Paul C Dwyer on Cyber Crime & the Rise of Cloud Consultancy

paul dwyer

This year, the flagship conference for the Centre of Multidisciplinary Research, Innovation and Collaboration, Cyber Science will be held as a virtual conference from the 15th to the 19th of June. In addition to a number of authors presenting their work from all areas of cyber security, cyber situational awareness, social media and cyber incident, a highly notable line-up of keynotes speakers and industry professionals including Paul C Dwyer will also be joining us.

Cyber Risk International (CRI)

One of the many experts we will be welcoming to the Cyber Science virtual stage this June is Paul C Dwyer. Recognised as one of the world’s foremost experts in cyber security, risk and privacy. Paul is CEO of Cyber Risk International Ltd. CRI is an internationally recognised leader in cyber security, risk and privacy management advisory services. With offices based in Dublin with offices in London and New York, CRI has quickly risen to success since its launch in 2014. Their award winning and innovative B2B SaaS enterprise solution “CyberPrism” provides organisations around the world with an easy to use and viable risk assessment alternative to engaging with external consultants.

The answer to cyber security is in leadership

Speaking on IIDB’s Dot Lab Radio podcast, Paul spoke about Cyber Risk International, explaining how it started out as a flagship bespoke boutique advisory firm aimed at delivering strategic advisory services at the board level.  Paul and his team believed that “the answer to cyber is in leadership.” Business leaders must be aware of and understand cyber security and risk, not just the IT department. Paul continued to explain how CRI was an instant success, taking in over a million euro in orders in its first 6-8 weeks of being in business. He explained that despite the demand for such a service being there, it proved to be very difficult to find people with the right skills to actually do the work. CRI’s approach began gearing away from the traditional methods of cyber risk assessments;

‘What we were preaching was that the old approach of going in with checklists just simply didn’t work… you can’t take a one size fits all approach to say a financial service company and use the same test methods that I use for Credit Union as I will for a big retail bank.”

The bad guys

This was why Paul needed a team with decades of skills to carry out this work. He needed people who know what the appropriate levels of control should be put in place dependant on the business in question, as opposed to just taking the latest technology that’s being circulate in the market.

“That’s why the bad guys win so often when it comes to objectives of cyber threats and breaking into companies, because what’s missing is the baseline controls and not the more advanced controls where all the budgets and focus has gone on.”

Paul envisions the bad guys of cyber security as a venn diagram; once circle is the low level cyber criminals, another would be more of a sophisticated criminal and some may be insiders or nation state threat actors or some may be people with different ideologies such as ISIS.  However, the point Paul makes is that all of these groups of criminals overlap and in the middle is where a business’s threat is. Any organisation can become a victim to any of these cyber-criminal groups.

“it is a trillion dollar economy, and I don’t mean cyber security, I mean cybercrime. Its surpassed drug-trafficking as the number one crime in the world”

Dwyer explained one of the reasons why it takes so long for bad guys to get caught, even by organisations who spend tens of millions on cyber security. It’s because they actually surveil and protect a business’s a network while they break into a system in order to stop other bad guys from getting in. They strategically monitor everything about a business and how they operate before they carry out their objective.

“The average time bad guys have been on networks is about 7 or 8 months before they’re caught.”

Cyber Prism

“The key to being effective in cyber risk management is being able to deliver a strategy that is aligned with the business model.”

This drove Paul and his team at CRI to develop their solution. Moving away from services, in order to empower organisations to carry out this work themselves. Using tools such as Cyber Prism, as opposed to spending large budgets on teams of consultants. Aside from being totally adaptable to any size of a business, CRI’s product is also an environmentally friendly alternative to cyber security consultancy. CyberPrism’s “consultancy in the cloud” approach means shorter set-up times reducing the amount of flights taken for meetings as well as less paper work being produced in comparison to standard cyber security consultancy procedures. They also plant a tree in Brazil every time someone uses Cyber Prism’s assessment license! A major milestone during the rise of CRI’s innovative software solution was when it became the only solution approved by Her Majesty’s Government in the UK  procurement.

Cyber Science 2020

Having successfully transitioned from a traditional service business model to a tech company and leveraging the cloud to deliver cyber security consultancy, Paul is seen as nothing less than a prolific contributor to the industry. We’re certainly looking forward to hearing Paul C Dwyer speak this June at Cyber Science 2020 along with our notable line-up of industry and research leaders. Registrations for Cyber Science 2020 are now open, register online today and be part of Cyber Science’s first ever virtual conference.

You can also listen to Paul’s full interview over at IIDB’s Dot Lab Radio here.