Bringing clarity to the ever-changing cybersecurity landscape

If there’s one consistent factor with cybersecurity, it never stays the same. Both attackers and defenders bring new tools, technologies, and approaches to their work, and the end result is that what was relevant a few years ago is no longer applicable in today’s world.

“There’s no way the traditional type of protections that people had pre-Covid are appropriate,” said Michael Conway, director at Renaissance. “The bad guys don’t need any help and are constantly developing, so you can’t protect from a constantly evolving and developing threat unless you’re doing the same [with your security].”

Much of the changes stem back to how work culture has changed. Moving from on-premise to a remote or hybrid model brings its own cybersecurity challenges.

Instead of the perimeter being the edge of a general network, organisations now have to assume there’s no network edge and must retool their security setup to ensure the right balance between flexibility and protection.

One model Conway mentions that is useful for this landscape is the zero-trust model, which assumes no traditional network edge.

The approach only gives access approval to specific personnel when necessary for a set amount of time. Requiring users to be authenticated, authorised, and continuously validated greatly limits how bad actors can infiltrate an organisation’s system.

The other big problem is that no matter what way you slice it, cybersecurity is an expensive proposition. Few organisations can tackle it alone and build a dedicated cybersecurity team in-house, and since it’s a 24/7 concern, help from managed security services providers (MSSPs) is necessary.

“It’s a 24/7 world, and there’s no point in having a response 12 or 18 hours later,” he said. “There’s a whole new drive around MSSPs where you can say you have someone available 24/7 to monitor, manage, and take action when required,” he explained.

“That comes from the fact that skillsets are unavailable, and even if you could get them, you can’t afford them and even if you could, you can’t keep them.”

“The reason is these people are techies, they want the new toys, and unless you’re moving ahead, you’ll find it very hard to keep them.”

The central point Conway makes is that attackers don’t discriminate. Whether you’re a financial institution or an SME, it doesn’t matter in the long run. Bad actors will always look for gaps to exploit; if they find opportunities, they will take them.

In some cases, larger organisations have more significant challenges as they may contain sensitive data such as personal or financial information, but the main challenges are similar across the board.

“People might say the banks can afford it, but they have the same challenges as everyone else with skillsets,” he said. “There’s hardly any organisation in Ireland that has the scale where they can afford to do this sensibly, credibly, and by themselves.”

“It’s too big to scale up and put in place SIMs (Security Information Management), SOCs (Security Operations Centre), network analysis and response teams; it’s a nightmare.”

With the ever-growing concerns and dilemmas facing cybersecurity, it’s a good time for organisations to brush up on their knowledge, starting with Renaissance’s latest Cyber Expo and Conference on Tuesday, May 16.

A one-day event, the event will have a keynote address from Paul C Dwyer, chief executive of Cyber Risk International (CRI) and president of the International Cyber Threat Task Force (ICTTF).

Dwyer is recognised as one of the leading cybersecurity experts worldwide and will continue his talk from last year’s conference by looking at the potential threat landscape of 2030.

Other major discussions on the day will include zero trust in a cloud environment, securing your Microsoft environment, operational technology, compliance, insider risk and third-party risk management, managed security services, and more.

Part of the Expo’s strength is the ability to meet experts on the ground via vendors, the guidance and the depth in which each talk delves into. A good example is the panel on post-cyber attack response, where attendees will get viewpoints from a forensics, media and technology perspective.

As the aftermath of an attack requires a lot of work, breaking it down into its main components makes it more palpable for the audience and gives them a clearer picture.

That depth is crucial as the cybersecurity landscape is so dense and complex approaching the subject is daunting. Having expertise on the ground goes a long way towards demystifying the topic and alleviating concerns by bringing a knowledgeable perspective.

“What the vendors at the expo are for is for people to talk to them, ask what they should do, what they have, where they are in their journey, and what are they trying to achieve or avoid,” he said.

“It’s taking all those elements in and looking at an appropriate response for your organisation. Realistically, you can’t expect a small organisation to put a big response plan in place as they can’t afford it and would go bust if they tried.

“It has to be relevant, proportionate and appropriate.”