When a cyber-criminal gang strikes a major global corporation, dealing with both the technical details and forensics, as well as the high stakes business fall-out, can be an overwhelming task, in which time is of the essence. Testing the skills of the next generation of cyber-defenders in such a scenario was the central focus of PwC's UK HQ cyber forensics investigation challenge, this past weekend.
The competition, the latest in the series from the Cabinet Office-backed Cyber Security Challenge UK, tasked a group of 22 amateur cyber defenders with stopping a simulated cyber-terror strike on a fictitious multinational energy giant. The staged attack replicated the same techniques used by real cyber-criminal gangs, while contestants were immersed in a scenario mirroring PwC’s role in such an attack.
Participants were provided a forensics lab environment and given authentic PwC cyber-forensics technology to investigate and stop the mock attack.
Once the teams of candidates, chosen after six months of virtual qualifying rounds, identified the potential 'holes' that could be exploited by the cyber terrorist group, they reported findings and proposed actions before a board of PwC executives. Team 4, made up of Andy Snowball, Steve Haughton, Jeremy Fox, David Betteridge were crowned the winning team, taking home a variety of prizes, including an AR Drone 2.0 each.
“PwC’s recent CEO survey revealed cybersecurity as one of the top three concerns for business leaders,” said Andrew Miller, cybersecurity director at PwC. “As the cyber-threat landscape continues to evolve and cyber moves up the board agenda, the time is right to attract new talent into the industry.”
He added that making the challenge dual-pronged—i.e., focused on both IT skills and business know-how—is critical in dealing with the modern threat landscape.
“Having the technical know-how to defend against and respond to cyber-incidents is essential, but it is equally important to develop the soft skills needed to thrive in a business environment,” he explained. “To build a successful career in the cyber-industry, individuals will need to be able to communicate the risk and be confident in finding solutions to problems.”
Winner Fox, 28, an ex-financial trader-turned-software developer, said: "I realized today there's a lot more than the technical side of security. There's a different edge to it. You can be a detective finding little pieces of evidence, putting them together and building the story. Even in the lift on the way up to the board room, we were arguing over who was the guilty party."
In addition to the winning team, ten participants also qualified for the 2015 Cyber Security Challenge UK Masterclass Final based on an assessment of their individual contributions. The Masterclass will bring together an industry consortium including BT, GCHQ, NCA, Lockheed Martin, Juniper and Airbus Group, who have been working for nearly a year to design a cyber-terror simulation billed as being the most-realistic ever staged in the UK.
“In Davos last week we saw how high cybersecurity has climbed up the political agenda, especially in respect to the threat it poses to our critical national infrastructure,” said Stephanie Daman, CEO at Cyber Security Challenge UK. “Whilst technologies and regulation can play their part in the solution, we will lose the fight against a growing cyber-criminal world if we don't find enough high-quality people to keep the internet a safe place for us all to enjoy. The scenario PwC has created so realistically here today is not just to sell the industry as a great career option to our candidates, it is also an accurate representation of where cybersecurity is going."