2018 Insurance Innovation Awards – The Insurance Community Decides

If you’re reading this, you’ve doubtless heard countless times about the ‘disruption’ facing insurance. This is nothing new. The need to become customer-centric and to adopt new technologies from the many available are two factors driving this ‘disruption’. Again, nothing new here.

But what is new is how we, as a community act, on the opportunities before us. We are bombarded every day with new technology, new opportunities and different solutions to meet disruption. In the context of this sweeping change across the insurance industry, we believe it’s right to recognize and celebrate those companies and individuals taking risks, daring to lead and breaking new ground in insurance innovation. Enter the Insurance Innovation Awards.

We asked the global insurance community to submit their nominations and the level of responses was exceptional. There are three categories of award: ‘Innovation Carrier of the Year’ (the insurance carrier who has made the biggest advances in insurance innovation), ‘Innovation Vendor of the Year’ (the solution-provider that has demonstrated exceptional innovation within Insurance over the past year) and ‘Innovation Leader of the Year’ (an individual who led an exceptionally innovative project or transformation, from any organization). Previous winners include Lemonade CEO, Daniel Schreiber, Allstate Insurance and their Head of Personal Lines, Glenn Shapiro.

“It was an incredible honor to be recognized in last year’s Insurance Innovation Awards,” said Allstate’s Glenn Shapiro, president of Allstate Personal Lines. “As I mentioned when receiving the award, the Allstate Claims team deserves the credit. This was a testament to their relentless focus on innovation and customer experience and the achievement was a tremendous source of pride for Allstaters across the enterprise. Awards that celebrate innovation are so important to our industry. I encourage everyone to take part and share their success stories.”

The finalists for all categories are as follows:

Innovation Carrier of the Year:

  • AIG
  • American Family Insurance
  • American Modern Insurance
  • CSAA Insurance Group
  • QBE North America
  • Root Insurance Company
  • Society Insurance
  • Union Insurance
  • Zurich UK

Innovation Leader of the Year:

  • Ilya Bodner, Bold Penguin
  • Mark Budd, Zurich
  • Yosha Delong, Zurich
  • Michelle Rustler, American Family
  • Bryan Derbyshire, TicketGuardian
  • Amandah Greiling, Zurich
  • Raj Pofale, Claim Genius

Innovation Vendor of the Year:

  • Big Wave Systems
  • Claim Genius
  • dacadoo
  • Eddy Solutions
  • Exacter, Inc.
  • Fiserv
  • Hortonworks
  • Levio
  • Microsoft
  • Paperclip Inc.
  • Optimity
  • Pineapple
  • ProNavigator
  • RedPoint Global
  • ROC-Connect
  • SCA Appraisal Company
  • See Your Box
  • Slice
  • Verisk

The Insurance Innovation Awards are being held in conjunction with the Connected Insurance USA Summit, taking place November 28th – 30th at the Radisson Blu Aqua Hotel, Chicago. The awards ceremony will be held at the conference on the evening of the November 28th, where the winners of all categories will be announced. For more information, visit the website at https://events.insurancenexus.com/connectedusa/, or get in touch with me at: emma.sheard@insurancenexus.com

Emma Sheard



Carbon Black Threat Report Reveals Destructive Cyberattacks Increasing Ahead of 2018 U.S. Midterm Elections

Carbon Black (NASDAQ: CBLK), a leader in next-generation endpoint security delivered via the cloud, has announced the release of its Quarterly Incident Response Threat Report (QIRTR) aggregating key findings from IR partner investigations during the last 90 days.

Among the key findings from the report:

  • Destructive cyberattacks are on the rise. IR firms said that victims experienced destructive attacks 32% of the time
  • Of 113 investigations Carbon Black partners conducted in the third quarter, 41 percent stemmed from Russia and China
  • Two-thirds of IR professionals interviewed believe cyberattacks will influence the upcoming U.S. elections.

The QIRTR aggregates qualitative and quantitative input from 37 Carbon Black IR partners. The report’s goal is to offer actionable intelligence for business and technology leaders, fueled by analysis of the newest threats, and expert insights on how to stop them. This is Carbon Black’s second quarterly report since introducing the QIRTR in July.

“Our research found that today’s attackers are increasingly punitive, sophisticated and confident,” said Tom Kellermann, Chief Cybersecurity Officer for Carbon Black and one of the report’s authors. “And because of the dark web, they have access to complex tools and compromised infrastructures, including voter databases. This allows attackers to exploit new security vulnerabilities and operate at a higher level of sophistication than before.”

Carbon Black researchers also found 20 different state voter databases available for purchase on the dark web, several from swing states. Critical information in these offerings include voter IDs, full names, current / previous addresses, genders, phone numbers, and citizenship status, among other information.

According to the research, the dark web also offers hacking and influence campaigns targeting social media sites, as well as hackers for hire, who offer to target government entities for the purposes of database manipulation, economic/ corporate espionage, DDoS attacks and botnet rentals.

In conjunction with the report’s release, Carbon Black hosted its inaugural Incident Response Partner Advisory Council (IR Council) meeting in Chicago on October 30. Designed to be an open, engaging environment, the IR Council provides the Carbon Black Incident Response partner community, which totals more than 100 partners, an opportunity to share knowledge and best practices with peers and help guide the direction of Carbon Black’s existing and future products and solutions. IR Council members include security thought leaders from Ankura, Critical Start, Crowe, Grant Thornton, HALOCK Security Labs, IBM, Kroll, Lifars, Nisos Group, NTT Security, Optiv, Rapid7, Sylint and Trustwave.

Click here to download the full report from Carbon Black: https://www.carbonblack.com/quarterly-incident-response-threat-report/november-2018/.




British Airways Second Hack Attack

It has been recently reported that British Airways are the victim of a second hack, that has affected 185,000 people. Customers of BA may have had payment card details stolen in the most recent attack on the BA website.

Dr Guy Bunker, SVP of Products, Clearswift, comments on the second BA hack:

“Finding a second attack is not uncommon. And there may well be more. The sophisticated attacks which are now carried out by organised criminals are designed to have multiple aspects – such that if one is discovered there are secondary or tertiary attacks ongoing. When finding one vulnerability in an IT infrastructure it will be exploited to its maximum, and within that exploit further discovery will be carried out as to what other pieces of malware can be introduced. Once an infection takes hold of an environment, it often becomes easier to start from scratch to rebuild it rather than try and take out the malware infections one by one – where, if you miss one as it is hibernating, you could end up back at square one in a few weeks or months’ time.

From a GDPR perspective, this could be seen as a separate incident, therefore two sets of fines could be imposed. Time will tell if this is the case. What is certain is that BA will need to redouble their efforts to prove that they and their suppliers have a malware free infrastructure in order to begin the process of rebuilding trust with its customers.”



Cyber Security Summit & Expo set to provide unrivaled content for its 9th edition

On November 15th at the Business Design Centre in London, the Cyber Security Summit & Expo the UK’s leading one day event dedicated to cyber security in both the public and private sectors returns for its 9th year. Aside from the dedicated Cyber Security Summit, the event also features the Data Protection Summit focussing on the impact of GDPR as well as providing an essential update on the latest legislation. This is complimented by a series of free-to-attend conference streams on the exhibition floor that will take the delegate through a journey from an initial cyber breach thorough to the recovery and how a future cyber-attack can be prevented.

The event will build on last year’s new expo centric format by delivering industry inspired content from household names in both the private and public sectors. These include Will Smart CIO of NHS England and Pascal Hetzscholdt, Director of Content and Protection for Europe and Africa at 21st Century Fox as well as key insight from leading technology providers. Balancing technical discussions with real life case studies and keynotes from leading organisations the Cyber Security Summit & Expo will provide clarity for those looking to understand the multitude of threats posed today.

Both the Cyber Security and Data Protection Summit are designed for C suite and director level professionals as well as those looking for advice and case studies on the latest cyber threats and data protection issues. The Cyber Security Summit itself will feature a plethora of organisations from both the public and private sectors. Organisations on this stage in addition to the NHS and 21st Century Fox include; NCSC, the FCA, Health and Safety Executive (HSE), the United Nations and more. The Data Protection Summit also offers a stellar speaker line up with presentations from organisations such as the ICO, DEFRA, Mastercard, Privacy International, techUK, The Trainline and more. Tickets are priced at £599 for the private sector and £399 for the public sector. Click Here to access further ticketing information.

The 3 free-to-attend ‘Industry Stages’ the “breach”, the “recovery” and the “prevention” showcase organisations including the likes of AIG, JustGiving, NHS, Innovate UK, the Austrian Government, Nielsen Ratings and many more. To access a ticket to the free to attend exhibition please click here.


  • Senior representative, National Cyber Security Centre
  • Tom Parkhouse, Head of Nuclear Cyber Regulation, Office for Nuclear Regulation
  • Peter Brown, Group Manager (Technology Policy), Information Commissioners Office
  • Stephen Browning, Interim Challenge Director – Next Generation Services, Innovate UK

Technology and solution providers exhibiting at the Cyber Security Summit & Expo include providers such as; Darktrace, Egnyte, Hewlett-Packard, Lloyds Register, Performanta, Onetrust and more.

Other major features on the exhibition floor include the interactive HackChat and the CyberXchange

The exciting HackChat feature will provide visitors with stories and interviews from technology leaders, cyber security professionals and black/white-hat hackers at the forefront of cyber security today. Headlining the HackChat feature will be Cal Leeming who at 12 years old was the youngest person to be convicted of hacking) providing a live interactive demonstration of a hack with the audience. The CyberXchange will offer access to key trade bodies such as techUK, IRMS, the Cabinet Office and NCSC to ensure visitors are given the opportunity to ask the questions they need to help them protect their business.

Speaking ahead of the event Portfolio Director James Samuel states “As the ONLY event supported by HM Government and the NCSC the 9th edition of this annual collaboration of cyber security leaders, data protection officers, IT experts and technology innovators continues to be a must attend event. Amidst the number of ever increasing cyber-attacks in both the public and private sector in this year alone there has never been a more prevalent time to meet with leading suppliers and to listen to leading experts to ensure that your organisation doesn’t become the next victim to cyber crime

To register for the summit or for your free exhibition visitor ticket, click here.

2017 Testimonials

  • Mike StJohn-Green, Honorary Fellow and Technical Advisor, University of Warwick – Information Security Forum – ‘The latest perspective from central government, the hacking world and regulators was great. A couple of lively panel discussions gave speakers and audience some fresh ideas on talking to the Board and how to measure security. This world changes so quickly, there is always something new to hear each year at this conference.’
  • Tom Parkhouse, Superintending Inspector Head of Civil Nuclear Cyber Security Regulation, Office for Nuclear Regulation – ‘The agenda was packed with excellent opportunities for interaction on contemporary issues on the Summit conference floor, at the break-out events, and at the expo.’
  • Jasvinder Pham, Information and Cyber Security Manager, High Speed 2 – ‘I really enjoyed partaking in the HackChat! It was fabulous to listen into the subsequent interviews as the selected speakers all made interesting points and showed passion for the subject matter discussed!’



New York State Supreme Court Rules STRmix™ Use Is Admissible

A New York court has ruled that STRmix™ – the sophisticated forensic software used to resolve mixed DNA profiles previously thought to be too complex to interpret – is generally accepted in the relevant scientific and legal communities.

In denying a defense motion in People v. Terrance Yates (Indictment No. 10663-2016) to preclude DNA evidence obtained through the use of STRmix™, New York State Supreme Court Judge Sharon D. Hudson cited numerous precedents regarding the admissibility of novel scientific theory in ruling, “Courts have nearly universally admitted the results of these genotyping software programs over objection in Frye/Daubert litigation.”

The Frye and Daubert standards require that a new or novel scientific technique must be based on scientific principles or procedures which have been sufficiently established and generally accepted in the relevant scientific community. Moreover, the particular evidence derived from the scientific technique and used in an individual case must have a foundation that is scientifically reliable.

In the current case, the defendant was charged with second degree criminal possession of a weapon and other related charges. The defendant was in possession of a loaded handgun in the vestibule of a residential building in Brooklyn, NY.

Police swabbed the firearm in question for DNA evidence and the swabs were then submitted to the Office of the Chief Medical Examiner for DNA testing. A comparison of the defendant’s DNA profile to the “slide grooves, slide release, hammer” mixture on the firearm led the STRmix™ analysis to show that the DNA was approximately 221,0000 times more probable if the sample originated from the defendant and two unknown persons than if it originated from three unknown persons.

The case marks at least the 24th successful admissibility hearing for STRmix™ in the U.S., while DNA evidence interpreted with STRmix™ has been successfully used in numerous court cases.

STRmix™ is now being routinely used to resolve DNA profiles by 36 U.S. forensic labs, including the FBI and the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF). STRmix™ is also in various stages of installation, validation, and training in more than 50 other U.S. labs.

Internationally, STRmix™ has been used to interpret DNA evidence in more than 100,000 cases since 2012. It is currently being used in forensic labs in Australia, New Zealand, England, Scotland, Ireland, Finland, Dubai, and Canada. The code for three versions of the software has now been independently examined and in all cases admitted.

STRmix™ LTD introduced a new version of the software, STRmix™ v2.6, in August 2018. The new version features a user interface that has been completely redeveloped and refreshed, providing users with vastly improved usability and workflow. Version 2.6 also enables a range of contributors to be entered when performing a deconvolution, and any type of stutter to be added and configured.

STRmix™ was developed by John Buckleton, DSc, FRSNZ, and Jo-Anne Bright of the New Zealand Institute of Environmental Science and Research (ESR), and Duncan Taylor from Forensic Science South Australia (FSSA).

For more information about STRmix™ visit www.strmix.com.



UK Small Businesses Targeted With 65,000 Attempted Cyber Attacks A Day

  • Hiscox study highlights the number of attempted cyber attacks on UK small businesses every day
  • While most attempts fail, a small business in the UK is successfully hacked every 19 seconds
  • Cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs every year
  • Real-time cyber attack attempts can be viewed at www.hiscox.co.uk/cyberlive and are also being streamed on billboards across the UK

Small businesses in the UK are the target of an estimated 65,000 attempted cyber attacks every day, according to new figures1 from specialist global insurer Hiscox.

The estimates are based on tests undertaken by the insurer which monitor, in real-time, the total number of attempted attacks on three ‘honeypot’ computer systems which are typical of those used by small firms across the country.

The total number of attempted attacks ranged from 900 to 359,000 in each 24 period, averaging 65,000 over the three weeks the servers have been monitored.

In order to raise awareness of this issue, Hiscox is live streaming the number of attempted attacks to its website at www.hiscox.co.uk/cyberlive and also broadcasting the figures live on over 100 billboards across the UK.

Successful attacks

According to the insurer, almost one in three (30%2) UK small businesses suffered a cyber breach last year – equivalent to over 4,500 successful attacks per day or one every 19 seconds.

Cyber security incidents cost the average small business £25,700 last year in direct costs (e.g. ransoms paid and hardware replaced) but this is just the beginning. Indirect cost such as damage to reputation, the impact of losing customers and difficulty attracting future customers, remains unmeasured but is expected to significantly exceed this.

James Brady, Head of Cyber, Hiscox UK & Ireland commented: “We know small businesses in the UK are hot targets for cyber criminals and these figures highlight the alarming extent of this. Most small businesses recognise the threat that cyber criminals pose on a global scale, but are less convinced of the risks facing their own operations, considering themselves ‘too small’ to be worthy targets, but this just isn’t the case.

“Hackers are prolific and sophisticated which makes staying on top of cyber security a challenge for all organisations. With many small businesses lacking credible cyber security strategies to help manage and prevent such attacks however, the impact when they do occur can be disproportionality severe.

“Outsourcing cyber security management is one option as this can be a more cost effective way to access instant, scalable resources in the event of an attack. The best cyber insurance policies will provide exactly that – practical support including legal advice, forensics and reputation management to help get a business back up and running as quickly as possible.”


When questioned, only 52% of UK small businesses stated that they have a clear cyber security strategy in place to manage the impact of an attack, which Hiscox says can significantly hamper their ability to detect, manage and prevent security breaches, as well as make the overall impact much more severe.

Experts agree that communication during and after a cyber attack is critical to managing it, yet only 56% can say with confidence that they fully disclose details of a cyber attack to the relevant internal and external stakeholders.  This is particularly concerning given the introduction of GDPR this year, which requires all organisations to report a data breach to the ICO within 72 hours and notify affected customers without undue delay.

Most alarming of all, is that the majority (66%) of those that suffered an attack, admit to making no changes to their policies or systems to help prevent further breaches in the future. This is perhaps one of the key reasons why over half (56%) of those who’ve suffered a breach, are the victim of multiple attacks.

Cyber Security Best Practices: Prevent, Detect and Mitigate

There are a number of basic steps that small businesses can take to help protect against the evolving threat that cyber criminals pose:


  • Involve and educate all levels of the organisation about cyber threats.
  • Have a formal budgeting process and ensure cyber is a part of all decision making.
  • Institute cyber training during the on?boarding process and in an on-going manner.


  • Include intrusion detection and on-going monitoring on all critical networks.
  • Track violations (both successful and thwarted) and generate alerts using both automated monitoring and a manual log.
  • Record all incident response efforts and all relevant events.


  • Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities defined.
  • Review response plans regularly for emerging threats and new best practices.
  • Insure against financial risks with a stand?alone cyber policy or endorsement.



(ISC)2 Report Finds Cybersecurity Workforce Gap Has Increased to More Than 2.9 Million Globally

Despite 59% of cybersecurity professionals saying the widening workforce gap puts their organizations at risk, a majority of workers report strong job satisfaction and are focused on developing new skills

Key insights revealed in the study include:

  • Of the 2.93 million overall gap, the Asia-Pacific region is experi­encing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region
  • North America has the next highest gap number at 498,000, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively
  • 63% of respon­dents report that their organizations have a shortage of IT staff dedicated to cybersecurity. 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
  • 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months
  • 68% of respondents say they are either very or somewhat satisfied in their current job
  • Women represent 24% of this broader cybersecurity workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)
  • More than half of all respon­dents globally (54%) are either pursuing cybersecurity certifications or plan to within the next year
  • Some of the biggest career progression challenges respondents reported are:

o   Unclear career paths for cybersecurity roles (34%)

o   Lack of organizational knowledge of cybersecurity skills (32%)

o   The cost of education to prepare for a cybersecurity career (28%)

  • The four areas cybersecurity pros feel they will need to develop most or improve on over the next two years in order to advance in their careers include:

o   Cloud computing security

o   Penetration testing

o   Threat intelligence analysis

o   Forensics

A New Cybersecurity Workforce Gap Analysis

In addition to a broader view of the cybersecurity workforce, the 2018 (ISC)² Cybersecurity Workforce Study introduces a new gap analysis methodology. Unlike legacy gap calculation models that simply subtract supply from demand, this calculation takes other critical factors into consideration, including the percentage of organizations with open positions and the estimated growth of companies of different sizes. The calculation of demand includes the openings that are currently available, along with an estimation of future staffing needs. The calculation of supply includes estimates for academic and non-academic entrants into the field, along with estimates of existing professionals who are moving into cybersecurity specialties. This more holistic approach to measuring the gap produces a more realistic representation of the security challenges—and opportunities—that both companies and cybersecurity pros are facing worldwide.

For more data points and additional context on the cybersecurity workforce gap. download the full study at www.isc2.org/research.


About the (ISC)Cybersecurity Workforce Study

(ISC)conducts in-depth research into the challenges and opportunities facing the cybersecurity profession. The (ISC)Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is conducted regularly to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession, and uncover solutions that position these talented individuals to excel in their profession, better secure their organizations’ critical assets and achieve their career goals. Learn more atwww.isc2.org/workforce-study.



(ISC)² commissioned Spiceworks to conduct a survey in August 2018. This survey targeted cybersecurity professionals worldwide to measure the gap in the cybersecurity workforce in companies of all sizes and to under­stand current perceptions and practices around cybersecurity. Survey results included responses from approximately 1,452 participants throughout North America, Latin America, Asia-Pacific and Europe.


About (ISC)²

(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, over 138,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visitwww.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.

© 2018, (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, of (ISC)², Inc.



Sophos Adds Endpoint Detection and Response to Intercept X Advanced

New product brings enterprise grade security benefits to at-risk SME businesses with Deep Learning File Analysis and On-Demand Access to SophosLabs Intelligence Database

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced that it has added Endpoint Detection and Response (EDR) to its Intercept X endpoint protection portfolio. Intercept X Advanced with EDR powered by deep learning technology delivers faster, more extensive malware discovery and is available today through a global early access program, bringing fast, early response capabilities to small and medium sized businesses.

Sophos’ deep learning neural network is trained on hundreds of millions of samples to look for suspicious attributes of malicious code to detect never-before-seen threats. It provides broad, expert analysis of potential attacks by comparing the DNA of suspicious files against the malware samples already categorized in SophosLabs.

When It Comes To Security Size Does Matter

New research from Sophos has revealed that large enterprises currently disproportionately benefit from EDR.  Sixty three per cent of businesses with 500-750 employees have EDR tools as part of existing endpoint protection, compared to just 25 per cent of organisations with less than 250 employees.  SMEs may also be putting themselves at risk by underestimating the importance of EDR: while overall, four percent of UK businesses think EDR capabilities are unnecessary, when it comes to organisations of less than 250 employees, this figure rises to one in four companies.

Until now, effective investigation and incident response has only been achievable in organisations with a dedicated Security Operations Center (SOC) or specialised IT security team trained to hunt and analyse cyberattacks. With Sophos Intercept X Advanced with EDR, businesses of all sizes and those with limited resources can add threat tracking and SOC-like capabilities to their security defenses, reducing the time criminal hackers can hide in their network.

Vast Opportunities for Cyber Criminals

Currently, the early window of opportunity for cybercriminals is substantial and, once they have gained a foot hold, they use multiple attack methods to escalate privileges and advance step-by-step. Sophos’ research has shown that almost a third of businesses, (31 per cent) only patch monthly or even less frequently and a further 31per cent take days to months. This is despite the fact that a third of businesses receive more than one patch / upgrade a week.  The net result is that endpoints are left exposed and cybercriminals are able to move onto and across the network.

With Intercept X Advanced with EDR, IT managers can see if an attacker is moving laterally, and leverage the anti-ransomware and anti-exploit capabilities in Intercept X, the industry’s most sophisticated endpoint prevention solution. Sophos Intercept X with EDR is integrated with Sophos Central, a cloud-based unified console for managing Sophos’ portfolio of products, allowing end users and Managed Security Partners to make decisions based on EDR intelligence from a single pane of glass.

With a single click, IT managers can have on-demand access to curated intelligence from SophosLabs, guided investigations into suspicious events, and recommended next steps. To maintain full visibility into the threat landscape, SophosLabs tracks, deconstructs and analyses 400,000 unique and previously unseen malware attacks each day in a constant search for attack novelty and cybercriminal innovation. By providing access to SophosLabs data, IT managers of all skill levels can now benefit from first-responder forensics at their fingertips to best determine if and what types of attacks are happening.

Dan Schiappa, senior vice president and general manager of products at Sophos said. “The sheer volume of malware, frequency of attacks and wide availability of toolkits on the dark web have made EDR capabilities necessary to every business – especially those with limited IT security resources. Sophos is providing the equivalent of a team of global cybersecurity experts and access to the rich knowledgebase SophosLabs has about the reputation of files and other information collected through terabytes of malware analysis. IT managers can now quickly analyze and trace attack pathways without needing to reverse engineer files.”

 “We are working with thousands of IT managers and system administrators on a daily basis, many of whom are finding it harder to control the plethora of online apps that are readily available in today’s digital world. This is why we are truly excited to offer Sophos Intercept X with EDR to our customers. For many of the businesses we work with, this is a great addition to their security portfolio because many don’t have the budget, time or resources to threat hunt. We can now offer our customers the ability to see what might be hiding in the shadows of their network and address issues before potential active attackers have time to further advance and do more damage,” said Gavin Wood, group cybersecurity director of UK-based Chess Cybersecurity. “The deep learning file analysis in Sophos’ EDR eliminates a lot of the ‘noise’ that other EDR solutions might detect, due to the ability to scan suspicious files against millions of malware samples already known to SophosLabs. This detection precision gives our customers a massive head-start on investigating actual threats instead of wasting time chasing false positives.”

The Intercept X Advanced with EDR Early Access Program is open for general admission. More than 300 organisations have already registered. To join the program and community, please visit Sophos Early Access Program.



Two Charities Share the WCIT Charity IT Award 2018

Each to receive a grant of £300,000

Two charities, CALM (Campaign against Living Miserably) and Missing People, have jointly won the Worshipful Company of Information Technologists’ Charity IT Award 2018. Each will receive a grant of £300,000 as a result of their win. The WCIT award considered four finalists, drawn from 76 entries and, in the end, it was impossible to separate two of them. As a result, the judges led by Sir Kenneth Olisa, Lord Lieutenant of Greater London and past Master (past Chairman) of the WCIT, recommended that £600,000 would be split between CALM and Missing People. The Charity trustees approved the recommendation.

Both winning charities face the problem of rising call and online chat volumes with insufficient human resources to service all the contacts they receive. They are therefore both seeking to make innovative use of chatbots supported by Artificial Intelligence and Machine Learning to prioritise the calls and increase the number of enquiries successfully handled.

The awards will make a great difference to these two charities. Both winners welcomed the substantial grants from the WCIT Charity, noting that this will aid raising the balance from other funders. The awards will then have enabled not just one but two projects.

Furthermore, the winning projects have inspired the WCIT, the 100th Livery Company of the City of London, to create what has been provisionally called The Artificial Intelligence Learning Exchange, in order to build a leadership role in the use of Artificial Intelligence in the charity sector. Among the WCIT’s 800 members are leading practitioners in the AI and security sectors, and their skills will underpin this initiative. The WCIT Charity will invest in and provide support for this new initiative to ensure an approach that quickly promotes collaboration between the winners and rapidly acquires momentum in the charity sector.

As part of the Learning Exchange, the WCIT perceives a need for thought leadership around the ethics of using AI and chatbots in the charity sector. The WCIT has experience of taking such a leadership role: fifteen years ago, it started a similar initiative with IT4Arts, which now facilitates 150 leading arts organisations to collaborate and share their knowledge about the use of IT in the arts sector.

“Our creative approach has enabled us to make a life-changing difference to two charities rather than just one, and to build the opportunity to help many more in the future through enhanced collaboration,” says Sir Kenneth Olisa. “We are delighted in terms of what we have been able to deliver.”

The two other finalists, Beanstalk and The Brain Tumour Charity, were also congratulated on the quality of their applications.

“Our members are proud of our past funding achievements,” says Stefan Fafinski, Master of the WCIT. “This award can only add to our reputation and demonstrate the huge power of livery company philanthropy and pro bono volunteering as part of the City of London.”

Gary Moore, a trustee of the WCIT Charity, comments: “We are very enthusiastic about the possibilities to help these two charities achieve their ambitions and also to build expertise and experience to assist other charities in this critical technology area. We are at our best when we use not just our money but also our members’ expertise. So we believe that the outcome from this award could take us to some very exciting places.”

Simon Gunning, CEO of CALM comments: “We’re delighted to be working with the WCIT to develop RIO, a product with AI at its core that will radically improve helpline services in the UK and, without question, save many lives. The selection process was certainly gruelling and it’s a testament to the professionalism of the WCIT that we were made to hone every line of our plan to get through. We look forward to this rigour continuing as we embark on a partnership with the WCIT, throughout which we will be utilising the skills of the Company’s membership.”

CEO of Missing People, Jo Youle, adds: “The WCIT is the perfect partner for our One Safe Click project that aims to enable more vulnerable people to access the charity’s help in the way they want to reach us, and to begin organisational digital transformation. We see huge opportunity to share learning that will have significant benefit for the voluntary sector, especially Helpline providers.”

Award announcement videoClick here

Photos & LogosClick here

About the WCIT
The Worshipful Company of Information Technologists (WCIT) is the 100thlivery company of the City of London. It is a modern livery company guided by the four pillars of Industry, Fellowship, Education and Charity. It is proud of its vibrant and active membership and closely respects the history, heritage and traditions of the City of London. To find out more about the WCIT please click here.

The WCIT Charity’s mission is to use IT skills to make a difference. In its brief 25-year history, it has achieved a huge amount, including spinning off two independent charities – the Charity IT Association and Lifelites; endowing a new school in Hammersmith; and supporting hundreds of individual causes through grants of almost £4m. The Charity believes that its model of IT with funding, pro bono expertise and cross-charity collaboration add exceptional value to the causes it supports. To find out more about the WCIT Charity please click here.

About CALM
The Campaign Against Living Miserably (CALM) is an award-winning charity dedicated to preventing male suicide, the single biggest killer of men under the age of 45 in the UK. CALM provides lifesaving crisis support through their free, anonymous and confidential helpline and webchat service. CALM also promotes cultural change, by campaigning to raise awareness of the issue and better understanding of the causes of suicide, poor mental health and its prevention. Founded as a charity in 2006, CALM has 22 staff, 265 active volunteers and raised £2.1m in the last financial year. To find out more about CALM please click here.

Missing People is a lifeline when someone disappears. The charity’s award winning team are there 24/7 to provide free and confidential help, support and advice to people who are missing, and to families facing unimaginable heartache and anxiety. 2018/19 marks the 25th anniversary of the charity. Missing People has 98 staff, 217 active volunteers, and raised £3.39m in the last financial year. To find out more about Missing People please click here.



New Betabot infostealer malware campaign- Comment

A new report by Cybereason has detected multiple Betabot (aka Neurevt) infections in customer environments. Betabot is a sophisticated infostealer malware that’s evolved significantly since it first appeared in late 2012. The malware began as a banking Trojan and is now packed with features that allow its operators to practically take over a victim’s machine and steal sensitive information.

Following this news, please see below for a comment from Maor Hizkiev, CTO and Co-founder of BitDam :

“Using a patched vulnerability has a very high return of investment, since it is easy to use and still useful in penetrating organisations. AVs as well as other email solutions just don’t cut it for the current cyber world, where malwares are becoming more aggressive and more evasive. Organisations should adapt new security solutions that can detect advanced threats before they are manifesting on the device, so it won’t be able to execute its actions, in this case –  shutting down the AV before it detects it or applying the blacklist to evade security solutions. The recent rise in such attacks coming through email, is evidence of the persistent effectiveness of sending an email with a malicious attachment.”