Webinar Recap: Reducing Cyber Risk with Threat Intelligence

By Connor Duthie



Introduction

On 25th June, TechForce Cyber and Recorded Future jointly hosted a powerful webinar on “Reducing Cyber Risk with Threat Intelligence.” The session featured Richard LaTulip, Field Chief Information Security Officer at Recorded Future, and Jai Aenugu, Founder and CEO of TechForce Cyber.

From Richard’s global perspective as a former U.S. Secret Service agent to Jai’s real-world insight into UK-based incidents, together, they explored how organisations, from SMEs to large enterprises, can reduce cyber risk through proactive, intelligence-led strategies.

A Journey Through Cybersecurity: Richard LaTulip’s Story

Richard opened the session by sharing his unconventional entry into cybersecurity. A printer driver mishap unexpectedly launched a nearly 30-year journey through computer forensics, dark web investigations, and critical infrastructure defence.

He shared gripping stories of global undercover operations, liaisons with Eastern European law enforcement, and intelligence gathering from threat actors. Richard’s experiences helped illustrate the mindset of attackers and the importance of viewing cybersecurity not just as a technical challenge, but as a human and strategic one.

He spoke passionately about the need for continuous improvement in the industry, highlighting his own late-career return to university to earn a Master's in Cybersecurity Policy and Governance. His message was clear: cybersecurity is ever-changing, and we must evolve with it.

A Real-World Threat Landscape

Richard walked the audience through recent, high-profile cyber incidents, including the attacks on MGM Resorts and Caesars Entertainment. These examples underscored how:

  • Threat actors operate with precision and speed, often exploiting vulnerabilities within five days of disclosure.
  • Many organisations, even well-resourced ones, still take over 55 days to fully patch, creating exploitable windows.
  • Attackers study and exploit internal business policies and SLAs, using them to time and tailor attacks for maximum impact.
  • AI is now embedded in the offensive toolkit, used to automate reconnaissance, create deepfakes, and negotiate ransom demands.

Richard’s point: today’s threat actors are organised, patient, and strategic. If you're not thinking like them, you're falling behind.

The Intelligence-to-Risk Pyramid

Richard then introduced the "Intelligence-to-Risk Pyramid", a structured framework to turn overwhelming data into meaningful action:

  1. Tools & Telemetry – EDR, XDR, SIEM, SOAR platforms generate massive volumes of alerts.
  2. Threat Intelligence Enrichment – Adds critical context, enabling teams to prioritise real threats over background noise.
  3. Control Validation – Ensures your tools and policies are working as expected, based on current adversary tactics.
  4. Recommendations – Intelligence-informed decisions that align technical risks with organisational priorities using real-world intel.
  5. Business Impact & Action – Converts insights into cross-functional and multi-department actions that protect brand, revenue, and people.

He also introduced Collective Insights, a Recorded Future platform that helps organisations benchmark risks across industry peer, so you know what’s targeting others in your sector before it hits you.

Case Study: Arnold Clark Ransomware Attack

Jai presented a detailed analysis of the 2022 ransomware attack on Arnold Clark, one of the UK’s largest independent car dealers.

Despite having a cybersecurity team and known mitigations in place, attackers exploited an unpatched vulnerability in the days leading up to Christmas—one of the busiest retail periods of the year.

Impact Summary:

  • £50 million in damages
  • 200+ locations disrupted
  • 12,000 employees affected
  • Payroll was processed manually the following month

The attack unfolded within hours, with servers encrypted overnight. While the company had applied a temporary workaround, it hadn’t deployed the permanent patch in time, illustrating how delayed patching, even by a few days, can be catastrophic.

Jai stressed that this wasn't a story of negligence, but a cautionary tale about the complexity of modern cyber threats. Even well-prepared companies can be blindsided without real-time visibility and tested response protocols.

Threat Intelligence for SMEs

Jai addressed a common misconception: that threat intelligence is only useful or viable for large enterprises. In reality, SMEs are just as vulnerable, often more so, and threat actors frequently see them as easier targets due to leaner resources.

He highlighted several accessible and affordable options:

  • Free resources from the NCSC and Cyber and Fraud Centre
  • Threat intelligence feeds that can be integrated into existing SIEM platforms
  • MITRE ATT&CK as a framework for mapping adversary behaviours and detection logic
  • Regular tabletop exercises and incident response run-throughs to build muscle memory and prepare teams before real incidents occur

He reinforced that cyber resilience starts with awareness. With the right partnerships, tools, and training, even smaller teams can build meaningful defences.

Audience Q&A Highlights

Q: How is AI changing cybersecurity?
A: AI is now fully embedded in cybercrime, from reconnaissance and social engineering to automated encryption. But defenders can use AI too, for speeding up analysis, enriching alerts, and even negotiating responses.

Q: Should vulnerability management or patching take priority?
A: You can’t patch what you can’t see. Visibility into vulnerabilities, especially across your full attack surface, is essential before you can act.

Q: What are the worst responses to a breach?
A: Doing nothing, poor internal communication, or negotiating directly with attackers without expert help. These can worsen the impact and increase the risk of repeat attacks.

Final Thoughts

This webinar made one thing clear: cyber threats are growing more dynamic and more intelligent, but so are the tools and tactics available to defenders.

Whether you’re a CISO in a global enterprise or the sole IT lead in an SME, the key to resilience lies in:

  • Being proactive, not reactive
  • Educating and aligning your internal teams
  • Leveraging intelligence to make smarter decisions faster

The webinar recording is available for anyone who missed it. To explore how threat intelligence could support your business, reach out to TechForce Cyber or Recorded Future.

Take action against cyber threats.
Watch the full webinar now and start using threat intelligence to strengthen your defences:

Watch The Webinar

Related Articles

CONTACT US TODAY:

Back to start
aberdeen skyline graphic
x