and it's something whichorganizations need to spend a
(26:05):
lot of time on and thereforeit's not attractive to do, you
know, in terms of that effort,that spend.
And yeah, ultimately that'swhere we're seeing customers now
wave a flag and say help.
You know AI is surfacing thisinformation and actually I don't
even remember what happenedwith Microsoft Delve.
It was kind of similar, wasn'tit?
(26:25):
In terms of, you know, suddenlyusers were given this tool
where they could go in and sortof ask questions of data or see
what their colleagues wereworking on, and it's like you
shouldn't see that.
And you know it comes back topermissions creep.
You know, admins, when they'recreating new users, just going
right click copy and you know,instead of creating a brand new
one and you know we do thosethings to save time, to be much
(26:49):
more effective, but ultimatelyit leads to situations like
we're in now, where permissionscreep and oversharing are
definitely problems.
Mark Smith (26:57):
So so, yeah, to summarize that, because I did
ramble for a little bit is is is, you know, per view, it's dlp,
it's getting the data strategyright and and when you talk
about classification, nobody'sgot time to classify their
documents, right and and say youknow, this is, uh, this should
be secure, this should beprivate, this should be, you
know, for inside our networkonly.
(27:19):
Uh, blah, blah, blah.
And so a lot of these tools nowright, are, they're looking at
the content of, let's say, it'sa Word document you have.
They're looking at the contentand then they're
auto-classifying or auto-taggingup a document.
Because I've found myself righton network and M365, which is,
you know, I'm, on ahighly-policied network is that
(27:39):
I will save a document and in notime at all.
It is that I will save adocument and in no time at all.
It has now become non-shareable, extremely hard to transport it
in any format because of thatclassification.
Of course, if I override theclassification that's been
logged and recorded, et cetera,in case a pattern is starting to
(28:00):
emerge of me moving files offnetworks, the other thing I've
come across with organizationsor individuals leaving
organizations and going.
You know how can I take somestuff and not realizing that
these days, you know, a robustnetwork will be monitoring, just
auto monitoring, not somebodyeyeballing it, but we'll be
(28:20):
logging all that and andcreating a secure um, or what we
call legal hold right of ofwhat is actually going on.
How does that kind of work, andare you seeing that more in the
organizations you're workingwith?
Louis Arthur-Brown (28:34):
yes, definitely, and that's mainly
you know the whole what I wastalking about there in terms of
you know the data strategy andand the power of you.
That's like the precursor toexactly what you're saying there
in terms of you know the autoclassification based on you know
certain indicators within adocument could be a credit card
number, social security number,phone number, any of that and
(28:54):
you can set a policy to say ifit detects.
You know a credit card numbermarkers, highly confidential and
just like you're saying, youknow you can say don't allow
sharing, don't allow X, y and Z.
So, yeah, you can really starthaving some fantastic control
over your data when you get tothat point.
And your point about you knowsomeone leaving the organization
(29:14):
potentially being a threat ofdata exfiltration yeah, you know
, using the Microsoft Stack, asyou're saying you, yeah, you
know, using the Microsoft Stack,as you're saying, you can
absolutely see all thoseindicators.
You need somebody there to lookat those alerts when it flags
up, you know, and to managethose alerts.
And this is where we're seeingcustomers come to us for help
because you get alert fatigue.
You know so much is happening.
(29:36):
You do get false positives andthis is where Sentinel really
comes into its own because ofcourse Sentinel is a SIEM tool.
Where Sentinel really comesinto its own?
Because of course Sentinel is aSIEM tool, but when you start
you know really customizing itand you start tuning it
effectively and it becomes moreof a SOAR tool.
It becomes invaluable Becauseyou know some of those
detections it's closingautomatically.
Your SOC team doesn't havealert fatigue.
(29:58):
At that point you know whatthey're looking at are real
alerts which need real humaneyes on them.
So, yeah, I would say it's veryimportant to do that, but it
does present that challenge,like I said, in terms of alert
fatigue and and making sure thatyou've got eyes on those alerts
.
Mark Smith (30:14):
Louis, this has been an incredible chat.
I've really enjoyed it andgetting your insights.
Anything else you'd like to saybefore we go?
Louis Arthur-Brown (30:21):
No, no, apart from thank you very much
for having me and it's been agreat experience to join your
podcast.
Yeah, it's been fantastic,thank you.
Mark Smith (30:32):
Hey, thanks for listening.
I'm your host businessapplication MVP Mark Smith,
otherwise known as the NZ365 guy.
If there's a guest you'd liketo see on the show, please
message me on LinkedIn.
If you want to be a supporterof the show, please check out
buymeacoffeecom.
Forward slash nz365guy.
Stay safe out there and shootfor the stars.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.