Professionals for hire

As cybersecurity becomes ever more complex, more and more organisations are turning to managed service providers to bridge the gap in their skills

Brendan Healy, services director, Triangle: ‘Security and data are the foundation of what we do, and protecting your information is the heart of it.’

Of all the complex IT needs of a typical business, the one that keeps most people up at night is security. And with good reason: cybersecurity is a complex and ever-shifting domain, and yet a breach can damage an organisation’s reputation or even put it out of business altogether.

Brendan Healy, services director at Triangle, said this need, driven by the centrality of data to every business today, is why Triangle places security at the centre of its operations.

“Security and data are the foundation of what we do, and protecting your information is the heart of it,” he said.

However, security is no longer just about the perimeter, he said. In fact, looked at in a certain way, it is no longer just about security. Rather than simply protecting the data in transit or in storage, security today is also about making sure data is recoverable if something happens, whether that is an end user deleting a file or a cyber event. The problem is, few people can do this.

“Cybersecurity is something that you have to specialise in. It’s not something you do on the side. We hire for it and we train,” Healy said.

Indeed, for several years now the sector has been dealing with an incredible talent shortage. The good news is that, according to a new survey, globally, the total cybersecurity workforce has now grown to 4.7 million people, its highest-ever level. The bad news is that there remains a shortfall of 3.4 million security professionals. The upshot of this is that cybersecurity professionals are not only scarce, but can command eye-watering salaries and pick and choose where they want to work.

Healy said that, on top of this, the task itself becomes more and more complex as time marches relentlessly, driven in particular by growing expectations.

“The wide spectrum of attack vectors that are out there means it’s very hard to protect against. If you go back to centralised computing and green screens, you had a platform that didn’t really do a lot and it had a very small attack surface. Today the attack surface is massive. Today, your fridges in your shop are a vector, if you have IoT [Internet of Things],” he said.

Triangle has also found that businesses tend to lack a true sense of the scale of their IT estate.

“We go into places and ask them to estimate how many devices they have on their network and invariably they underestimate it. CCTV cameras, for instance, which rarely get firmware updates and are supposed to not be on the network but usually they are,” he said.

The complexity of the estate is matched both by the complexity of the data a business uses and the sophistication of attackers.

“We have tooling that analyses the immutable [backup] data all the time, and it’s not just a malware scan, it’s content scanning, it actually scans the data, and it can tell you which files are compromised.”

Given that the typical dwell time for an attack, the length of time between an initial breach and the final attack, is around 200 days, the importance of backups that are not only immutable but themselves not compromised becomes clear.

“It’s a difficult conversation. You don’t want to scare people, but it is serious. Frankly, you’d actually prefer your data centre had burned down [than suffer a breach] because in that case you’d at least know when it happened and what happened. With a cyber attack you don’t,” he said.

So, what does modern security look like? At a minimum, it means immutable backups that are regularly scanned and air-gapped. Beyond that, businesses need both so-called North-South security, which refers to traffic outside a network, and East-West security, which refers to monitoring and inspection of traffic moving laterally within the network perimeter. On top of this, then, will sit extended detection and response (XDR).

It sounds complex because it is, but Healy said that organisations we refer to simply as ‘hackers’ are a world away from our vision of someone sitting in a darkened room breaking into systems for fun.

“If you look at the attackers, they’re using big iron: thousands of processors, HPCs [supercomputers]. They are enterprises. They have support departments, they have HR departments. They have a goal: not to put the company out of business, but to put enough pressure on to get money. That’s their business plan, and you have to understand that that’s what it is,” he said.