top of page
Search

Cyber Horizon Series: Cutting-Edge Tech


Saepio event hosted at the House of Commons
Saepio event hosted at the House of Commons

I recently attended an invite-only event hosted by Saepio at the House of Commons (UK) to discuss the evolving cyber security landscape and the new technology which is being developed to address these challenges.


Summary of the key areas of discussions from the day:


  • 3rd Party Risk Management

  • Automated IAM & Monitoring

  • Cloud Data Protection & Reducing TCO

  • Business Email Compromise

  • Recovering from Cyber Attack

  • Benchmarking Cyber Position & Planning


If you are interested in a more detailed write up and some insights I will be digging into as a CISO, read more below..



1. Third-Party Risk Management

  • Increased Scrutiny of Supply Chains: With a rise in supply chain attacks, organisations are shifting from point-in-time assessments to continuous third-party monitoring.

  • Risk Scoring Models: Modern platforms now use dynamic scoring, enriched with threat intelligence, to help CISOs prioritise vendors based on real-time risk posture.

  • Zero Trust Extensions: Extending Zero Trust principles to third-party access and integrating them into Identity Governance & PAM (Privileged Access Management) frameworks is becoming best practice.


2. Automated IAM & Monitoring

  • Efficiency Through Automation: Automation in Identity & Access Management is reducing provisioning/deprovisioning delays and closing security gaps.

  • Identity as the New Perimeter: IAM solutions are integrating with SIEM/SOAR for continuous user behavior analytics, allowing proactive response to identity anomalies.

  • Lifecycle Management: Integration across HRIS, AD, and SaaS applications is critical for seamless onboarding/off-boarding, especially in hybrid/remote environments.


3. Cloud Data Protection & Reducing TCO

  • Unified Data Protection: Consolidation of CSPM, CWPP, and DLP under unified platforms is reducing tooling overlap and cutting operational costs.

  • Encryption & Tokenisation: There's a strong shift toward data-centric security, where encryption/tokenisation happens at the data layer, agnostic of cloud provider.

  • Cloud-Native Security: Adopting cloud-native solutions (vs. lifting legacy tools) is significantly lowering TCO while improving agility and compliance posture.


4. Business Email Compromise (BEC)

  • Beyond Email Gateways: AI-based anomaly detection is essential, as BEC often involves hijacked trusted accounts rather than spoofed ones.

  • User Awareness Still Critical: Despite technological advances, user training and simulated phishing exercises remain key components of layered defence.

  • DMARC Adoption Rising: Adoption of DMARC, SPF, and DKIM is improving but still inconsistent—critical for domain reputation protection.


5. Recovering from a Cyber Attack

  • Resilience Over Recovery: Focus is shifting toward cyber resilience—ensuring business continuity through segmentation, rapid isolation, and immutable backups.

  • Tabletop Exercises: Mature organisations are running cross-functional tabletop exercises including Legal, Comms, and Execs—not just IT and Security.

  • Detection-in-Depth: Emphasis on post-breach forensics, XDR platforms, and response orchestration to reduce dwell time and limit blast radius.


6. Benchmarking Cyber Position & Planning

  • Framework Alignment: NIST CSF 2.0 and MITRE ATT&CK are increasingly used for benchmarking maturity and identifying coverage gaps.

  • Board Reporting Evolution: Metrics are becoming more business-aligned—focus on risk reduction, ROI of controls, and scenario-based impact.

  • Roadmapping with Context: Using benchmarking data to drive a prioritised, risk-based roadmap, often aligned to regulatory expectations and insurance requirements.


Stay tuned for more insights from other events I attend.

Comentários

bottom of page