Site navigation

Interview: Eamonn Keane, Head of Cyber & Innovation at SBRC

Dominique Adams


Eamonn Keane

Former Police Scotland detective inspector and now head of cybersecurity and innovation at SBRC, Eamonn Keane, shares his thoughts on Scotland’s changing cybersecurity landscape and the importance of collaboration. 

What has SBRC been up to over the past year?

SBRC has been working hard to further embed the five Scottish Government Cyber Action plans to assist the public and private sector. We have also been working with our colleagues with the development of the Tay Cities Deal, the Halo Project, Kilmarnock, Scottish Enterprise, the DataLab, ScotlandIS and other such umbrella trade associates to deliver increased cyber resilience and awareness for Scotland.

The existential importance of what we are doing to protect our digital way of life has become more and more important because cybercrime is growing with 52% of all acquisitive crime now committed online.

At the moment, we are in the process of working with the Greater Manchester Police to export our proven model at SBRC to assist them with the development of their digital resilience centre to offer business services, improved resilience, investment opportunities, education, innovation and growth.

Why is collaboration in cybersecurity so important? 

Cybercrime’s industrial, automated, virtual nature and its trans-global footprint makes it difficult for law enforcement to be agile enough to investigate. Therefore, prevention is key and we need to collaborate more to feed the preventive machine.

We need collaborative partners, industry, business and other sectors to assist law enforcement around the prevention and investigation of cybercrime. We need to share key intelligence and further develop cross-sector interoperability on the technical aspects of the investigation of cybercrime with regard to data analytics, forensic analysis, incident response, threat modelling and business resilience.

If we “truly” knowledge share, we can take action to prevent cybercrime. This could include such measures as blacklisting IP addresses and sharing intelligence around the most recent threats such as Wannacry, Notpetya and the latest ransomware variants. We seek to engineer crime out of the internet through collaborative initiatives. By sharing the technical aspects of these threats, such as malware components and code behind certain malicious payloads, both industry and the individual can better protect themselves.


Have you met any resistance to collaboration?

We appreciate industry occasionally not wanting to share key data or report attacks for various reasons such as brand reputation, anonymity and simple embarrassment. People often feel vulnerable if they have fallen victim to cybercrime. However, I will always encourage business to report cybercrime as we cannot legislate against things we don’t know about. Sharing is key to enriching the intelligence picture in prevention.

There has also been some confusion, not without foundation, that people have been told to go to the agencies such as Action Fraud and various other streams. But I recommend you report cybercrime to Police Scotland on its 101 non-emergency number. Although every breach does not require a criminal investigation, companies and individuals need to know they are not wasting police time.

By learning about these threat vectors, we are sharing that information with many disciplines, for example, CISO’s, CTO’s, security teams, management teams and IT teams. This will ultimately help improve Scotland’s overall cyber resilience, but it cannot be done without knowledge sharing and collaboration.

It is important to note that those not wanting to share are in the minority. Across the UK more people want to collaborate with initiatives such as the Tay Cities Deal.

How is the cybersecurity landscape changing?

We are seeing a transitional change from real crime to virtual crime. We know now that there is an increase in acquisitive crime and that serious organised crime is moving toward including cybercrime in their armoury. Cyber-attacks are now automated, industrialised and anonymised, which is making it easier for people to engage in cybercrime.

Despite what many perceive, you do not need to be of a high technical nature to buy malicious tools on the dark web to launch a ransomware attack or a DDoS attack. The cybercrime landscape is changing so rapidly because the technology is evolving so quickly.

The UK, in particular, is a prime target for cybercriminals because it is perceived as a very cash-rich country and its citizens’ bank accounts are tempting for criminal organisations across the globe looking to easily exfiltrate funds from our accounts.

The motives behind cybercrime remain varied but the landscape is reaching a level of maturity where the attacks are becoming more sophisticated and more frequent.

In terms of future cyber threats, what can we expect to see on the horizon?

Over the past five years, the threat horizon hasn’t changed that dramatically. Working with the National Cyber Security Centre, the Scottish Government and the UK Government, we still see ransomware, malware proliferation, social engineering, business email compromise and online fraud as the top threats going forward.

However, we will see these attacks becoming more technically sophisticated and frequent hence we need to train our resources and promote awareness. We are good with process and technology, but are we supporting our people sufficiently?

With an increase in botnet supported industrial and automated activity, I do anticipate a rise in the number of criminal gangs trying to get the latest version of their malware onto people’s devices to relieve them of their funds.

What are the key things Scotland needs to do to ensure its cyber sector continues to grow?

We need to look at innovative collaborative partnerships across all sectors, and that includes sectors that are not traditionally associated with digital, for example, farming; renewables; retail; tourism; digital marketing and digital innovation because now every business is at risk in regard to malware proliferation.

We need to also move outside the area we traditionally operated in such as law enforcement, critical national infrastructure and spread the message going forward across all sectors to improve cyber resilience. Opportunity intrusions often have impact through unintended consequences.

We also need to make Scotland not only a place to deliver cybersecurity, but also a place that will attract even more international cyber business. Why can’t Scotland attract one of the major companies to locate its HQ here and thereby increase our cyber footprint and global reputation?

We need to get better at “Selling Scotland” we have always been excellent at inventing and innovating, but not good at selling. We have a fantastic innovative can do attitude, so lets promote this aspect.


Eamonn Keane will be a judge at the Scottish Cyber Awards 2019 which will be held on Wednesday 20th November at the Sheraton Hotel in Edinburgh. Tickets for the award ceremony can be purchased online here

Dominique Profile Picture

Dominique Adams

Staff Writer, DIGIT

Latest News

%d bloggers like this: