Want a Quick Win? Secure your DNS


Ransomware is currently the number one form of cyber attack due to its profitability and simplicity in execution. It is now evolving as a business model where any ‘Joe Bloggs’ can buy ransomware code for a monthly fee – ransomware as a service. Ransomware thrives partly because of bitcoin and the associated anonymity of attackers who get paid via an untraceable cryptocurrency transaction. The stages of a typical ransomware attack include;


  • Stage 1 – Infection

Ransomware always starts with some host infection of malware via phishing attacks, or a website hosting malware


  • Stage 2 – Command and control setup stage

This handles the key exchange process to encrypt the files on the infected host


  • Stage 3 – Extortion stage

Payment of the ransom and then ‘hopefully’ getting the key to decrypt the encrypted files.


Ransomware is constantly evolving and not being breached yet is no guarantee that it won’t happen in the future.


Many organisations are using hope and anonymity as a risk mitigation strategy against ransomware – assuming they are small and have not been attacked yet. The fact is that the supply chain is now an increasing focus of malware attacks as a means of accessing valuable data through the back door of larger enterprises.



Anti-Ransomware Best Practices


As with every effective security approach you need a policy and a risk assessment of the threats so this is a given before we get into the type of approach and solutions that need to be in place. Please see some of our previous blogs or check out the NCSC website for some invaluable resource.


Phishing can be very sophisticated making it hard to tell if a link is bad or not. Effective protection cannot rely solely on end users, it must be engineered into the system with the right protection mechanisms correctly configured.


To start off with you need good anti-spam, anti-phishing and web controls to control the Internet traffic, this could be incorporated into a good endpoint protection solution. Use an email and malware analysis gateway to inspect executables for malware. The gateway should be configured to block files if there is any doubt about it’s authenticity. It is better to stop/delay web downloads so that they can be inspected and properly classified than to run the risk of infection.


78% of attacks exploit phishing so it is a good thing to correlate known exploits to the vulnerabilities in your organisation and prioritise patching based on known exploits.

Use network analysis and visibility tools to analyse traffic on the network so you can see what is changing and be alerted to abnormal behaviour.


If you do get infected, have effective Backup and DR policies and processes, and ensure that the recovery procedure has been tested and works.


DNS Security is the Quick Win


92% of cyber attacks make use of DNS at some stage or another through the execution of the attack. DNS is therefore the greatest opportunity to secure your network while having an immediate impact.


What if your systems know that a website url a client is trying to access via DNS resolution is a bad site, hosting malware. You could just block it and prevent any interaction with the malware in the first place. This form of protection can be immediate with no impact on client or application performance.


A web based infection is usually a 2 step process –  which redirects your web browser to another domain created using an exploit kit which finds a vulnerability in say Flash or Silverlight. The malware will then do a command and control (CnC) call back using DNS resolution to get an encryption key. Until the CnC connection happens there is no damage created.


Analysis has shown that most ransomware does a DNS call back, ransomware payment notification also uses DNS. The ability therefore to block a malware connection via DNS security at one or another step of the malware execution process can therefore prove to be the most effective way to implement malware protection.


An effective DNS security protection control can have the ability to identify the endpoints attempting the malware connection and therefore feed into the clean-up and mitigation plan.


An important service in addition to the above is the ability to query domains and file hashes from a central intelligence platform that has up to the  minute data on the bad domains so that your security incident response team has the ability to conduct intelligent investigations independently of any infections. For instance if you keep doing a DNS query for a site in Russia and you don’t have any business relationship in Russia, that’s something that you should query.


Another challenge is the decentralised nature of organisations due to remote working and the increasing importance of branch offices. Mobile devices such as laptops are the primary devices where user changes could compromise security. Around 80% of remote workers disable their VPNs when they browse the web. A DNS based security mechanism can help to maintain the security posture where these remote workers able to still make use of this form of protection even when they disable their VPNs. DNS security can protect any device including IoT, guest devices and roaming clients.


Correct implementation of DNS security could make it the first line of defence even before a connection is established by checking the DNS request and blocking bad sites. This will help the IT teams by freeing them up from a large number of alerts that would be generated if the malware had been downloaded.

Why Audiences Love Live-to-Digital and How to Approach the Space



Live-to-digital is a growing medium, primarily driven by three factors. Once producers understand such audience motivations, it will become easier to strategize within the space.

  • The experience is economical, costing less money and requiring less time than traditional theatre, as travel is largely taken out the equation and ticket price is either less or negated.
  • Digital offers a convenience that cannot be matched by traditional productions, as streaming can occur anywhere.
  • Digital offers a new means of exploring content – whether live or not – which is of great benefit to audiences who wish to discover innovative theatre.

Alongside these three considerations, elements such as advanced camera work help smooth the transition between live and digital, as audiences can enjoy the visual experience from a new perspective. However, many still refuse to give up on the actual live performance, or travel for Event Cinema.

While the digital medium presents clear benefits to the audience, producers are feeling the strain. Tackling new projects is intimidating, although widespread industry expertise can smooth the learning curve. Moreover, while the cost can be prohibitive, streaming is an economical means of growing an audience, and also a method many pursue in search of new fans. Given an infrastructure has been put in place in cinemas throughout the country, this can also help reduce the required investment.

What might spur momentum across the industry could be increased transparency, with viewer numbers and financial data shared between venues and producers. Until this happens, a reluctance to progress is likely to prevail.

In recent articles, you have witnessed first-hand the advent of live-to-digital in theatre. With audiences turning to the medium in droves, there is little question about whether suppliers should engage.

However, in light of widespread support for the transition, questions remain as to the factors that drive consumption, as much as why many suppliers are reluctant to enter the space. While some voice concerns over how to fund production, others surface different barriers to entry.

Perhaps the question could be better approached from a different perspective.

Once industry players better understand audience motivations, such hurdles won’t seem so daunting and new players – as much as existing participants – will be able to spur on the category, for its transformational potential is immense.


Why Theatrical Content is King

Let’s be clear; one truth remains: Those who want to see a live performance will, in no uncertain terms, do their best to see that live performance. The arrival of digital is not competing on those terms. Much in the same way Hollywood still draws an audience to the cinema, the intimacy of live theatre will always preserve its place.

That said, digital content is carving a niche, and the audience advantages are clear.

In short, for the audience, live-to-digital is:

  • Economical
  • Convenient
  • And, perhaps most poignantly, not necessarily ‘live’ (that is, consumers are not looking to replace the live experience)


Positive Economics

 The audience still very much appreciates the thrill of going to the theatre, which is why shows up and down the country continue to sell out with touring at stable levels. Digital is solely a means of increasing one’s consumption of ‘live’ performance, in a way that is both convenient and economical.

It is the audience’s way of supplementing their exposure to the arts while exploring lesser-known productions that they might otherwise not have seen. The economics, both in terms of time and money, allow experimentation. Something that was, in a previous era, unfathomable.

What the industry is witnessing is a new crowd mobilised through technology, or those who are too far from a theatre now able to enjoy the latest productions at a reasonable personal cost.

You see, it is this newfound ability to enjoy a performance without having to sacrifice a day or an entire paycheck that is most exciting. In fact, two-thirds of respondents stated that their greatest motivation for attending Event Cinema – particularly among older or rural respondents – was simplicity.

“Living in Sheffield, going to London is pricey. There are shows I couldn’t see live for financial reasons, or time constraints.” Audience Member, 25-44, Yorkshire & Humberside.

And yet, in its own confidence-boosting way, there is still a sizeable segment who travel at least one hour to attend live theatre, which reinforces the belief that ‘live’ is here to stay.


Ultimate Convenience

When focusing purely on financials, streaming evidently comes into its own. Yet, this is not a singular motivation.

Live performances have inherent limitations with strict schedules, while those who stream appreciate the opportunity of watching a performance outside of the traditional tour. In fact, almost half of those who streamed a production did so because no live version of the performance was available at the time.

Similarly, as shows continue to sell out, streaming may be the only option. Very few people suggest they prefer streaming to live, showing how they are not economising on the quality of their experience, rather doing what is necessary to preserve their enjoyment. To worry about cannibalisation of ticket sales is understandable, however, when producers realise that ‘going digital’ has previously had no adverse effect, they can put their fears to bed.

The reality is that more people are tuning in at their convenience, likely watching something they otherwise might not have chosen to see. Digital is a great means for broadening the mind and testing new waters.

If you had said to me, here’s a ticket to see Hip Hop Othello [the Q Brothers] live at the Globe [in 2012], I wouldn’t have gone. But watching it on the iPlayer [The Space], I thought it was fantastic – I wish I had seen it live.”—audience member, 45-64, West Midlands


Offering a Fresh Perspective

The proximity of the actors; their on-stage presence; the inherent risk of the live performance – these are all visceral reasons to attend the theatre. However, when it comes to Event Cinema or streaming, the primitive nature of the performance takes on new meaning.

What an audience loses in authenticity, they gain in perspective as, through this shift in medium, they can appreciate the performance in new ways.

When sat at the back of the National Theatre, it is difficult to appreciate the detail of an actor’s performance. When watching on screen, the depth of the actor’s expression is something that can be genuinely appreciated as the camera zooms in. This is a distinctively different experience, and one reason people enjoy productions in the digital form.

This is a message to production houses that the quality of their camera work is implicit in the success of any screening, underlining that – to bring a top-class production to the screen – they need to appreciate the different perspectives at play, and offer the audience the viewpoints they want.

Where the viewer has relinquished control of their focus, they get to appreciate the intensity of the emotion on display.


Barriers to Consumption

Not everything is simple in the digital world, and consumers do have their concerns. Much to the theatres’ delight, many simply choose not to participate in Event Cinema – or stream – for the reason they would rather be there in person.

Event Cinema does, in many ways, have similar issues as traditional theatre in its reliance on a physical venue, so audiences who struggle to attend the theatre may well lack access to Event Cinema as well. Similarly, viewing schedules deter those who live too far away, which could be an opportunity for exhibitors – more regular screenings could increase attendance.

Primarily, inadequate technology and lack of awareness are decisive factors for those who choose not to stream. More often than not, rather than not wanting to stream, it is more the crowd simply do not know that this is an option.

The all-too-common ‘build it and they will come’ mentality does not work. If you offer content via a streaming service, do not hide the fact. Market it well, and you will have a captive audience.

Of the largest segment of streamers – those between 16 and 24 – these were the least likely to know where to find content. This is an opportunity lost and a possible reason for scepticism around the effectiveness of live-to-digital.


Incentivising Production

There seems to be an invisible barrier in many production houses – the hurdle of going from zero to one live-to-digital projects.

For those who have experience with at least one production, the likelihood of producing a second is vastly higher than amongst those who have yet to dip their toe. This suggests that if producers can understand what motivates those who do operate in the category, they can work to reduce their fears and take steps towards new horizons.


Do Not Fear the Cost

While the positive economics for digital consumers is self-evident, digital producers are more sceptical. Rather than embracing any potential gain in online audiences, the upfront investment is likelier to halt the project.

Society is risk averse, and the thought of losing money is an understandable deterrent; however, artistic directors should try to reframe the purpose of live-to-digital. In general terms, few approach it as a means of driving revenues – at least, not in the immediate. So, for those wondering ‘how will I my make my return?’ – well, stop wondering.

Put cost aside for one moment and focus on the other core motivations of those who produce.

The opportunity to build a new audience base is a clear winner, as this new audience will tune in to lesser-known productions. The prospect of growing your brand in a new segment is also very real, as are the benefits of innovative partnerships that could lead to further prospects down the line.


What’s Really Holding Productions Back?

A barrier for anyone, anywhere, doing just about anything, is not knowing how. Do not be afraid to admit this if it is the case; you are in great company. Moreover, a lack of internal expertise is to be expected – you are new to this, after all.

Suffice to say, with the ever-increasing volume of live-to-digital performances, industry expertise has grown and, among those who produce, they cite external expertise as the best way to overcome the knowledge-gap. They attest there is plenty of help around and this can be a great way to upskill your team.

Understandably, the cost will always be a consideration, and the investment required will reduce appetite for participation. Two-thirds state this as their primary concern, so this cannot be ignored.

However, thanks to projects such as the Digital Screen Network, which was established in 2005, 212 cinemas received funding to install digital projectors with priority given to smaller, independent houses who likely did not have the capital to support such an investment. In 2009, this was followed by an initiative of the UK Film Council who encouraged the transition from DVD to digital projection.

The infrastructure in place is robust which, in turn, should help reduce production costs if you find out who in your local area has such facilities.

Equally, while access to funding will always be top-of-mind, the reality is that obtaining financing for both live productions, or live-to-digital, is of the same difficulty. So, perhaps success lies in an appetite to take the risk. Positively, four-in-five senior leaders within the industry suggested they were ready to take a punt on live-to-digital, meaning it could be up to funders to open their eyes to the opportunity.


Sharing Positive Vibes

Arguably, the most integral element to garner support for digital transformation lies in sharing the data behind the growth. While many positive stories exist, there is, admittedly, still a dearth of publicly-available information.

The first two articles demonstrated the levels of participation; however, other issues lie in the fact that almost half of suppliers have little-to-no access to audience data from their own live-to-digital productions.

This needs to change.

To encourage productions, it is vital that exhibitors collaborate with suppliers to share audience or streaming data to disseminate the positive statistics gathered as part AEA’s report. Not only would real data provide a reason for those currently in the category to expand their offering, but they would also have a story to sell to those on the sidelines.


Step into Centre Stage

The motivations behind live-to-digital from a producer’s perspective are clear. As soon as you understand your live audience is under no threat, it becomes about three benefits:

  1. Building new audiences, including those who cannot attend
  2. Marketing and growing a brand through new partnerships
  3. Pushing boundaries in pursuit of artistic acclaim

In general, the overriding emotion around the current digital landscape is one of positivity. Growing audiences and encouraging larger viewing figures can only be healthy for an industry that is limited to venues that, by their very nature, can be cost-prohibitive.

Disseminating work in ways that promote access must be perceived as exciting – an artistic challenge as much as a threat – while appreciating the work done to reduce the barriers to entry may even help sceptics overcome their concerns.

Given that almost nine-in-ten exhibitors plan to maintain or increase both the current number of live performances as well as their current number of screenings suggests an industry in the ascent. The bigger risk appears to be others missing out, rather than producers succumbing to a valueless fad.

In the final scene, the article will cover the future of live-to-digital, reviewing where the category may go from here. As part of this, it helps to look at several productions that have leveraged digital, revealing their core learnings and helping readers establish a strategy for tackling the live-to-digital world.

DNS Security – The Forgotten Lynchpin


So it’s all happening in the cloud. Wholesale adoption of cloud services is now a business imperative as the opportunities and benefits of SaaS become ever clearer.

Here are some numbers though that tell us not only what’s happening but also some concerns that we need to have at the forefront of our minds.

  • 82% of mobile workers admit they always turn off their VPN
  • 15% of command and control threats evades web security
  • 60% of attackers penetrate an organisation in minutes and steal data in hours
  • 100 days is the average detection time for an attack
  • 100% of networks interact with malware sites
  • 92% of attacks make use of DNS

Clearly, there is a wide range of threats that organisations need to address in crafting and implementing an effective approach to cyber security. One area that has and is receiving very little attention is the area of DNS.

DNS is the most ubiquitous protocol on the Internet and is deployed in literally every connection that takes place whether surfing a website, watching youtube videos or accessing corporate cloud applications. This ubiquitous use of DNS means that it is also involved in some very undesirable connections to sites like malware sites, known bad sites, command and control centres etc. Other attacks have involved data exfiltration in packets disguised as DNS.

The fact that DNS is involved in around 92% of web attacks strongly suggests that it is an area that is worthy of further efforts in the fight against cyber attacks. DNS is one of those protocols that just works in the background like a utility and as long as resolution is working then no one pays attention to it. DNS is a lynch pin, if it doesn’t work then most applications will stop working and the IT services will grind to a halt. It is vital therefore that DNS gets more prominence and is monitored and secured to ensure continued running of services.


Tackling DNS Security 

DNS should be elevated from a connectivity item to a network security component vital to the operation of the organisations IT. DNS monitoring and the implementation of an active security policy that cannot be circumvented by staff can have untold security benefits. Such an approach could be used to block malware and phishing attacks in real time as opposed to after the event. Also, the use of DNS to resolve requests for known malware sites could also prevent attacks before they happen. The DNS controls could hold a regularly updated list of known malware sites and block devices from accessing these sites. Active monitoring could also provide valuable information about whose machine has been compromised and where they are connecting from.

DNS monitoring can also provide a baseline of what normal behaviour looks like for your organisation. Anomalous behaviour is, therefore, easier to detect and acted on. A number of high profiles sites such as Tesla, that have been hacked could have been prevented if the DNS records were being monitored and these organisations were then able to detect and block changes to their DNS records.

Visibility of who is connecting to what site is also a great benefit of DNS monitoring. The explosive growth of IoT devices poses significant threats if they are not properly secured. DNS security could play a vital role by enforcing policy e.g. if the CCTV network should be blocked from Internet access, DNS security controls could prevent these devices being used as a backdoor that could be used for malware propagation or data exfiltration.

Failing to monitor and control DNS is a lost opportunity not only to secure your organisation’s network but also to gain visibility into who is doing what.

To Stream, or Not to Stream: 1 Simple Way to Attract a New Audiences


There is no question. Noble young minds have embraced a new medium: Streaming.

And while streaming forms just one part of the live-to-digital landscape, its appeal is far-reaching, engaging an alternative demographic than other, more traditional channels.

Where Event Cinema is growing at a steady rate among those of a particular income bracket, streaming is proving to be just as powerful a medium for productions wishing to broaden their appeal.

Taking arms against a non-existent sea of troubles is a fool’s errand. So, embrace the digital tide, for the numbers suggest opportunity, not peril, as discussed below.


Live-to-Digital Consumption is Everywhere

Nothing is more apparent than the nation’s appetite for live performance, as our first article revealed.

But, before you drown in the detail, let us first focus on one significant fact: while not everyone can make it to the theatre, the vast majority of those surveyed still display an interest in keeping their fingers on the artistic pulse through some form of digital experience.

From a pool of over one-thousand respondents, only a handful claimed to have never sought an online production of any sorts. If nothing else, this is an empirical thumbs-up for streaming.

As digital natives become the norm (it’s true – millennials and Gen. Z are no longer just the upstarts of society), is it any wonder they expect others to fall into line with regards to their routines? Perhaps not, and as this demographic will be critical in the long-term livelihood of every industry – not least the arts – it is crucial that leaders take note.

A fact well supported by the figures.


The Income Effect

Unsurprisingly, the primary audience of streamed performances falls between the ages of 16-24, as ever-younger viewers seek alternative forms of online engagement.

Whether their turning to digital channels is a direct result of less disposable income or just the fact that the generation is more culturally aware, the correlation between age and channel is further reflected in employment status. Among students, upwards of 65% of the population also stream, demonstrating how those with modest means are making the most of a new form of access.

This view is equally upheld by Event Cinema demographics.

Of those with higher incomes – talking £100k or more – ninety-four percent had attended Event Cinema; whereas less than a third of that same bracket had ever chosen to stream. Conversely – among lower-income households – while they have noticeably higher streaming rates, fewer make it to the actual event.

That said, there is still a notable proportion who seek the joys of Event Cinema – suggesting that Event Cinema is, in itself, an event to be cherished – yet streaming still serves a group who are less able to attend on such a frequent basis.

Which raises the question: who does your production serve? Depending on your response, your live-to-digital strategy could be vastly swayed.


The Paradox of an Urban Lifestyle

A clear benefit of the digitised performance lies in its instant accessibility for anyone, anywhere; an advantage widely recognised:

“You have people in very rural areas that are able to go and see performances that they could never afford to see in London and in New York. It is exciting” – Touring Theatre Director

In contrast with this widespread assumption, however, is that it is not necessarily the rural audience who benefits from live-to-digital. Instead, those in urban environments are fifty-percent more likely to stream than those living out in the sticks.

While this may surprise some, it is important to note that visual and digital exhibitions in urban environments also attract a younger, more dynamic audience, suggesting a predilection among up-and-coming generations for consuming digitised productions of any sort, be they theatrical, artistic, musical, or otherwise.


So, people stream. But what?

Now you understand the prominence of digital, it’s time to dig into the preference: or the what, the when, and the where.

While the live-to-digital category may have started out in the realms of contemporary music, then turning to opera, its future undoubtedly lies in theatre. One common theme amongst today’s live-to-digital productions is that drama sits head-and-shoulders above the rest in terms of popularity. Which makes sense.

Transporting live drama to the screen preserves much of the integrity of the performance and, as such, the majority of productions are dramas. Family theatre does make an appearance; musicals have their place – but each makes up just short of one-fifth of total productions, whereas dramas represent close to half of all streamed performances.

The cliff-hanger learning…

Keep the audience on the edge of their seats and your digital production will likely be well received.

Opportunities exist beyond traditional theatre; however, these are arguably more niche. Those over sixty-five are twice as likely to attend opera through Event Cinema, with the same theme existing in the context of streaming where – conversely to theatre – many more retirees consume opera online.


Giving the Audience What It Wants

With such clear signals from the audience, what else can one do – they are online, so why aren’t you?

It is little wonder that one-third of organisations include elements of live-to-digital in their schedule, with many who are in the process of – or have recently finished – a streamed performance. That said, the transition is not cheap.

In fact, it is mostly those who spend more than one million a year on production who go digital. They are also three times more likely to do so than their lower budget peers, which indicates budget, as much as a propensity for risk, determines who can tread the digital boards.

Moreover, those who receive funding tend to be more heavily involved in running live-to-digital trials within their portfolio. So, perhaps it is time to seek support.

However, even for those with limited budgets, unconventional routes exist as demonstrated by the Theatre Royal whose performance reached 170,000 patients across ten hospitals via Hospedia – an in-hospital television network.

A lesson in never letting yourself be bed-bound by budget in the digital era.

Interestingly, it is not only theatres who are forging new paths. Cinemas and schools, as well as libraries, pubs and cafes, are also demonstrating an appetite for non-traditional performance as they continue to fill seats in their less-than-conventional settings.

Moving one step further, access to a physical or digital location of your own is not a precursor to staging a live-to-digital performance. The majority of participants are more than accustomed to using third-party apps and websites when offering content, if not the websites of venues themselves – particularly if on a modest budget.


Income Opportunity or Brand Building

Whether you’re in it for the money, or just hoping to spread the word, there are opportunities on all fronts. Pay-to-view platforms exist, and this is a route a handful of production houses follow. Alternatively, they may choose to charge a fee at a live-screening venue such as a cinema.

However, not all take such a profiteering approach, with productions of a more modest size likelier to opt for a free platform as a means of establishing innovative partnerships to build their brand. Indeed, smaller operators may be best served in identifying their own routes-to-market with very few companies actively engaging with distributors when organising live-to-digital events.

Partly for cost savings, partly for the strategic fit.

Plus (and in no small part), given that live-to-digital and traditional production budgets tend to come from the same coffers, there’s a reason median spend on live-to-digital productions is less than £10k, with only a handful ever investing upwards of six figures.

Moreover, with 70% of exhibitors taking less than 20% of their gross box office earnings from live-to-digital, the investment does not provide the best returns.



Epilogue: Breaking Down the Trends

This exercise is not intended to be a death by numbers; they have their own story to tell.

First, realise that the young are streaming, as is a broader demographic. One-fifth of streamers are non-white British. In Event Cinema, that same demographic represents just one-tenth of the audience so, if you want a wide appeal, but your budget is limited, then target online platforms.

Significantly, those who stream more frequently are also likelier to attend live performances more regularly; even more so than your average theatre-goer. Realise that this untapped audience could turn into your biggest fans, given time.

Supporting this belief is the fact that for those who stream, the experience of live-to-digital is distinct from that of the live performance; in short, they are not seeking to replace the liveness of the theatre, they are hoping for an alternative experience – something unique.

Live theatre still holds the same appeal and the intent to attend has in no way diminished.

In fact, the digital activity can even energise a new audience thanks to its halo effect piquing interest in live repertoires, as the brand benefits from its foray into the modern world. Once you realise the scale of the digital landscape, you can begin to comprehend who we are trying to attract, and how to draw them in.

To genuinely appreciate why audiences participate in the way they do, or the reasons why theatres are reluctant to enter the space, read our next article. There, we will break down the underlying motivations, alongside the perceived barriers to entry, both for those who enjoy live-to-digital performance, as much as for those who stage.

Thank you for reading.

*Bows and leaves stage left*

The information included in this article has been adapted from the Live-to-Digital report (by AEA Consulting for Arts Council England, UK Theatre and Society of London Theatre) with permission from the Arts Council England.

Will Live-to-Digital Spell the End of Traditional Live Theatre?


Speak with any lover of The Arts about the role of digital in the world of live theatre, and you are bound to raise an impassioned response. Whether for or against—or just with a healthy dose of scepticism of the trend—views will be undoubtedly strong.

As they should be.

After all, live theatre is arguably the purest form of emotive expression, and there is no question that theatre exists for live consumption. However, it seems other mediums for enjoying performance art do have their place in the theatre world.

While acceptance of digital may not always be forthcoming from the purist, we would argue the prognosis for the future of live performance following a digital revolution is not as severe as some might have you believe.

Quite the opposite, in fact.

The emergence of the live-to-digital scene is not here to kill off live theatre at all. In fact, we can confidently say that live theatre—alongside live-to-digital—are both here to stay; and seemingly to the benefit of all those involved, so long as you understand the trends that underpin the growth.

Read our four-part series to evolve your understanding of the synergies between these closely linked, yet very distinct, industries.


Separating Fact from Fiction

“One’s fear, which may be groundless, is that eventually we and our equivalent theatres will stop doing plays and they’ll all be streamed live from these centres of excellence.”—Sir Alan Ayckbourn, Playwright

A characteristic anecdote among those most opposed: Live-to-digital is killing off the in-the-flesh experience.

It’s an understandable concern, but one that remains largely anecdotal, which is why industry experts have commissioned in-depth studies that present cold, hard evidence to support the decisions of those who need to adapt to the industry shift.

After all, simulcasting live performances—the act of simultaneously performing while showing the act across a number of mediums—is nothing new. And while stories are rife of an industry in decline, the facts suggest a different reality at play.

It was in 2003 that David Bowie first brought the idea of a live-digital blend to the masses, embracing the new approach to share his album Reality with an audience of 50,000 across 22 European cities. Perhaps not a performance enjoyed by the traditionalist, but undoubtedly one that set the minds of production houses racing.

For in 2006, the classical world had their first taste of digital. The Metropolitan Opera released a Live in HD series, and to great acclaim. The opportunity was obvious, and it did not take long for those in the UK to take note with Glyndebourne Opera beaming its 2008 production of Giulio Cesare, Tristan und Isolde and Così Fan Tutte into ODEON cinemas.

By all accounts, the productions were thoroughly enjoyed. However, theatre-goers were seemingly spared the drama as the focus rested on operatic or musical performance.

That was until the National Theatre decided to break ranks in 2009.

The National became the first major theatre to embrace ‘Event Cinema’—as it would later be coined—launching NT Live with streamed performances of their most popular productions broadcast in cinemas throughout the UK. The stage was set—other dominoes would be soon to fall.

Cue the entry of the Royal Shakespeare Company, Manchester Royal Exchange and Kenneth Branagh Theatre Company into the cast and the age of Event Cinema was well and truly established in the UK.

But few still quite knew what to make of it.

Despite its apparent success, those closest to the industry remained worried about lost audiences, struggling production companies cutting touring activity and an ensuing battle between David and Goliath—with live having to take on digital—rather than more poetic machinations of a live-to-digital symbiosis.

Time to lay legends to rest, as the Arts Council England, UK Theatre and the Society of London Theatre realised it was their task to define the opportunity. They engaged AEA—one of the world’s leading cultural consulting firms—to review the prospects.

And the output is clear.



Presenting Rich Opportunity

What is obvious is that, while digital innovation will undoubtedly present challenges in any industry—especially that of ‘live’ art—the opportunity appears significant as long as we manage the risks.

Provided the industry has answers to questions such as:

i. How is the industry as a whole reacting to the digitalisation of live performances?

ii. How are audiences consuming digital vs original content?

iii. What action is required to preserve the integrity of live artistic endeavours?

iv. Do digital performances displace existing audiences out of theatres?

v. What are the core drivers in the future of live-to-digital?

The opportunities and risks will be better understood, and positive action will ensue. The most pressing task is filling gaps in knowledge with actionable insight, rather than listening to whispers in the aisle that speak of doom and destruction.


To See the Future; First Understand the Past

The ‘Event Cinema’ and live-to-digital industries are no flash-in-the-pan fad; in fact, 2014 revenues across UK and Ireland hit £35 million with their share of UK & Ireland box office takings doubling every year since 2009. In no small part thanks to the formation of enterprises such as Digital Theatre – a UK-based entity who specialises in the production and distribution of high-definition recordings of theatre performances.

Subsequent industry growth led to the creation of the Event Cinema Association—an international trade body headquartered in England established in 2012—who are tasked with reviewing industry progress and who estimate event revenues to hit £60 – £80 million by 2019.

And possibly US $1 billion worldwide.

For UK theatres, maintaining a leading position in a nascent industry with astronomical potential is important, but what is perhaps more integral to the healthy evolution of the broader ecosystem is that the entire cultural sector becomes adequately informed about what is on the horizon.

The industry’s evolution would suggest great things. Since the inception of Event Cinema—and live-to-digital in general—many businesses have spawned to support growing demand for such productions and services.

Examples include:

  • HiBrow: A producer of live events as well as an online curator of the visual performing arts.
  • Cinegi Media Limited: The service that ‘enables any venue to become a cinema’.
  • The Space: A connector for new content with several distribution platforms.

As you can see, the industry is no longer just large-scale organisations beaming content to cinemas.

This is a complex ecosystem of streaming services, online distribution channels and digital media platforms, alongside project commissioners and industry bodies, who are growing the infrastructure to support this booming space.

Work has been done, but we are still very much in Act 1. Much of the plot is still left to play, and it is up to you to prepare as best you can.


High-level Indicators Point to a Positive Future

If nothing else, the most important takeaway is this:

Live-to-digital is a positive step for the broader creative industry; live or otherwise.

Every detail points to this belief.

Live attendances have barely moved. Productions are touring with as much regularity as before. Those who stream tend to be of a younger age and represent a more diverse cross-section of society, with little-to-no displacement of traditional audiences.

There is even evidence suggesting that live-to-digital is an effective means of revitalising audiences via accessible online content, encouraging them to actively seek live productions they want to see in the flesh.

Significantly, a key response from viewers was that—while the economics and convenience of live-to-digital appeal—no-one is seeking to replace the ‘liveness’ of the production. So, there will always be space for that personal connection that only the intimacy of a theatre can deliver.


Rebalancing Perspective

This is not a question of LIVE vs DIGITAL.

This is a question of understanding the levers of an emerging industry and ensuring you are in the best possible position to benefit from what these mediums can deliver. Of understanding who engages with digital, how they engage, why they choose the form, and how you—as industry stalwarts—can benefit from insights gleaned.

Live-to-digital is not the future, but it is part of the future.

It is, therefore, something of which every theatre, and the theatre industry as a whole, must take note. There is no reason for digital to be the Greek tragedy of live performance. It should become more of a midsummer night’s dream.

Our subsequent articles, will showcase why this is the case with insights that deliver a standing ovation for the industry to get behind. So, check back soon for Act 1, Scene 2 of this four-part series that dives into the impact of live-to-digital on the world of live theatre.

It is up to you to read these insights in the flesh.

The information included in this article has been adapted from the Live-to-Digital report (by AEA Consulting for Arts Council England, UK Theatre and Society of London Theatre) with permission from the Arts Council England.

The Changing Face of IT Security

We recently held a seminar on the subject of Cyber Security and the changing threat landscape. The event was very well received by the attendees and covered a number of areas that resonated with them.


Topics covered during the event included ;

The cyber security threat landscape covered by James Barrett who is the Cyber Security Lead in Cisco’s Commercial teams. James has over 10 years experience in the security space. He outlined some key developments that affect organisations and are worthy of consideration as they map out or refine their Cyber Security strategy. In light of recent cyber attacks the impact, particularly financial is becoming more severe. One recent example is the Equifax hack which resulted in a 40% fall in the company valuation as well as the resignation of the most senior executives. The recent Nyeta/Wannacry attack resulted in losses totalling in excess of $350m for FedEx who at one stage they were so severely degraded they resorted to WhatsApp for internal communications.


James also mentioned the increased talent gap of over 1.5m cyber security professionals globally with this number set to increase. The landscape is further complicated by the proliferation of security products many of which do not work effectively together. In order to gain the right balance and capability of deployed security technology, it was essential to view security from the perspective of an integrated architecture. Such an approach provides for a more comprehensive security solution that shares intelligence between all touchpoints of the information and systems network, whether they are located on premise, in the cloud or remotely. James explained how the need for integration had driven Cisco’s security acquisition strategy.


An example of this is their AMP (Anti-Malware Protection) engine which has been fully integrated with a wide range of their platforms such Meraki MX Security gateway, ISR router, ASA Firewall, on the Web and Email security devices, on endpoints and Umbrella in the Cloud. This effectively provides the same Anti-Malware capability on clients on and off net as well as a network based service on premise or in the cloud. All these instances benefit from the collective intelligence gained by their large pool of threat researchers, as well as analysis of 100TB of daily telemetry and tens of millions of users.


James concluded by focusing on the question of where organisations could start. Some options included;

  • Stop Threats at the Edge
  • Protect Users wherever they work
  • Control Who gets onto the network
  • Simplify Network Segmentation
  • Find and Contain Problems Fast

Any option would be a good start and other options could be added progressively to eventually achieve a comprehensive and integrated approach to Cyber Security.


The second speaker for the event was Ali Wadi who works within the OpenDNS Division (now Umbrella) of Cisco. Ali while being a real larger than life and entertaining character communicated the importance of DNS in cyber attacks in very practical terms. He broke it down into concepts that were easy to understand and highly relatable.


Important takeaways include;

  • 92% of cyber attacks involve DNS services
  • 100% of organisations interact with known Malware sites
  • Umbrella essentially stops cyber threats in the Internet before they reach the network perimeter – similar to stopping a criminal at their doorstep instead of waiting for them to get to your doorstep
  • The Umbrella solution could be deployed in a matter of minutes
  • It profiles normal behaviour and flags up unusual behaviour
  • It automatically blocks known malware sites, and IP addresses with a poor reputation

Ali included a demonstration of Umbrella which included views of the portal traffic and behaviour of a period of time demonstration how easy it was to identify some anomalies.


The event host Ajani Bandele, Managing Consultant at NetworkIQ, by way of introduction outlined some of the developments in digitisation and corresponding Cyber Security threats. Some points covered included;

  • Digitisation impacts on virtually all organisations
  • Adoption of cloud by 80% organisations by end of 2018
  • 10 billion IoT devices by 2020
  • 25% users now connecting remotely

All these factors serve to dramatically increase the attack surface available to cyber criminals who have an ever growing toolkit. Also, the cyber attackers are developing a business model which provides threats such as malware and ransomware as a service. Ajani advised that a sensible security approach would be to ensure that a multi-layered approach is taken to security that effectively manages known types of threats but also is agile and comprehensive enough to respond to unknown and emerging threats.


Ajani also presented a case study based on the trade union PCS who needed to beef up their cyber security to meet new regulatory requirements as well as fill internal skills gaps. PCS conducted a trial of an advanced threat management solution which highlights some unknown threats and also provided an extremely detailed insight into their traffic and user profile. The solution deployed by NetworkIQ helped them further secure their network providing 24/7 proactive threat management and reporting capabilities.


The event received overall good feedback from the attendees and NetworkIQ will be organising a webinar soon to further look at the risk posed by DNS and how this could be addressed.

3 Key Steps to Building Audience Loyalty

Theatre marketing to connect with audiences can be difficult when social media channels are saturated with multiple brands trying to outshine the competition. And yet, despite the saturation, a 2017 report on live performance experiences revealed 66% of respondents said they relied on word-of-mouth to find out about new shows.

Understanding who your audience is and opening direct lines of communication is important in ensuring the communication is based on their interests, needs and behaviours; increasing loyalty and encouraging return visits. When audiences feel understood, satisfaction and loyalty to theatres increases because there is a clear relevance in the communication. Audiences are far more likely to open emails and turn to social media pages for information when looking for new shows as a result of this communication.

We see this with media and entertainment websites, such as Netflix, where online audience data is analyzed and actioned based on previously watched genres, times, frequency and search behaviours. This information is used to create new content, watch lists and suggestions which keep consumers coming back. Netflix has mastered their algorithm of suggesting films based on their millions of user data and by doing so has amassed a global following.

What could theatre companies do with similar, if not more in depth, insights about audiences in their venues?

3 steps to building audience loyalty:

  1. Connect and identify your audience
  2. Gather information about your audiences
  3. Action the insights through theatre marketing

Connect and identify your audience

One of the quickest ways to connect with audiences on premises is through WiFi. Four out of five consumers post about a live experience on social media and use messaging apps, such as WhatsApp and Facebook Messenger, to keep in touch with friends and family. Having a weak connection can hinder the experience, especially when WiFi is considered a utility. According to a Small Biz Trends survey, 62% of businesses said customers spend more time in the facility or shop when there is access to free WiFi. When you pair this with the ability to collect core demographic data, such as email, age, gender and frequency of visits, theatre marketing teams are able to understand their fans to engage them with personalised, relevant content.

Purple Blog Statistics

Segment information about your audience

Gathering data about your audience members develops a real-time picture of who is visiting your venue, for how long, their frequency and even what their interests are when they connect via social media. When KITAG cinemas in Switzerland invested in the technology to identify their core demographic audience they were able to identify from over 5,000 lines of active customer data the majority of their audiences were 18 years or younger, and see the change in audiences depending on different days and movie releases. Theatre marketing teams can then export this data and personalize communication, increase online engagement and identify audience channels.

Purple Blog Statistics (1)

Action the insights through theatre marketing campaigns

Audiences travel from around the world to see productions – imagine if you could greet your international guests in their own language when they connect to log into the WiFi. Rather than just have consumers connect to WiFi, theatres can customize login screens and redirect them to particular landing pages, social media streams and online reviews. Theatre marketing can also increase dwell times of audiences arriving earlier to drink at the bar, purchase merchandise and programmes creating an excited atmosphere before the show. Using these channels can also optimise online searchability across different countries by identifying and tailoring to locations.

Consumer satisfaction also increases when they are recognised for their loyalty. In the same Small Biz Trends survey, over 50% of respondents said they were more likely to return to a venue if they were rewarded for spending a certain amount or visiting a number of times. Just over a third said having access to exclusive offers and gifts would improve the experience further. One statistic even found 45% of people surveyed would increase their loyalty if a venue offered money off their bill for paying online, or via app (increasing to 51% of respondents between 45-54).

It is clear audiences are interested in receiving offers based on their relationship with theatres and having the data to create personalized messaging is the foundation for building audience loyalty.

Purple Blog Statistics (2)

A guest blog from Gavin Wheeldon, CEO of Purple, the intelligent spaces company.

Purple’s cloud-based solution provides businesses with the same in-depth understanding of their physical spaces that website analytics have delivered for years. With Purple’s software enabled over your existing WiFi network, you can access a wealth of rich WiFi analytics to help you build detailed customer profiles and better understand how customers are interacting within your venue. What’s more, the Purple Portal provides unique and cutting-edge marketing tools allowing you to take meaningful action based on the data collected.

10 Steps to Cyber Security – Parts 6-10

The cyber security threat landscape is constantly changing with the ever growing number and scale of attacks. The consequent measures necessary to combat the threats need to be robust, comprehensive and agile. Simply put, it is about developing an effective approach and constantly testing and refining it. The sections below cover the second 5 sections of some 10 essential recommended steps that should be taken to achieve an effective level of cybersecurity and is based on guidance from NCSC.

Incident Management

A security incident is inevitable for all organisations. An effective systems of incident management policies and processes will reduce any likely impact, enable speedier recovery and improve business resilience. Without an effective management system in place, some of the possible risks of an attack include;

  • Greater business impact of an attack through failure to realise the attack early enough and consequent slowness to respond resulting in more significant and ongoing impact
  • Potential for continuous or repeated disruption due to failure to find the root cause
  • Failure to conform with legal and regulatory standards which could result in financial penalties

It is important to manage the risk by taking some of the following steps;

  • Establish an incident management capability using in-house or specialist external service provider, create a plan and test its effectiveness.
  • Define reporting requirements
  • Define roles and arrange specialist training to ensure the correct skill base
  • Establish and regularly test a data recovery strategy including offsite recovery
  • Collect and analyse post incident evidence for root cause analysis, lessons learned and evidence for crime and/or compliance reporting

Malware Prevention

Malware is the most common form of security compromise and it is a fact that all organisations interact with known malware sites. The risk of malware can include; email with malicious content or links to malicious sites, web browsing to sites containing malicious content, introduction of malware through uncontrolled devices such as USB media or smartphones.

Inadequate controls for protection against malware could result in business disruption and/or loss of access to critical data.
Malware risks can be managed effectively using some of the following techniques;

  • Create and implement effective malware policies
  • Control import and export of data and incorporate malware scanning
  • Use blacklisting to block access to known malicious sites
  • Establish a defence in depth approach which includes security controls for endpoints, anti-virus, content filtering to detect malicious code, disable browser plugins and auto run features, ensure baseline security configurations are in place
  • Users should be educated regularly to understand the risk of malware, their role in preventing it and the procedure for incident reporting

Systems Monitoring

Systems monitoring provides the ability to determine how systems are being used and whether they have been attacked or compromised. No or poor monitoring prevents organisations from; detecting attacks against infrastructure or services, slows reaction to an attack resulting in increased severity of an attack, cause non compliance with legal or regulatory requirements
Systems monitoring risks can be prevented by taking the following steps;

  • Develop and implement a monitoring strategy based on the business risk assessment
  • Ensure that all systems are monitored, should include the ability to detect known attacks as well as having heuristic capabilities
  • Monitor network traffic to identify unusual traffic or large uncharacteristic data transfers
  • Monitor user activity for unauthorised use of systems
  • Fine tune monitoring systems to collect relevant events and alerts
  • Deploy a centralised logging solution with collection and analysis capability, and automated anomaly and high priority alerts
  • Align policies and processes to manage and respond to incidents detected by monitoring systems

Removable Media

Removable media such as USB memory devices are often involved in introduction of malware or removal of sensitive data. A comprehensive cyber security strategy must implement controls such as those listed below to effectively manage the risk posed.

  • Devise and implement a policy to govern the use of removable media. A standard for information exchanged on corporate systems should use appropriate and protected measures
  • If essential, the use of removable media should be limited only to designated devices
  • Automatically scan removable media for malware before any data transfer
  • Issue removable media formally to users and prohibit use of personal media sticks
  • Encrypt information at rest on removable media
  • Manage reuse and disposal of media to ensure data is effectively deleted or media destroyed and data retrieval prevented

Remote Working

Remote working for staff or remote support from suppliers is an effective and popular trend but can expose organisations to risk. Mobile working will necessitate the transfer of data across the Internet, sometimes to public spaces. These risks could lead to; loss or theft of data if mobile devices get stolen, compromise of credentials or data if screens are overlooked in public places, loss of user credentials if stored on a device, remote tampering through insertion of malware or monitoring of activity
Some of the recommended controls are listed below;

  • Create a robust policy to address the risk, this should include identifying who is authorised, what kind of information they can access, increased monitoring for remote connections
  • User training to include; awareness of the risks, securely storing and managing credentials, incident reporting
  • Develop and apply a secure baseline for remote devices
  • Encrypt data at rest and data in transit for remote/mobile devices

10 Steps to Cyber Security – Parts 1-5

The cyber security threat landscape is constantly changing with the ever growing number and scale of attacks.  The consequent measures necessary to combat the threats need to be robust, comprehensive and agile. Simply put, it is about developing an effective approach and constantly testing and refining it. The sections below cover the first 5 sections of some 10 essential recommended steps that should be taken to achieve a effective level of cybersecurity and is based on Guidance from NCSC. The second part will be featured in a future blog post.


Executive Risk Management

Because of the vital role that technology plays in most organisations today, information and their supporting systems need to properly categorised in the business risk profile. The impact of information and systems compromise could be more critical than many other types of business risks and result in reputational and financial damage.

It is important for the risks to be defined and communicated from executive level thus conveying the importance of information and systems.

Further essential steps that the Board should take include;

  • Establish a governance framework
  • Identify risks and approach to risk management
  • Apply standards and best practices
  • Educate users and maintain awareness
  • Constantly review policies


Education and Awareness

Training and awareness can help to establish a security conscious culture in the organisation. This could help to reduce the number of people clicking links in phishing emails or writing down passwords on post-it notes. Lack of awareness could result in; users connecting personal removable media that is compromised, users being subjects of phishing attacks, users seeing security as prohibitive and therefore trying to circumvent it. User ignorance to handling sensitive information may result in legal and regulatory sanction as will failure to report certain breaches.

Effective management of the user awareness risk include some of the following;

  • Create a user security policy as part of the overall corporate policy
  • Include cyber security in the staff induction – making them aware of their personal responsibilities to comply with the security policy
  • Security risk awareness – maintain awareness of ongoing security risks and guidance
  • Formal training and assessment – staff in security roles should embark on ongoing formal training and certification to keep up to date with the challenges they face
  • Incident reporting culture – enable staff to voice their concerns and report poor security practices


Secure Configuration

Systems that are not securely configured will be vulnerable to attack. A baseline secure configuration of all systems is essential to reduce risk of attacks and the potential for compromise. A lack of secure configurations and updated patching carries risks such as; unauthorised system changes occurring, exploitation of software bugs in unmatched systems and exploitation of insecure systems.

To avoid poor system configuration it is necessary for effective security controls be put in place such as the following;

  • Use supported software
  • Develop and implement policies to update and patch systems
  • Maintain hardware and software inventory
  • Maintain operating systems and software
  • Conduct regular vulnerability scans and act on results in a timely manner
  • Establish configuration  and control management
  • Implement white listing and positively identify software that can be executed
  • Limit privileged user accounts and user’s ability to change configurations


Network Security

Network connections could expose your systems and technologies to attack. A set of policies, architectural strategy and technical controls will help to reduce the chances of a successful attack which could include exploitation of systems, compromise of information in transit, propagation of malware, damage or illegal posting to corporate systems.

To effectively manage network security it is important to follow best practices and industry standard design principles at least.

All inbound and outbound traffic should be controlled, monitored and logged. This could be done with an advanced or next generation firewall, intrusion prevention techniques and anti-malware at the perimeter – in addition to endpoint anti-malware

Internal network protection is often ignored especially in the case of small networks. They should however include the following techniques

  • Segregate networks into groups based on functions and security roles
  • Secure wireless networks – only secure authorised devices should be allowed access to corporate networks
  • Secure administration – ensure administrative access is secure and defaults are changed
  • Monitor the network – monitor all traffic with intrusion prevention systems so that indications of attacks can be blocked and altered immediately
  • Testing and assurance- conduct regular penetration testing and simulate cyber attack exercises to ensure controls work


Managing User Privileges

Controlling user privileges to the correct level is important to ensure they have what they need to work effectively. Users with unnecessary rights should be avoided and is generally a major risk. If these accounts are compromised it could have a severe impact on your cyber security. Some of the potential harm that could be caused by such a compromise include; users could accidently or deliberately misuse their privileges and cause unauthorised information access

Attackers could also exploit these privileges to gain administrative level access and even negate security controls to increase the scope of their attack.

Some sensible steps that should be taken to manage these risks include;

  • Effective account management – manage the lifecycle of accounts from start to finish when staff leave, including temporary accounts
  • User authentication and access control – issue and enforce an effective password policy and incorporate two factor authentication for secure systems
  • Limit privileges – give users the minimum rights that they need
  • Limit the use of privilege accounts – limit the access to privileged rights and ensure administrators use normal accounts for standard business use
  • Monitor and logging – monitor user activity and log all events to an audit and accounting system for future analysis
  • Education – educate users of their responsibilities to adhere to corporate security policies

GDPR: 9 Steps to Implement a Security Mgmt Tool

Download the PDF Version (GDPR Get Prepared SIEM Checklist)


The General Data Privacy Regulation (GDPR) officially known as REGULATION (EU) 2016/679, will come into force on 25thMay of 2018. The regulation covers the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The regulation builds on existing data protection regulations such as the UK Data Protection Act 1998, the Belgian Privacywet, or the German Bundesdatenschutzgesetz (BDSG).

The regulation will affect the vast majority of businesses as most businesses today hold personal data, even if it’s only HR data. A significant change is that it will put data processors under significantly more legal liability if a breach occurs.

Breaches will need to be reported within 72 hours and must include information such as;

  • The nature of the personal data breach including, where possible:
  • A description of the likely consequences of the personal data breach; and
  • A description of the measures taken, or proposed to be taken, to deal with the personal data breach and, where appropriate, of the measures taken to mitigate any possible adverse effects.


If the breach is sufficiently serious to warrant notification to the public, the organisation responsible must do so without undue delay.

In light of the tight timescales for reporting a breach – it is important to have robust breach detection, investigation and internal reporting procedures in place. The following sections of this booklet outlines a checklist to implement a robust security and event management platform that will be a core component of a GDPR compliant security strategy.


  1. Implement a Security and Event Management Tool (SIEM)

A SIEM is a fundamental security tool for many organisations.

Implementation of a SIEM helps companies monitor all users and system activity to identify suspicious or malicious behaviour. This is achieved by centralising logs from applications, systems, and the network and correlating the events to alert where unexpected activity is detected.

You can then investigate the cause of the alarm and build up a view of what has occurred by determining if a particular attack method was utilised, looking at related events, source and destination IP address, and other details.

Article 30 of GDPR states that each controller, and where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.

You must also take into consideration data stored or processed in cloud environments. If personal data is in the cloud, it is within the scope of GDPR, and therefore it is beneficial for the SIEM tool to maintain a record of activity across your public and private cloud infrastructure as well as on premises.


  1. Create a Log of Critical Assets that Store/Process Sensitive Data

GDPR covers all IT systems, network, and devices, including mobile devices, making it essential that you account for all assets across your infrastructure and understand where personal data is held.

It’s important to record all assets and locations that process or store personal data. It’s also worth noting that your company could be exposed to attacks and regulatory fines if employees process or store personal data on unapproved devices.

Without strong governance practices in place, it can be easy to lose track of assets.

It is important to sample your systems, networks, and data stores to determine if personal data is exposed outside your defined data flows and environments.

Keep in mind that this is a process. Records will need to be updated on an ongoing basis as your business and technology changes.


  1. Undertake Vulnerability Scanning

To identify where weaknesses exist that could be exploited

New vulnerabilities in systems and applications arise almost daily.

It is essential that your organisation stays on top of these weaknesses with regular vulnerability scanning.

These vulnerabilities may exist in software, system configuration, in business logic or processes. It is essential to consider all aspects of vulnerabilities and where they can exist.

However, simply finding a vulnerability is often not enough.

There are multiple factors that need to be considered such as whether the systems are in accordance with GDPR and what the business-criticality is, whether intrusions have been attempted, and how the vulnerability is being exploited by attackers in the wild.

Effective vulnerability assessment requires continuous scanning and monitoring of critical assets where personal data is stored or processed. It is equally as important to monitor cloud environments in addition to on-premises environments.


  1. Conduct Risk Assessments

To identify where weaknesses exist that could be exploited

The use of an information security framework can assist by providing a starting point for organisations to better understand the risks facing the business.

Article 35 of GDPR requires organisations to conduct a data protection impact assessment (DPIA) or similar. Whereas Article 32 of the regulation requires organisations to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”

Existing frameworks such as NIST, ISO / IEC 27001, or similar standards can assist companies in undertaking and supporting the DPIA process.

While GDPR does not specify a framework for risk assessments or threat modelling, a company’s adherence to any well-established and internationally recognised standard will make demonstrating compliance with Articles 32 and 25 much more likely in the event of a breach.


  1. Regularly Test

To gain assurance that security controls are working as designed, GDPR asks for a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Assessing and evaluating the effectiveness of security controls is by no means an easy feat. Usually, the larger the IT environment, the more disparate the technology stack, and the more complex the environment. Thus, the harder it is to gain assurance.

Three broad techniques exist to validate the effectiveness of security controls:

  1. Manual assurance. This involves audits, assurance reviews, penetration testing and red-team activities.
  2. Consolidated and integrated security products, so that fewer point products need to be managed and reported on.
  3. The use of automated assurance technologies.

With these methods, you can gain a measure of assurance that your systems are secured as intended. However, it is worth remembering that assurance is not a one-time effort, rather an ongoing, repeatable process.


  1. Ensure Threat Detection Controls are in Place

To reliably inform you in a timely manner when a breach has occurred, GDPR requires organisations to report to the regulatory body within 72 hours of being aware of the breach.

For high-risk events, the controller must notify data subjects without any delay. The typical time-to-compromise continues to be measured in minutes, while time-to-discovery remains in weeks or months. In such circumstances, it’s essential to have comprehensive threat detection capabilities that can detect issues as soon as they occur.

Threats can occur internal to the company or externally and can be on-premises or in cloud environments. This makes it important to be able to collect and correlate events quickly as well as supplement the information with reliable threat intelligence to stay on top of emerging threats.

There is not one place or tool that will be suitable for all purposes. At times a threat is discovered on the endpoint, the perimeter, or by analysing internal traffic. In this case, controls should be placed accordingly in the environment to increase the chance of detecting threats as soon as they occur.


  1. Monitor Network and User Behaviour

To identify and investigate security incidents rapidly, GDPR is focused on ensuring that citizen data is gathered and used appropriately for the purposes it was stated.

Therefore, it is important to focus not just on external threats or malware, but also to detect whether users are accessing data appropriately. Context is critical when evaluating system and network behaviour.

For example, an abundance of Skype traffic in the network used by your inside sales team is probably a normal part of operations. However, if the database server that houses your customer list suddenly shows a burst of Skype traffic, something is likely wrong.

There are many methods that can be deployed to monitor behavioural patterns. One method is to utilize NetFlow analysis, which provides the high-level trends related to what protocols are used, which hosts use the protocol, and the bandwidth usage. When used in conjunction with a SIEM, you can generate alarms and get alerted when your NetFlow goes above or below certain thresholds.


  1. Have a Documented and Practiced Incident Response Plan

To comply with GDPR regulations, organisations need to have a plan in place to detect and respond to a potential data breach to minimise its impact on EU citizens. In the case of an attack or intrusion, a streamlined incident response process can help you respond quickly and effectively to limit the scope of the exposure.

If you have unified threat detection controls and processes established to alert you to an incident, your incident response plan should be able to quickly and accurately determine the scope of impact. You should investigate all related events in the context of other activity in your IT environment to establish a timeline, and the source of attack should be investigated to contain the incident.

Once you have controlled the incident, you should evaluate if a possible breach of personal data occurred and decide if reporting is required under GDPR. Then, you should prioritise and document all response and remediation tactics. Be sure to verify that your incident response activities have successfully remediated the issue. You will need to inform the regulator of all steps taken, and where necessary, inform any affected EU citizens.


  1. Have a Communication Plan in place to detect and respond to a potential data breach

In the event of a breach, your organization must report to the regulatory body within 72 hours of being aware of the breach.

For high-risk events, the controller must notify data subjects without undue delay (Article 31).

The notification given is required to at least:

  • Describe the nature of the breach
  • Provide the name and contact details of the organization’s data protection officer
  • Describe the likely consequences of the breach
  • Describe the measures taken or proposed to be taken by the data controller to address the breach and mitigate its adverse effects.

Ask yourself:

  • Can I identify whether systems in scope of GDPR are affected in a breach?
  • Do I have the contact details of the regulatory body that I need to notify?
  • If need be, do I have a reliable mechanism to contact affected customers


Speak to one of our Experts?

We help businesses of all shapes and sizes in protecting their vital IT assets. For a consultation with our team as to how we can help protect you from a cyber breach, simply get in touch for a free, no-obligation conversation. Alternatively, our free downloadable guide offers more insight into avoiding (and surviving) a cyber-attack.