Presidio: keeping up with the cyber threat – so you don’t have to
Business has been transformed by successive waves of IT revolution – unfortunately, the cyber security threat has grown at the same time
Everyone in business knows that technology is constantly changing, and that with these changes come many benefits to operational efficiency. But they also bring new risks.
It is important to acknowledge the changes that have led to today’s organisational cyber security landscape, said Brian Lynch, principal architect for GTM pre‑sales at Presidio. With 35 years of experience, Lynch has personally watched IT transform entire industries for the better – but also seen the threat from attackers grow.
“Think of it this way: there is more memory in my watch now than in a [traditional] mainframe computer,” he said.
Fact File
Company: Presidio
Year founded: 1979 as Arkphire, merging with Presidio in 2020, which was founded in 2003
Number of employees: Over 3,500 globally
Why it is in the news: Increased attack surfaces and the demand to deploy services rapidly puts companies at heightened risk of cyber crime
In addition, this has led to deep technological convergence that can put data at risk.
“The technology has moved on so fast. Now your mobile device is a phone, yes, but also a computer, a camera, a television, a clock…. everything is on that single device”.
Between this, remote working, cloud, and the continued existence of on-premise infrastructure, the ‘attack surface’ open to cyber criminals is now truly immense and cannot be protected simply with a firewall or anti-virus software.
People talk about remediation and instant response, and that's very important, but there is a tendency to skip over the prevention issue.
In light of this, artificial intelligence (AI) and machine learning (ML) are key to cyber security, particularly in analysing the whirlwind of security events, which can range from false positives to reconnoitring, and from attackers testing security boundaries to full-blown attacks.
“With one of our customers, we would have 3 to 3.5 billion events in a month. It would be impossible to pay a security professional to go through that log. We reduce that to about 100, and deploy the specialist expertise on that,” he said.
Of course, it also has to be noted that cyber criminals, who today are far removed from previous generations of hackers out only to amuse themselves, are also using AI.
“It's helping the bad guys too. They are big organisations these days, and they are using the technology to try and get one step ahead,” Lynch said.
Staying ahead is often a good idea, of course, but if businesses try to stay ahead of the competition and forget about staying ahead of cyber criminals there can be real problems.
“As a web developer, or a devops developer in the cloud, you can click and get stuff online in an instant. The problem with that is the business puts pressure on people to launch immediately and say ‘we’ll come back to security later with a pen test’,” Lynch said.
Cloud in particular needs to be thought about: Lynch said that an assumption is made by a huge amount of organisations that the big cloud providers are securing their data. This is false. Cloud providers do seek to secure their network, but end-users are still responsible for their own data.
This is a problem because, as Lynch said, a recent Sophos survey found that 66 per cent of organisatons have been hit with a ransomware attack.
“Forty-six per cent pay the ransom. That's the figure that really hits us hard. The problem is, if they [cyber criminals] get a bit, they know you can be got to. Also, on most occasions you only get about 60 per cent of your data back and the threat actor knows you are vulnerable and they will hit you again,” he said.
The costs to a business are eye-watering.
“The average ransomware recovery cost, including lost business, and so on is now rated at US$1.8m [approx. €1.64 million],” he said.
First things first
Lynch said that businesses need to put first things first, and that means trying to ensure that attacks are repelled.
“People talk about remediation and instant response, and that's very important, but there is a tendency to skip over the prevention issue,” he said.
Presidio offers a fully-managed cyber security service for customers based on important security frameworks and deploying so-called ‘managed detection and response’ (MDR) to keep compromised users from infecting the network or devices.
“Managed detection and response is a key technology [because] as people move to cloud adoption the weakest link is the end user. The old anti-virus [software] might have alerted you to a virus but MDR will contain a threat and block you from using the rest of the services until it is dealt with,” he said.
The case for preventing attacks, and for educating staff, is made clear by the fact that, in addition to phishing and spear-phishing, ‘quishing’ attacks via QR codes are a new way of getting users to click on malware links.
“Threat actors are now buying [online search] ads and linking back to malware,” Lynch said.
However an organisation approaches security, he said, it should start with getting rid of the assumption it is already secure. From there, a plan can be devised and implemented.
“Your MDR at the endpoint is key and then you need to be constantly testing and getting an independent audit. Also, help the IT team by providing them with a proper budget. I don't think people realise the pressure IT teams are under to keep the business up and running.
“It should take time; there is a methodology, but it's not a magic wand,” he said.
