Pravesh Kara, Content+Cloud’s Director for Security and Compliance, has over two decades’ experience in cybersecurity. In 2010, he was one of the founders of Perspective Risk, a company that initially specialised in penetration (“pen”) testing. Later, Perspective Risk expanded its offerings to provide advice on risk and on compliance with the InfoSec standards such as ISO27001 as well as providing other assurance services.

In 2017, when Perspective Risk had around 20 employees, it was acquired by IT Lab (which was later rebranded as Content+Cloud). Pravesh describes the merger as an excellent fit: “Both companies had similar, non-bureaucratic ways of working, and IT Lab had a great client base and great culture.” Although Pravesh moved into the parent business, Perspective Risk continues to operate as a standalone entity. Pravesh remarks “If we were wholly integrated, we wouldn’t have the right level of independence in our assurance outcomes.”

Thinking Securely Across the Organisation

Pravesh’s role encompasses the entire Content+Cloud business, and he has indirect reports spread across the company, to ensure that a consciousness around security permeates every aspect of the sales and delivery cycle, rather than security being seen only as an add-on service.

C+C's security offerings are split into two streams: Perspective Risk continues its core product lines, offering assurance services. And Content+Cloud offers design and build professional services for Security technologies and a Managed Security Operations Centre, whose aim is to actively detect and respond to cyber-attacks.

Perspective Risk: Managed Assurance Services (MAS)

Perspective Risk offers multiple levels of assurance services. At the simplest level is vulnerability scanning, which identifies potential security holes. Pen testing takes this further, probing potential vulnerabilities to determine beyond theory whether they can be exploited. As well as looking for systems security problems, pen tests also look for holes in business logic, such as web forms that fail to protect against unexpected inputs, and so can be utilised by hackers to modify the behaviour of the application.

Beyond pen testing, Perspective Risk offers Red Teaming, and describes the service as follows: “Perspective Risk’s elite Red Team simulates a cyber-attack on your organisation. By deploying similar strategies, tactics and hacking tools to real-life attackers, you’ll gain an authentic picture of your company’s resilience to cybercrime... By revealing otherwise unidentified risk areas, a red team attack will identify where you should focus your resources, help you validate and improve security, strengthen defences and increase the security awareness of employees – all of which will drive greater security vigilance across your business.”

Pravesh explains that Red Teaming works differently from pen testing. “It has a wider scope of engagement than pen testing, which tries to identify as many risks as possible on defined scope of targets. Red teaming is instead based on an objective – for example, to find a specific file, or break into HQ and photograph the CEO’s office. Red teaming engagements are often led from threat intelligence – what are relevant threats and how do we replicate their behaviours?”

When it is suggested to him that Red Teaming sounds fun, Pravesh agrees. It is a popular career choice, he says: “Now they come into the industry to be red teamers – to have similar levels of freedom and creativity in compromising organizational security to real threat actors.”

Content+Cloud: Security Operations Centre (SOC)

The other side of Content+Cloud’s security business is run from a facility in Manchester and is designed to detect actual threats. The SOC provides rapid detection of intrusions and external attacks and undertakes containment of the threat to minimize the impact.

“Perspective Risk focuses on the offensive side, but as a group we also cover the defensive side.”, says Pravesh. “We design & build security monitoring capability, spot threats and react instantly. In the past, threats were detected based on static analytics. Now we can spot anomalous activity in real-time – for example, changes in user behaviour. Our system is based on Microsoft’s Sentinel SIEM and SOAR , which has machine learning and AI capabilities to enhance detections and produce a higher fidelity of threat alerts.”

Cybersecurity Threats Today

What risks does Pravesh see currently, given increasing international tensions?

“When Russia first invaded Ukraine, Russian cyber-attacks were focused on Ukraine, but then they began to broaden. Russia had been targeting other countries anyway. But the latest intelligence suggests that the Russian state intends to attack organisations involved in critical national infrastructure – not just in the public sector, but across the supply chain. The security issues haven’t changed, but the threats are increasing.”

What about China? “China loves state secrets but also heavily targets the private sector. The Chinese state acts to protect the interest of private and state-owned Chinese companies. But it’s Russia that really invests in harvesting data. Its intelligence agencies try to vacuum up everything they can.”

Is the public sector prepared for attacks? “The public sector was a long way behind the curve five to 10 years ago, but now it’s catching up. It’s getting better both at detecting and reacting to threats.”

How would Content+Cloud approach security for a new public sector customer? “We would begin by asking what the threats are... why would you be targeted? There isn’t a one-size-fits-all approach. Central government has different threats to local government. And different attackers have different focuses: do they want to attack facilities or quietly harvest information?”

If Pravesh could give the public sector one message on cybersecurity, what would it be? “The advice that the National Cyber Security Centre provides - You should assume you’ve already been breached, and act on that basis.”