Worried about cybersecurity? Protection alone won’t cut it
In association with Ekco
The cybersecurity landscape has become increasingly complex over the last few years. Most cyber threats businesses faced 10 years ago were relatively minor infringements, along the lines of script kiddies hoping to get some cred in tech communities. But these days cyber-attacks are prolific and far more nefarious.
Grant Thornton reported last year that cybercrime cost the Irish economy €9.6 billion in 2020, with ransomware accounting for €2 billion. In 2014 cybercrime set back the Irish economy by €614 million – a 1400% increase in seven years. Bearing in mind that inflation over the same period was just 5%, and you get an idea of just how big this problem is.
Ransomware attacks have become much more sophisticated in recent years, with hackers creating environments where they share tools and tips on how to break through organisations’ defence mechanisms for a bounty. The barrier to entry and the difficulty to use these tools has lowered, and even juveniles are gaining access to valuable data.
And while hackers become more informed, employees continue to be the weakest link in a company’s security defences. They may be unaware, for example, that phishing emails are often disguised as communications from someone in their contact list, with seemingly harmless click-through URLs or attachments. And the most recent Uber attack highlighted how even multi-factor authentication (MFA) is not enough when it comes to the human factor. Even regular employee security training is very rarely a match for someone who is caught up in the busyness of a workday or someone who just wants those irritating messages from their ‘work IT system’ to go away.
With this kind of cyber security environment to contend with, it is understandable that C-suite leaders are nervous about their IT security. Our own Ekco study from earlier this year found that 79% of decision makers are concerned about how safe their data and systems are. Despite the various kind of security investments they have made, they still do not feel completely assured that if an incident happens they will be able to protect against it, and most importantly, detect, analyse, and respond to it.
With cyber threat analysis and response, the human factor can be the strongest link. The experts who decipher the alerts that come through the security platforms play a vital role in warding off attacks before they become ransomware fodder. Having experienced and knowledgeable analysts on your cybersecurity team is becoming a non-negotiable in an environment where the frequency of cyber-attacks in Ireland is increasing by 26% year-on-year.
100% protection is impossible
As a first line of defence, it is important for companies to understand that achieving 100% protection from cyber-attacks is not realistically possible. We have seen large multinationals to state security organisations being breached over the last five years, many of which had good protection in place. Protection is first and foremost, but it is also key that a company is able to detect smaller incidents that are ongoing and stop them from growing into something that could become more significant down the line.
Keeping a company’s virtual assets secure is even more challenging now, as our IT environments have transformed so rapidly, with remote working becoming more of the norm since Covid-19. Moving to cloud or hybrid cloud was at one stage just a step in the journey. Now for a lot of organisations it is the endpoint. It’s not just hybrid cloud, it’s multi cloud.
The distinct position we find ourselves in these days is that you can no longer say you have your ‘crown jewels’ well protected behind your firewall. Now pretty much every device and every user is a source or an access point (AP) attack surface that can be compromised and therefore needs to be protected. And so, as organisations look to further use IT and cloud and IoT services to deliver business value, this adds complexity, which adds more attack surface areas and risk.
A vital link in the security chain
This is where having a managed detection and response solution, or managed XDR, comes in. With protection no longer being sufficient, it is important that we also focus on detecting threat actors and responding to those threats. With managed XDR, attack surface areas are not solely areas of vulnerabilities, but also a rich source of information that we can pull data from and determine early on if something’s happening with an organisation’s data security.
With our managed XDR service, we advise clients to have not just a next gen platform for threat detection, but also a tech response component, which looks at behavioural analytics as well as signatures and rudimentary machine learning. Our aim is to build a composite picture and take signals from everywhere we can in our clients’ organisations, such as IoT devices and endpoints, as well as network, security, and cloud infrastructure.
Threat analytics is key in cybersecurity. Having real people with eyes on the platforms 24/7 is key. Machine learning and artificial intelligence are a good starting point, but it does not carefully examine user behaviour inside the organisation. A live Security Operations Centre (SOC), staffed by experienced analysts, looks at inconsistent behaviours and triggered alerts. For example, if a domain admin logs on at 3am, is this an unusual event for this user? If it is an anomaly, it may need to be investigated as it could be a compromised account.
The XDR technology identifies these alerts and generates array signals up the analysts who focus on making sense of that information to build up that composite picture, and decide whether a specific signal needs to be investigated.
Get one worry off your mind
At Ekco, we have the technologies and expertise to offer all aspects of an enterprise-grade managed XDR service, from deployment and configuration all the way up to remediation, user and entity behaviour analysis. Our team of experts have been doing this for over 20 years and so know how to interpret the data from the XDR platform, meaning we can give our customers a layer of security that is beyond just detection.
Paul Hogan is chief strategy and innovation officer at Ekco. To find out more about Ekco’s managed XDR solution here.