Siân John shares how organisations can demystify cybersecurity

Siân John shares how organisations can demystify cybersecurity

NCC Group

The NCC Group executive explains how the firm’s collaboration with Microsoft helps businesses to better protect their critical assets as cyberattacks continue to surge   

Alice Chambers |

Cyberattacks are continuing to rise in sophistication and frequency. For instance, ransomware attacks have increased by more than 200 per cent since September 2022, according to Microsoft Digital Defense Report 2023. With cyberattacks at an all-time high – totalling more than 4,000 identity attacks per second – organisations are turning to security experts for help.  

“Our focus is looking at how we can demystify cybersecurity and help our clients be compliant with regulation in a world with ever-emerging security threats,” says Siân John, chief technology officer at NCC Group and former senior director of security business development at Microsoft. “We do that through risk management; consulting, implementation and technical assurance services; and incident response.” 

NCC Group is a global cybersecurity organisation that operates across multiple sectors with the core vision to create a secure digital future. It works with technology firms such as Microsoft and the Microsoft Intelligent Security Association (MISA) to help protect businesses against cyberthreats.  

“We provide Managed Extended Detection and Response (MXDR) to our clients and support a variety of market-led technologies within our solution including Microsoft Sentinel, Defender and wider Microsoft 365 security capabilities,” says John. We further augment those with our own threat intelligence capabilities. This enables us to provide clients with custom integrations, extensive enrichment automation and faster threat detections. 

For example, NCC Group helped a large nonprofit organisation detect a phishing scheme by increasing its threat visibility with its MXDR solution.  

“One of our threat intelligence tools includes an online exposure monitoring service, which can search for exposed data about certain organisations or executives on the dark web to combat security breaches that are already in progress,” says John. “We also offer consulting implementation, where we ensure that businesses have the correct combination of technology and human expertise for people-powered, technology-enabled cybersecurity.” 

“Our partnership with Microsoft allows us to ensure we’re making the best use of Microsoft security products so we can confidently provide strong managed services and innovative technology to our clients,” says John. “As part of the MISA association, Microsoft provides us with extra access to the expertise we need to make sure that integrations into our managed services are being made in the most effective way possible. Plus, early access to technology means we can be ahead of the curve in terms of supporting our clients.” 

The support works both ways, with NCC Group’s teams providing expertise to Microsoft too. NCC Group became a Microsoft Security Copilot partner in November 2023 to support the development of the tool with technical assurance and penetration tests. 

“We’ll add value to Security Copilot by bringing our threat intelligence and the insights and context we get from our understanding of our customers and expertise in other areas,” says John. “For example, we can take insights from penetration tests and pull on that data to help people make advanced decisions.” 

The cost of cybercrime is projected to hit an annual $10.5 trillion by 2025, according to Cybersecurity Ventures. Consequently, NCC Group is utilising technologies such as artificial intelligence to continue to provide its innovative security services.  

“We have some of the smartest people in the industry and they’re continually motivated to think about how we can make the world a safer place,” says John. “For example, when new technology comes out such as AI, they look into how it can be used by bad actors and create responses to help people.” 

NCC Group is also researching how people can implement AI for best use cases.  

“Looking at threats is one of those things that we’ve been focusing on with AI, especially in terms of how we can protect against its misuse,” says John. “The biggest thing now for us is how we can help clients to use AI in a secure way by establishing what threats there are and how we use AI models safely. It’s also never too early to start preparing for the post-quantum world in encryption and we’re looking at how we can deal with other emerging technology as they come along for our clients.” 

This article was originally published in the Winter 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription. 

Subscribe to the Technology Record newsletter

  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.