Bluestone News | Truis

Q&A: Talking Cybersecurity with Brian Cartwright | Truis

Written by Brian Cartwright | Sep 17, 2021 8:34:00 AM

What are some of the biggest cybersecurity challenges organisations are facing at the moment? 

Brian: According to reports from World Economic Forum and IBM, ransomware is the largest and fastest growing cyber security threat across the world with the number of ransomware attacks in Australia up 30% compared to the previous year. This growth has continued through the first half of 2021 with major, high-profile attacks becoming public in both the healthcare and manufacturing sectors.

Another major challenge for many organisations is the dependence on third parties. As organisations’ supply chains become more extensive, the risks of cyber attacks through a partner’s ecosystem can increase significantly. This can also expose the vulnerabilities of IT providers who are delivering solutions “as-a-service”. Throughout 2020 and 2021 examples of these attacks have occurred through widely used system management tools which cyber criminals have managed to exploit.

One of the key drivers for the rise in cyber crime is due to the rapid increase in the number of devices that are coming online and connected via the Internet of Things (IoT). The IoT is a prime target for cyber criminals particularly with the role of new 5G networks and the promise of faster connections to even more devices.

What trends are impacting cybersecurity and risk management? 

Brian: The increase in ransomware attacks and in cyber threats is driving awareness across more organisations that cyber security needs to become a strategic priority. Aside from the financial impacts of these breaches, studies show that on average it takes 287 days to identify and contain a data breach. This is a significant distraction and diverts resources away from the key functions of the organisation.

Fans of the “X Files” TV franchise will be familiar with the catch phrase “Trust No-one,” which is a key principle behind another trend in cyber security. The triple threat of human errors, authorised user attack and mis-configuration of systems is driving organisations to move towards a “zero trust” architecture where access needs to be authorised by default rather than trusting users and devices on the corporate network.

In 2020 there were 56 new families of Linux malware released which were based around crypto-miners and trojans according to IBM’s X-Force Threat Intelligence Index. These malware platforms take over server resources to perform crypto-mining functions on the infected platforms. This has become particularly more important with the reliance on cloud-based solutions which are frequently based on Linux platforms.

One more major factor I’ll discuss here is that the increase in attacks on operational technology systems has been widely reported over the past 12 months with cybercriminals targeting these systems. Examples include the recent attacks at Colonial Pipeline (USA), JBS meat processing (Worldwide), Wesley Hospital (Australia) and Lion Nathan Brewing (Australia). Operational technology systems support critical infrastructure and attacks on these systems can have consequences on our way of life.

These attacks highlight the importance of a strong cyber security practice which includes preparedness testing, education, monitoring, automation and the incorporation of a strong cyber security architecture for organisations.

How has remote and hybrid work changed the way businesses need to prepare and respond to threats? 

Brian: With the ever-present COVID-19 based lockdowns, organisations are having to adjust to staff working from home. Now employees are using devices that may not be as secured or hardened as found in the traditional office. This has presented cyber criminals with more opportunity to launch attacks against employees and organisations through an extended technology chain.

The first line of defence is to ensure that employees are trained to recognise cyber attacks and understand how they can help the organisation by reporting these attempts.

Businesses need to prepare for and respond to threats by ensuring they have automation tools and processes to address security issues as they occur. Planning is key to ensure that a business can respond and react in the event of an attack.

IBM’s Cost of Data Breach report for 2021 shows that the average cost was US$1.07 million higher in breaches where remote work was a factor in causing the breach, compared to those where remote work was not a factor.

What are the best ways for businesses to protect themselves from cyber threats in 2021 and beyond? 

Brian: I’ll reference the Australian Cyber Security Centre’s recommendations here. To protect themselves from cyber threats in 2021 and beyond, businesses should:

  • Turning on automatic updates for core IT systems
  • Ensuring regular backups are scheduled for critical IT systems
  • Enabling multi-factor authentication
  • Implementing access control systems
  • Training staff to recognise cyber security threats
  • Developing a comprehensive response plan

Organisations need to be able to assess threats and act on them with speed and accuracy to ensure they don’t become a target or a victim of organised cyber criminals. As I mentioned earlier, employees also need to be educated to identify potential threats and provide a first line of defence in combating cyber crime.

Businesses can help improve their defences by deploying tools to automatically identify security information and events from system logs (often referred to as SIEM). This information can be passed through to security orchestration tools (referred to as SOAR) that allow for automated responses to be activated and deploy. Automated tools can then help make the organisations security management teams more effective in deterring attacks.

Implementing access control systems is also a key defensive strategy for organisation. The trend is towards implementing “zero-trust” architecture which assumes that user identities or the network itself may already be compromised and relies on Artificial Intelligence algorithms to continuously validate connections between users, data and resources to reduce the impact of cyber criminals and also of rogue internal users.

Can you talk us through how IBM technology keeps data and apps secure? 

IBM has an extensive portfolio of security solutions, consulting services and technologies that allow customers to identify threats, automate responses and take proactive measures to protect the key assets of a business. Together with offerings that can be deployed across a client’s key assets whether they are on-premises, managed services, cloud-based or a combination of both, IBM has solutions that can assist clients keep their data secure.

In addition, IBM Research are helping to develop new technologies that will protect customer’s critical data from cyber attacks. One example of this is Full Homomorphic Encryption (FHE) which is designed to allow data to be processed while encrypted. This negates the need to unencrypt data while giving access to third parties. This has strategic importance to many industries such as healthcare and finance where data needs to be secured and protected at all times.

How does IBM technology unify data protection and what are the benefits of this? 

IBM technology can unify data protection by providing an open security platform that connects to existing data sources to generate deeper insights and enables organisations to act faster with automation. Whether data resides on IBM or third-party tools, on-premises or multiple cloud environments, IBM’s technology helps find and respond to threats and risks while leaving the data in place where it resides. This allows organisations to uncover hidden threats, make more informed risk-based decisions and respond to incidents faster.

Any final thoughts? 

Cybersecurity is a rapidly evolving area where expertise needs to be deployed to ensure organisations are protected from and can cope with an attack. Organisations need to have active strategies that are updated and tested on a regular basis to minimise the impact of an attack. Investing in a comprehensive cyber security capability before an attack will be a more cost-effective strategy than having to pay a ransom or incur the costs associated with trying to recover the business during an attack. Business reputations can be greatly harmed when such attacks occur, and many organisations are beginning to plan for when they will be attacked, not if they will be attacked.

Want to talk to an expert about making sure there aren’t any gaps in your cybersecurity? Get in touch with our team or sign up for your free storage and backup consultation here.