Cybersecurity is a journey, not a destination

Presidio’s Brian Lynch caught up with Julia O’Reilly to discuss the lasting impact of the HSE attack, cybersecurity frameworks, and knowing the value of your own data

18 July 2022

In May 2021, Ireland was subjected to a ransomware attack that forced our national health and social services provider to shut down its entire IT system. The Health Service Executive’s (HSE) systems were targeted with Conti ransomware. The stolen data was ultimately restored after the ransomware group handed over a decryption key without having received the €16.7 million ransom. Speaking at the time, CEO of the HSE Paul Reid said the impact of the attack had put some services back 30 to 40 years.

The attack brought cybersecurity to the fore of the national conversation. General awareness of the perils of ransomware increased dramatically and the way we talk about cybersecurity fundamentally changed.

“What happened with the HSE happens on a daily basis, but because it’s a publicly known body whose profile had been further heightened during the pandemic, it was an incredibly prominent story,” says Brian Lynch, cybersecurity solutions principal at Presidio. “There is no doubt that the attack helped raise the profile of cybersecurity threats in general.”




“We were warned”

Months before the event occurred, the National Cyber Security Centre warned of potential ransomware attacks on the health service. “In October 2020, we were warned about the virus, told that it was malicious, and that we should take steps to avoid a serious ransomware attack,” says Lynch.

Unfortunately, the warning was not taken seriously. “Before the HSE attack, a lot of companies ignored these warnings. There was an attitude prevailing along the lines of, ‘that doesn’t affect our organisation, why would anyone want to steal our company information? We are not a global enterprise company with deep pockets?”

In the last six to eight months alone, Lynch and the team at Presidio have helped 10 companies of various sizes and across a range of industries recover from a major cybersecurity event. “Four of those were ransomware attacks. Some were large enterprises, others were medium sized. The nature of the businesses varied, but what they had in common is that they were all clearly targets, and they all got hit.”

Great risk comes when you underestimate the value of your own data, adds Lynch. “That’s a real misconception in the market. Irrespective of the size or nature of your business, cybercriminals want to exfiltrate data to make money. That is their end game.”

Constant battle

The fact is that protecting yourself against criminal gangs, fraudulent activity and ransomware attacks can be highly complex. Lynch says: “It’s a constant battle, but the best chance we have for defence is to conduct industry best practices, follow the rules and regulations, and give recommendations to customers about how they can protect and future proof their environments much more vigorously than the cyber criminals are trying to infiltrate it.”

Cybersecurity frameworks provide a set of best practices that can help organisations determine risk and set controls. For organisations looking to create a more robust cybersecurity compliance programme, Lynch recommends ISO/IEC 27001, which is an international standard on managing information security; the National Institute of Standards and Technology (NIST), which is a governing body that looks at assessment and security; and MITRE ATT&CK, which is a globally accessible knowledge base that looks at trends within cybersecurity and keeps them up to date.

Threat perspective

Cybercrime and threats to companies have been around for a long time, but the technology and malicious nature have significantly changed over the last couple of years. What’s more, when the pandemic stuck and we were forced to work from home, enterprises faced myriad remote access security concerns. “The landscape changed from an IT perspective, and the threat perspective changed too. As enterprises introduced new technology solutions to secure people that were now working remotely, there was a much bigger ask to keep up with asset management.”  

Lynch continues: “When you’re working on your laptop at home, does your company’s IT department know what applications are on your laptop and what applications you’re using? Do they have any control over what you can browse on the internet? Do they update antivirus software on that laptop regularly?”

Asset management

Lynch added: “We’ve seen a lot of companies struggle when it comes to identifying their critical assets and understanding what data and applications they need to secure. We can help companies to identify all of these assets and secure them as well”.

“A few years ago, if you asked an IT Manager if they were familiar with all of the assets across their IT estate, they might be confident that they had good visibility. It might seem foreign now, but people believed they were as secure as they could be. They thought they didn’t need third-party services because they had a firewall in place, and anti-malware protection on their devices.”

Helping hand

With so much responsibility, Lynch says it is often not viable for just one or two key personnel to look after a company’s whole environment. “It’s just not possible anymore. Time and time again, customers tell us that they don’t have the manpower or the resources to manage their security internally. For a single company it can be very costly.”

They can’t afford to do it themselves, but they can’t afford to go without. “As a service provider, we have the resources and the expertise needed to give them a helping hand,” Lynch adds. “When we scale it over multiple companies, we can afford to deliver a service across our base.”

Public understanding

Sometimes companies are afraid to look for that extra bit of help, and they take it all on themselves because that’s how things have always been done. But now there are people with more knowledge around cyber threats that understand just how serious an attack can be.

High-profile attacks have enhanced public understanding of the very real repercussions a company may face if a breach occurs. “I think because of the HSE and lots of other high profile global cases, people are much more aware of the threats that are constantly evolving, which means IT Managers are being taken much more seriously. That certainly helps IT personnel when they’re looking to expand their security budget.”

Determining what’s best

So what makes Presidio stand apart from numerous other service providers in the industry? “Presidio is an IT service management company, not a vendor. We’re not here to sell a particular solution, we’re here to deliver a service to the customer. We can deliver from a budgetary point of view or from a technology point of view. We work with the customer to determine what is best for their environment”.

“We take a practical and futuristic approach to security. We undertake a security assessment of the customer’s environment, provide them with a detailed gap analysis, identify where there might be vulnerabilities and how to fix these. We help our clients remediate any issues that are identified and ultimately make their IT environment much more secure.”

Something else that’s important to Lynch is communication with a client: “We try to break complex ideas down by using layman’s terms. We don’t use highfalutin acronyms. We don’t try and bamboozle people, we actually talk about the basics of being secure.”

Enhanced security

Indeed, there’s a lot more work to be done: “When it comes to cybersecurity, you can’t be complacent, you have to constantly keep on top of it. You have to be able to stay ahead of malicious actors”.

“Security is a journey, not a destination,” continues Lynch. “When you believe you’re 100% secure, that’s when you’re at your most vulnerable. There’s no way any organisation can say they are 100% secure because the nature of cyber threats is constantly evolving and becoming more sophisticated.”

Still, Lynch believes that the cybersecurity industry is more unified now than ever before as a result of the many challenges it faces. “The industry has changed. Today, there’s more communication between security companies. Instead of competing, there’s a feeling that we’re all in this together to fight cyber criminality. We all have the same end goal. The more people that realise that and begin to work together as a team, the better.”

If you are concerned about the security posture across your organisation, one of the most practical things you can do is a Cybersecurity Risk Assessment.  We have a dedicated cybersecurity team that can provide this service.  To talk to one of our Cybersecurity experts, Click here

For further information on our full range of cybersecurity solutions  Click here

Back to Top ↑