Module 9: 1.30 – 3.00pm (1.5 Regulatory / Management / General CPD Points)

Tuesday 3rd December 2019 = Seminar 9(a) in the Postal Booking Form

Tuesday 10th December 2019 = Seminar 9(b) in the Postal Booking Form

Cyber Security 2019 – An Industry View

‘Understanding The Risk Is The First Step Towards Reducing It’

With such a heavy reliance on technology and connectivity in our practices today it is no wonder security has become a growing area of concern for us, as in most organisations. Security risks are at an all-time high with the media reporting on new security breaches and threats almost every day, and law firms have not escaped. Not only are there huge legal consequences of a data breach, there are also reputational and financial implications that can have a profound impact on any firm or organisation.

Objectives of talk:

This session will aim to educate us on the most prominent risks that are present in today’s business environment. It will be delivered in a non-technical capacity and will highlight:

  1. DLP (Data Loss Protection)
  • The importance of data loss protection to an organisations integrity, reputation and financial operation [GDPR]
  • Vendor controls
  • Securing your enterprise email
  1. Ransomware -v- Targeted Ransomware
  • Shift in behaviour from pre-2016 Ransomware attacks to post-2016 targeted ransomware attacks

–    Phase 1: Recon & Lay dormant
–    Phase 2: Activate 16-18 months in

  • Social engineering – profiling – spoofing
  1. Threat Intelligence
  • IR & EDR response
  • Data
  • Logs, events, SIEM, data analytics
  1. Phishing
  • Your employees are your first line of defence, educating your employees to protect your organisation
  1. Access Control
  • Protecting your organisation from whom is required and authorized to access your network
  • Segregation of duties and admin controls
  1. Compensating security controls to your estate
  • Controls such as IDS/IPS, Firewall, Security Perimeters
  1. Deception
  • Creating deception within your estate is key.


David Cahill is Security Strategy and Architecture Manager for AIB, with 14 years Information Security experience within the Irish financial services space, and in advising on best practices for designing corporate security policies including Cyber Defence, Mobile Device Management and Security Awareness. David is also a committee member of the Irish Information Security Forum (IISF), a non-for-profit group which was established primarily to improve the understanding and practice of Information Security within the business computer user community.