Last year was not a good one for most of us, but for hackers and scammers the coronavirus pandemic represented a major payday.
Whether it was because of the unpreparedness of staff issued with laptops and sent out of the office or the simple unfamiliarity of working from home, cyber criminals saw an opportunity and they seized it. Worse still, Microsoft’s Digital Defence Report for 2020 suggests that attackers’ methods are becoming more sophisticated.
Threatscape’s managing director Dermot Williams said that countering this requires a serious commitment to security, starting with recognising that both how we work and how criminals work has changed.
“When people take a ‘set and forget’ approach to security they can end up falling behind the dynamic threat environment,” he said. For Threatscape, effective security requires proactive monitoring using the latest and most effective technology – whatever it may be. “At Threatscape, our first and greatest loyalty is to our customers. We don’t play favourites with vendors,” he said.
Threatscape’s relationship with Microsoft has borne fruit, though. Indeed, Threatscape won plaudits from Microsoft in the form of being awarded Microsoft 2020 Global Security & Compliance Partner of the Year.
“Microsoft matters because of the scale it brings to the area,” Williams said.
For Microsoft itself, it is very much a case of being seen as a significant security provider. Microsoft’s own expertise as the developer of key business systems is not the only factor in this growth, though. Part of it is that Microsoft itself must take cyber security seriously in its own business.
Said Des Ryan, director of solutions and sales at Microsoft Ireland: “Whether through Azure, Outlook, Hotmail, Office 365 or even Xbox Live, Microsoft is one of the most connected companies on earth, taking in eight trillion security signals every 24 hours. Those security signals give Microsoft incredible insight into what threats are out there. That intelligence has catapulted Microsoft’s security capabilities.
“Traditionally Microsoft would not have been seen as a major security provider, but over the past five or so years that has changed radically. Microsoft now has a $10 billon security business and invests $2 billion annually in security research.”
The greatest assets are also the weakest points
Whatever about the changing nature of the cyber threat, the single most pressing issue today is that traditional enterprise security perimeters offer little to no defence in an era of remote working.
Ad-hoc and shadow IT (unauthorised systems) have proliferated, some even offered a nod and a wink from management, and this, particularly when combined with staff working from home where they may let down their guard, has left businesses wide open to attack.
Businesses are often quick to say their staff are their greatest asset, and with good reason given the great work done in the last year. But those same staff can also be the weakest point when it comes to cyber security: successful phishing and ransomware attacks in particular, are driven by a lack of training and lax responses to potential threats.
The solution includes, of course, education, but it has to go further: businesses need to put in place proactive monitoring services and device and document management.
“You can inform and engage, but after that you have to enforce,” Williams said, echoing the message of An Garda Síochána throughout the pandemic.
The comparison is an apt one: since last March, remote working has become the norm for most employees and so the pandemic has resulted in a wave of new cyber security threats.
“Today is exactly, to the day, one year since lockdown began. The semi-informal checks and balances that may have worked when people were working in close proximity need to be replaced,” Williams told me.
This is doubly true of compliance, where sharing of resources while working remotely can raise questions that few people would ever think to consider. “People are sharing apartments with others who work for different companies who could be competitors and sharing devices like wireless printers,” he said.
The wild web
Actively monitoring the internet 24/7, Microsoft works to keep all kinds of cyber threats at bay.
“You’ve got to realise that hackers are opportunists. For example, a huge number of new domains popped-up with Covid in the name, most of them nefarious,” Ryan said.
Microsoft works to actively block these sites and similar e-mails, reducing the number of potential threat vectors that users will ever see.
“Security is intelligence led – you have to have your finger on the pulse,” he said.
“If you use Office 365, we are scanning all emails as they come in and if we see and confirm a threat in one email, we immediately block them, stopping them from hitting accounts across our customer base”, he said.
Williams said that, in light of the constantly evolving threat, security should be approached as a process. “It has to be adaptive, and continuous. We sometimes hear from people that since they only work nine to five, Monday to Friday, they think they only need security during those hours too – but when we ask whether they switch their IT systems off at all other times the answer is invariably no,” he said.
Irish businesses should not be complacent because of their size or that of the country, either. First of all, ransomware can grind any business to a halt with the aim of extracting cash. Worse, hackers often target the largest businesses by breaching their clients and partners and attempting to escalate access up the chain. “I can tell you there are Irish businesses that have been targeted,” Ryan said.
Williams agreed: “This ‘I have nothing of value’ attitude, well for a start your data is valuable to you and valuable to your customers. And some of the world’s largest firms in industries such as IT and pharma have operations in Ireland, so they all have suppliers here,” he said.
In the end, security means taking the adage that the data is the business seriously.
“Every business has something of value. It’s worth something to you,” Ryan said.
Threatscape brings Microsoft security to Irish business
Despite being vendor-neutral, Threatscape is a major global partner for Microsoft and, working together, the pair are on a mission to protect Irish enterprises
Microsoft is one of the most ubiquitous marques in the software business: from operating systems to the cloud, from productivity tools to business intelligence, and from virtual machines to video games, Microsoft is there, front and centre. It even has a growing presence in the hardware sector. What it was not historically known as was an end-to-end cyber security provider. Today, that has changed.
In January of this year, Microsoft reported a staggering 40 per cent year-on-year growth in its security business, including its compliance, identity and management services.
The times demand the change too. Already a trusted name in IT and a global force in business in its own right, Microsoft is ideally and uniquely placed to face down the threat from hackers, fraudsters and belligerent state actors. And with the pandemic creating a tsunami of cybercrime, not to mention loose adherence to important compliance regulations, Threatscape, which partners with Microsoft, brings Microsoft cyber security technology along with its own deep and specialised knowledge to the table for Irish enterprises, designing and managing cyber security fit for the times we live in.
A pure play cyber security company based in Dublin and London, Threatscape is already a trusted security partner of enterprise clients with critical IT assets in more than 100 countries.
Threatscape’s advisory services include a dedicated Microsoft Security Practice, enabling it to provide 360-degree security to businesses with a significant investment in Microsoft’s ecosystem.
As a managed security service provider – one of few offering 24/7 proactive, managed security operations – Threatscape not only provides endpoint, cloud and network security, but also compliance, advanced threat hunting, vulnerability life-cycle management and a complete and continuous monitoring service.
Threatscape’s Microsoft Security Practice delivers specialist services which include M365/Azure security assessments and solution design and deployment across identity protection, cloud applications, information protection, messaging and device security. This is further complemented by a range of managed services, covering Security Operations Centres, detection and response and support.
To deliver business-critical security solutions and services which protect enterprise-scale IT infrastructure, Threatscape partners with only the most trusted of global IT security vendors. The knowledge and experience which its personnel gain through these partnerships and from working with their partners’ technology on large projects enables Threatscape to provide full design, deployment, management and support services using its own in-house resources. Their goal is not to be seen as a supplier, but as a trusted partner by its clients.
Key industries have taken note: Threatscape now works with clients in industries as diverse as finance, IT, aviation, construction, engineering, government, critical infrastructure, utilities, emergency services and more.
Research reveals top security concerns for Irish organisations
Employers are worried about their exposure to the growing cyber threat – and recent research commissioned by Microsoft suggests that they should be.
The threat landscape is always in a state of flux and this past year that is truer than ever. Not only are hackers and security providers locked into an arms race, the need to keep organisations working remotely throughout the pandemic rendered traditional perimeter security ineffective.
Worse still, end users working in unfamiliar settings or without properly provisioned access are susceptible to attacks that may not have succeeded in the traditional office environment.
And while the threat actors are global in scope, Microsoft’s data is Irish.
Microsoft Ireland’s research, commissioned from Amárach, reveals the scale of the scramble to keep staff working: 36 per cent of Irish employers surveyed reported moving to a remote environment quickly, later retrofitting security, privacy and workplace procedures. In addition, 45 per cent of employers have asked their employees to use their personal devices for work since the start of the pandemic. Worse still, some 42 per cent of employers are yet to secure these.
Unsurprisingly then, 41 per cent report finding it difficult to remain GDPR compliant because of the pandemic and given that nearly a third of remote employees have unrestricted access to sensitive documents and information, compliance is a long way off.
Things are not much better on the employee side either. More than one in four (26 percent) remote workers have experienced a cyber-attack personally, while a quarter of remote workers admit to worrying about the security of confidential or sensitive data that they share with colleagues. One in five employees feels their data is more vulnerable when working from home in the absence of normal IT supports; and yet 30 per cent still use personal emails to share confidential work materials.
Perhaps the only comforting news is that it is not a uniquely Irish problem, and it is a problem that can be solved.
Microsoft’s most recent global Digital Defence Report, published in September 2020, identified an overall escalation in both the level and sophistication of attacks. For example, Microsoft blocked over 13 billion malicious and suspicious mails, out of which more than one billion were URLs set up for the explicit purpose of phishing credential attacks in 2019.
Phishing is only the tip of the iceberg, though. Ransomware was the most common reason behind Microsoft’s incident response engagements from October 2019 through July 2020, while the most common attack techniques used by nation-state actors in the past year were reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits.
New technology also means new vectors for attack: Internet of Things (IoT) threats are constantly expanding and evolving, and the first half of 2020 saw an approximate 35 per cent increase in total attack volume compared to the second half of 2019.