Meet the Team – Simon Moore, Managing Consultant

Simon is one of the most respected cyber security consultants in the UK. He’s spent years helping the British government and the Ministry of Defence build and operate IT systems that are highly secure. Now, he’s using this experience to support our customers and improve their approach to cyber security. 

Tell us more about your role at CRMG? What are your day-to-day duties? 

My primary role is to shape and lead CRMG’s consulting offering. CRMG supports a wide range of companies, from small to medium-sized businesses up to enterprise organisations and even governments. Each needs a bespoke solution to its unique risk profile, and that’s exactly what we provide through our consulting and other services. 

What attracted you to the cyber security industry? Have you always worked in this space? 

For me, it was a natural evolution of designing, building and operating IT systems for the MoD and government departments that, for obvious reasons, needed to be incredibly secure. This was a challenge that I enjoyed having to overcome and ultimately put me on the path to cyber security becoming my specialism and area of focus.  

What’s the most interesting part of your job? 

It has to be helping company owners to genuinely see the connections between the capabilities that drive their business forwards and the risks – cyber or otherwise – that threaten those very capabilities. The number of organisations that are not taking a risk-based approach to cyber security – and that therefore are not protecting their data and systems in the best, most efficient way possible – can be alarming. Of course, the beauty of my job is that I can help them make the changes they need to ensure they are being resilient. 

What is your most feared cyber threat and why? 

Complacency. Even the worst cyber threat, such as malicious insider, can be managed if it is considered and a plan of some kind is provided, be it only containment. Yet complacency, which negates any such planning, is like writing a blank open-ended cheque.  

What’s the biggest change to the cyber threat landscape you have seen in the past few years? 

The root threats haven’t really changed over the years, although the threat actors are increasingly more organised and sophisticated. But what has truly changed is the digital transformation of customers’ estates – opening up more avenues for compromise in what is often called their “Attack Surface”. AI is the latest (albeit significant) digital change being introduced by businesses and it has the potential to change the game for cyber security, for better and for worse.

How will cyber security continue to evolve?

I believe the evolution we will see will follow current trends with aggressors being increasingly better organised and automated. It will become business as usual to be able to legitimately cyber attack alien or foreign entities such as non-G7 nation-based actors attacking businesses based in the G7. Or North Korea attacking South Korea and its partners.  

Western countries certainly will be a target for the non-western world, and these attacks will have a level of state sanction or support. As this trend increases the volume of attacks will increase although the financial gains will be lower because the “cost per attack” will reduce significantly. We already see this with Ransomware as a Service.