The modern response to fresh cyber threats
As both the IT landscape and the nature of cyber threats changes, keeping up with new security techniques is essential
Saying that the cyber security threat landscape has changed over time is to make a serious understatement. However, in order to understand the threat today – and its seriousness – it can be useful to look back on simpler times.
In the late 1990s, a noted virus called ‘Melissa’ hit the headlines.
“It was a nuisance virus, developed just to cause mayhem, and it replicated your contacts in your address book and sent them an email. It brought a lot of servers to their knees,” said Brian Lynch, security solutions principal at managed service provider Presidio.
The effect was significant enough to make front page news, something uncommon for technology stories at the time. Today, however, the very nature of the threat has changed. Not only are viruses joined by phishing, ransomware and zero-day attacks, intruders’ goals have changed, too.
“Today, it’s all about the money now. It’s about criminals lining their pockets and it has grown exponentially,” Lynch said.
What has also changed, however, is how businesses consume IT. Increasingly, core business functions are being moved to the cloud, whether for flexibility, security, scalability or any number of other reasons. However, Lynch said, this has had the side effect of creating an illusion of security.
The problem, he said, is that consumers of cloud services often mistakenly believe that their cloud provider is responsible for security when in fact, while they do secure their networks, responsibility lies with the user.
“People move to the cloud and they assume they're secure and they are not. You’re hosting your information in their environment, but ultimately the responsibility comes down to you,” he said.
As a provider of managed cyber security, Presidio works to secure on-premise, hosted and cloud IT for its clients. Lynch said that the past year has seen an increase in awareness, but many attacks go unreported. Ransomware is one of the gravest threats.
“The ransomware attack on the HSE, due to its size and everyone knowing about it, hit the headlines, but it can happen to anyone at any time. We've helped about ten organisations in the last twelve months who have faced ransomware attacks. We have an instant response service and have partners who do deep-dive forensics,” he said.
Whether through its own expertise or leveraging that of its partners, Lynch said that the idea at the core of managed cyber security was to ensure everyone had access to first class defence and remediation.
“With crime you call the experts in, and we use experts in the area. SMEs, with resources how they are, can't afford to hire security consultants – and they're like hen’s teeth anyway,” he said.
Whether working with larger outfits or SMEs, he said, advanced technologies were driving the offering forward. That is not all, though. Lynch said that it was increasingly common for businesses to request intervention.
“We have people, technology and processes. The tech speaks for itself, we have multiple vendors from IBM to Palo Alto to Fortinet, and we have the people. But then you have the process, and that includes things like an AI system that performs threat intelligence,” he said.
“It's gone way beyond alerting. It has gone to full remediation now. In effect, customers are saying: ‘We now realise we need a helping hand, so when you see an alert, we want you to remediate it and block it for us’.”
Of course, managed services for one company can be very different from managed services for another, and even large enterprise companies are struggling to find internal resources so managed services, particularly in cyber security, continue to grow.
When starting with a client Presidio deploys global standards, including the Center for Internet Security (CIS) Controls and the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
“We use frameworks, we do what’s called a ‘gap analysis’ based on CIS Controls and the NIST framework. That provides a benchmark and gives a place to start. One example would be at the firewall level. People put in the firewall and think: ‘Job done, the firewall is my perimeter defence.’. But the landscape has changed so much. You have home users connecting in and they're outside the perimeter. People just moved to remote working as quickly as they could,” he said.
Other first-step fundamentals include ensuring ports are not left open and deploying multi-factor authentication (MFA).
However, deep security means having a service provider do more, because cyber criminals get more advanced with every passing day, Lynch said. Defending backups, for instance.
“They’re going after not just your production environment but also your backups,” he said. “They want to stop you recovering and force you to pay for the encryption key, so backup defence is essential, and that means deploying immutable backups.
“You can never say you are 100 per cent secure, but you can put strategies in place. And if you don’t, then you know you are insecure.”