August 2021
cybermagazine.com
Cyber Security in the built
Data breaches of the last 10 years
environment Building management systems have revolutionised the facilities management landscape yet advances in technology mean these systems are increasingly susceptible to attack Cyber Security Futureproofing your cyber security investment Digital Ecosystems Fighting back
Presidio Managing migration risk BSI Cyber Enabling cyber-resilience in the area of emerging technology Teranet Cyber security and zero trust solutions in an agile world
Never miss an issue!
+ Discover the latest news and insights about Global Cyber...
JOIN THE COMMUNITY
The Cyber Team EDITIOR-IN-CHIEF
VIKKI DAVIES
EDITORIAL DIRECTOR
SCOTT BIRCH
PRODUCTION DIRECTORS
GEORGIA ALLEN DANIELA KIANICKOVÁ PRODUCTION MANAGERS
OWEN MARTIN PHILLINE VICENTE JENNIFER SMITH PRODUCTION EDITOR
JANET BRICE
CREATIVE TEAM
OSCAR HATHAWAY SOPHIE-ANN PINNELL HECTOR PENROSE SAM HUBBARD MIMI GUNN JUSTIN SMITH REBEKAH BIRLESON DUKE WEATHERILL JORDAN WOOD VIDEO PRODUCTION MANAGER
KIERAN WAITE
DIGITAL VIDEO PRODUCERS
SAM KEMP EVELYN HUANG HABBIE AMOS JACK NICHOLLS MARTA EUGENIO MOTION DESIGNER
TYLER LIVINGSTONE MARKETING DIRECTOR
ROSS GARRIGAN
MARKETING MANAGER
ANDREW STUBBINGS PROJECT DIRECTORS
KRIS PALMER MIKE SADR
BEN MALTBY TOM VENTURO MANAGING DIRECTOR
LEWIS VAUGHAN
EXECUTIVE ASSISTANT
JORDAN HUBBARD MEDIA SALES DIRECTORS
JASON WESTGATE
CHIEF OPERATIONS OFFICER
STACY NORMAN PRESIDENT & CEO
GLEN WHITE
FOREWORD
United we stand Welcome to the very first edition of Cyber Magazine. The vital role that cyber security plays in protecting our privacy rights, freedoms, and everything up to and including our physical safety is more prominent than ever before.
“An increase in hacker threats worldwide has created a boom in cybersecurity”
CYBER MAGAZINE IS PUBLISHED BY
Having written about technology in all its guises for the last 20 years, I am delighted to be editing Cyber magazine at such a crucial time. An increase in hacker threats worldwide has created a boom in cybersecurity and it has been predicted the cybersecurity market could reach $400bn by 2026. Israel’s Prime Minister Naftali Bennett recently said he views cyberattacks as one of the greatest threats to Israel’s national security and the world. Israel is launching an international cybersecurity network for like-minded countries to fight threats together. He said: “If you try and fight alone, you’re going to lose. If you fight together, you’re going to win.” Cyber magazine does just that. We’ve created a digital community for the cyber security industry and everyone fighting cyber crime to come together and share their news, views and latest innovations. I hope you enjoy the first issue, I look forward to hearing from you.
VIKKI DAVIES
vikki.davies@bizclikmedia.com
© 2021 | ALL RIGHTS RESERVED
cybermagazine.com
3
THE ULTIMATE TECHNOLOGY, AI & CYBER EVENT SEPTEMBER
14th - 16th STREAMED LIVE FROM TOBACCO DOCK LONDON A BizClik Media Group Brand
Confirmed Speakers Include: Danny Attias
Chief Digital & Information Officer Anthony Nolan
Marcell Vollmer
Chief Digital Officer Boston Consultant Group
Kate Maxwell
Chief Technology Officer Microsoft
Renata Spinks
CISO United States Marine Corps
Scott Petty
Chief Technology Officer Vodafone
EARLY BIRD TICKETS HERE
Creating Digital Communities
CONTENTS
Our Regular Upfront Section: 10 Big Picture 12 The Brief 14 People Moves 16 Timeline: Most common types of attacks 18 Trailblazer: Eugene Kaspersky 20 Five Mins With: Ryan Bradbury
46
Cyber Security
Futureproofing your cyber security investment
24
Presidio
Managing migration risk
54
BSI Cyber
Enabling cyber-resilence in the era of emerging technology
90
Digital ecosystems Fighting back
68
Networks and applications Cyber security in the built enviroment
96
The Judge Group
Hiring expert talent post Covid and beyond
76
110
Reducing the threat landscape for your ICS
The positive effects of AI on cyber security
TXOne Networks
Technology and AI
Start Today
118
Teranet
Cyber security and zero trust solutions in an agile world
132 Xxxxx
Top 10 Xxxx Xxxx Xxxx Xxxx
Data breaches Xxxx Xxxx Xxxx of the last 10 years
144
Cloudflare
On a mission to help build a better internet
BIG PICTURE
10
August 2021
Parliament of Australia Canberra, Australia
The Australian goverment and major corporations have fallen victim to a string of cyber attacks in recent years. The country’s vulnerability to hackers was thrust into the limelight once more with two recent attacks on Australia’s Channel Nine TV network and its Parliament in Canberra. Nine said it was investigating whether the hack was "criminal sabotage or the work of a foreign nation". Australia's Parliament was investigating issues affecting an "external provider".
cybermagazine.com
11
THE BRIEF “It's critical to take the right steps to keep people protected without sacrificing productivity” Audra Simons
Director of Research and Engineering, Forcepoint
BY THE NUMBERS 86% of breaches were financially motivated and 10% were motivated by espionage
86%
10%
READ MORE
“Securing an enterprise is far more than ensuring the CIO builds the right technical controls” Chris Gaines
Cyber Security Leader PwC UK READ MORE
“We’re seeing an increase in malicious actors targeting workloads because it is harder for organisations to monitor them” Greg Foss
Senior Cybersecurity Strategist VMware Security Business Unit READ MORE
12
August 2021
45%
of breaches featured hacking
17% involved malware
22% involved phishing
A survey by Verizon Threat Research Advisory Centre examined US data breaches in 2020.
The positive effects of AI on cyber security
We speak to Forcepoint on modelling user behaviour and data interaction to detect malevolent activity.
Cyber security in the built environment
Building management systems have revolutionised the facilities management landscape yet advances in technology mean these systems are increasingly susceptible to attack.
Futureproofing your cyber security investment
With cybersecurity attacks on the rise we look at how futureproofing can help you minimise the risk.
Cyber security and healthcare
Statistics based on research by Cloud Security company Wandera Over the past decade, the cyberthreat to the healthcare industry has increased dramatically, along with the sophistication of cyberattacks. Industry and government both recognise this new era. For each improvement delivered by automation, interoperability, and data analytics, the vulnerability to malicious cyberattacks increases as well. Cyberattacks are of particular concern for the health sector because attacks can directly threaten not just the security of systems and information but also the health and safety of patients. Thousands of healthcare organisations have been targeted by cybersecurity threats in the last few years, with hospitals accounting for 30% of all large-scale data security incidents. A healthcare data breach costs a whopping $7.13mn on average when compared to other sectors. The healthcare industry is closely followed by the energy and financial sectors, at $6.39mn and $5.85mn cost per data breach. However this is a table no one wants to be leading. The cost of healthcare breaches has risen from $6.45mn, a 10% increase between 2019 and 2020. When compared to other industries, the latest data shows healthcare experienced the second-highest increase in cost-per-breach in 2020, just behind energy.
NATIONAL CRIME AGENCY Student Zain Qaiser, 24, has been jailed after taking part in the UK's most serious case of cyber crime. He worked with a Russian crime group to targeted millions of computers with malicious browser-locking software. LEEDS UNITED FOOTBALL CLUB Leeds United has revealed its tightening its cyber defences after rival Manchester United was hacked as criminals scale up attacks during the pandemic. The club fears losing millions of pounds if transfer data is stolen.
W I N N E R S AUG21
MICROSOFT More than 3,000 email servers remain at risk from the global Microsoft Exchange email flaw. The National Cyber Security Centre said it estimated 7,000 servers had been affected and only half had been secured.
CNA FINANCIAL The American-based insurance company was hit by a new ransomware variant called Phoenix Cryptolocker. The site says over 15,000 computing devices on the CNA network were encrypted, including those working from home.
L O S E R S
cybermagazine.com
13
PEOPLE MOVES LAURIE DORAN FROM: CENTRAL INTELLIGENCE AGENCY TO: NEW JERSEY OFFICE OF HOMELAND SECURITY
WAS: CIA AGENT NOW: ACTING DIRECTOR OF THE STATE’S OFFICE OF HOMELAND SECURITY POLICY
Laurie Doran, a former CIA agent, will serve as the acting director of the state’s Office of Homeland Security Policy, following the departure of longtime homeland security chief Jared Maples. Doran, who had been the homeland security office’s director of intelligence and operations, will eventually be nominated for her new role, which is subject to confirmation by the state Senate, and join Murphy’s Cabinet, the governor’s office has said. Before joining state government in 2018, Doran spent 32 years at the CIA, mostly as an operations officer serving overseas, officials said.In addition to traditional functions like counterterrorism and emergency preparedness, New Jersey’s homeland security office counts cybersecurity among its core missions, a rarity among states, most of which make it part of the broader IT operation. 14
August 2021
“I look forward to carrying on our mission and thank Governor Murphy for this opportunity”
MOHIT GUPTA FROM: MOTHERSONSUMI INFOTECH AND DESIGNS LIMITED TO: MOTHERSON SUMI WAS: CISO NOW: CISO
WILL LUKER FROM: SA GOT TO: SA GOT WAS: CYBER SECURITY AND EMERGENCY MANAGEMENT NOW: CISO The SA government has found its new
Motherson Sumi has promoted Mohit Gupta as its Group Chief Information Security Officer. He will report to the company's Group CIO. Motherson is a global conglomerate of companies spread across 42 countries with over 270 plants; which comprises listed and non-listed companies. Founded in 1975, Motherson is one of the world’s leading auto component makers, supplying to all car manufacturers across the world through its facilities spread across five continents with over 135,000 employees. Driven by technology and innovation, Motherson reiterated its vision 2025 with an ambitious target of $36bn consolidated revenue in FY20-25. In the new role Gupta will be responsible for improving overall security posture of Motherson group companies. Prior to this new role, Mohit was CISO of MothersonSumi INfotech and Designs Limited, an IT division of Motherson Group.
permanent chief information security officer from within after the top job was vacated earlier this year.Will Luker takes the post. He had spent five months acting in the role following the departure of inaugural government CISO David Goodman, who resigned in January. Goodman has since become cyber security and hi-tech director in the state’s Department of Innovation and Skills.Luker has spent the past seven years working in cyber security and emergency management at the department, including two-and-a-half as a senior manager. He has also previously worked in the state’s Office of the Chief Information Officer between November 2010 and September 2014. cybermagazine.com
15
TIMELINE
MOST
COMMON TYPES OF
AT TACKS
With cyber attacks on the rise, it’s crucial to have a grasp of the most common types of attacks and where they come from. With the help of Varonis, a pioneer in data security and analytics, here’s what you need to look out for this year
16
1
2
Malware
Ransomware
Phishing
One in 13 web requests lead to malware and 94% of malware is delivered by email
Ransomware detections have been more dominant in countries with higher numbers of internetconnected populations. The US ranks highest with 18.2% of all ransomware attacks
After declining in 2019, phishing increased in 2020 to account for one in every 4,200 emails
August 2021
3
4 Internet of Things (IoT) IoT devices experience an average of 5,200 attacks per month
5 Distributed Denial of Service (DDoS) By 2023, the total number of DDoS attacks worldwide will be 15.4 million.
cybermagazine.com
17
TRAILBLAZER
LEADING THE WORLD OF CYBER SECURITY CEO OF
EUGENE
KASPERSKY E
ugene Kaspersky is a world-renowned cyber security expert and successful entrepreneur. He is a co-founder and the Chief Executive Officer of Kaspersky, the world’s largest privately-held vendor of endpoint protection and cyber security solutions. Eugene began his career in cyber security accidentally when his computer became infected with the ‘Cascade’ virus in 1989. Eugene’s specialised education in cryptography helped him analyse the encrypted virus, understand its behavior, and then develop a removal tool for it. After successfully removing the virus, Eugene’s curiosity and passion for computer technology drove him to start analysing more malicious programmes and developing disinfection modules for them. This exotic 18
August 2021
“International co-operation is the only way to fight cyber crime” collection of antivirus modules would eventually become the foundation for Kaspersky’s antivirus database. Today the database is one of the most comprehensive and complete collections in cyber security, used in detecting and preventing systems from being infected by more than 500 million malicious programs. Further pursuing his passion for defensive technologies, in 1990 Eugene started gathering a team of like-minded enthusiast researchers to create the AVP Toolkit Pro antivirus programme, which, four years later, was recognised by the University of
4,000
professionals and IT security specialists in
34
dedicated regional offices across
31
countries are employed by Kaspersky
Hamburg as the most effective antivirus software in the world. Wishing to combine their successful track record of antivirus programming with their entrepreneurial vision, Eugene and his colleagues decided to establish their own independent company. In 1997 Kaspersky was founded, with Eugene heading the company’s antivirus research. In 2007 he was named Kaspersky’s CEO. Today Kaspersky is one of the fastest growing IT security vendors worldwide, operating in almost 200 countries and territories worldwide. The company employs more than 4,000 professionals and IT security specialists in 34 dedicated regional offices across 31 countries, and its cyber security technologies protect over 400 million users around the world.
Kaspersky’s globally renowned team of experts has investigated some of the most complex and sophisticated cyberattacks ever known, including Stuxnet, Flame, and Red October. The company also cooperates extensively with INTERPOL, Europol, and national police bodies to actively assist them in their fight against cybercrime. Eugene is influential among politicians and security experts. He has warned about the possibility of cyberwarfare that targets critical infrastructure. He speaks at conferences advocating for an international cyberwarfare treaty that would ban government-sponsored cyberattacks. “International co-operation is the only way to fight cyber crime,” he wrote in a recent blog that appeared on his website. cybermagazine.com
19
FIVE MINS WITH...
RYAN BRADBURY
Q. WHAT IS YOUR BIGGEST PIECE OF ADVICE FOR BUSINESSES ASSESSING THEIR CYBER SECURITY?
DIRECTOR OF
work tomorrow. Every business, every infrastructure has undergone massive change over the last 12 months due to the pandemic. We advise organisations to prepare for ‘when’ a cyber incident or attack will happen, not for ‘if’ one will happen. This can be a hard thought for businesses to compute and accept, but the cyber threat landscape is evolving all the time and it must become a priority to make every effort to keep up and even try to get ahead. ‘Futureproofing’ your cyber security is an investment worth making, that is a simple fact. The more complex matter is the ‘how’ and the truth is that cyber security is not a science and there is no one-size fits all answer.
A cyber security consultancy enabling organisations to combat cyber threats and reduce risks. We spoke to him about the crucial aspects of cyber security every business, no matter their size, should focus on.
» What’s working today might not
Q. HOW SHOULD BUSINESSES GO ABOUT CREATING A CYBER SECURITY STRATEGY?
» A robust cyber strategy will minimise
exposure to cyber threats. To build this strategy you must begin with a security assessment starting with a comprehensive review of your people, process and technology. This three-part process will help you to understand your current cyber security posture, and most importantly allow for those all-important recommendations for change.
“Don’t let your policies become an unused and unknown document safely filed away” 20
August 2021
“Prepare for ‘when’ a cyber incident or attack will happen, not for ‘if’ one will happen”
Q. WHAT THREE CRUCIAL ASPECTS OF CYBER SECURITY SHOULD BUSINESSES FOCUS THEIR IMMEDIATE ATTENTION ON?
» Firstly, to educate your users.
Build a human firewall to act as your first line of defence by ensuring colleagues know what to look out for and how to respond. Secondly, to develop a clear set of cyber security policies. Identify the organisation’s assets, the controls in place to protect them and instructions on how to identify, contain and recover from a cyber attack. Thirdly, to practice your cyber policies and procedures. Don’t let your policies become an unused and unknown document safely filed away. Simulate an attack and put your incident response plan to use to identify how effectively your business responds. cybermagazine.com
21
Top 100 Leaders in Technology September 2021 To be announced at the Technology & AI LIVE Event NOMINATE NOW
A BizClik Media Group Brand
Creating Digital Communities
PRESIDIO
24
August 2021
PRESIDIO
MANAGING MIGRATION RISK WRITTEN BY: JOHN O'HANLON
PRODUCED BY: TOM VENTURO
cybermagazine.com
25
PRESIDIO
We talk to Dave Trader, Vice President and Field Chief Information Security Officer (CISO) of Presidio, a role we have seen evolve rapidly as cyber attacks have grown in number and severity
I
n the words of Gartner, “Many security teams have overinvested in a plethora of tools. As a result, they are also suffering from alert fatigue and multiple console complexity and facing the challenges in recruiting and retaining security operations analysts with the right set of skills and expertise to effectively use all those tools.” Facing this dilemma is the stock-in-trade of Presidio, through its full life cycle model of professional, managed, and support services including strategy, consulting, implementation and design – and above all security. The company has demonstrated its expertise in helping customers design, architect, build, migrate and manage their workloads by building close partnerships with all the major infrastructure and cloud providers - including Microsoft, Google, Palo Alto, Red Hat and IBM - and in February 2021 achieved Premier Partner status within the AWS partner network. In the last year Presidio has brought into its portfolio two companies that extend both its global reach and its full-stack capability. Coda adds software development and coding abilities the company didn't have before, while Dublin-based Arkphire brings access to wider global markets.
26
August 2021
Dave Trader Vice President and Field Chief Information Security Officer (CISO)
PRESIDIO
PRESIDIO
Managing migration risk
However, alongside infrastructure delivery, Presidio has developed unique expertise around cloud, collaboration and crucially cybersecurity. The level of threat has rocketed this century as new ways of using, accessing, and storing data are adopted and vulnerabilities proliferate. “We are able not only to help companies transition and transfer their workloads to the cloud, but also we can effectively enable them to secure those workloads,” says Dave Trader, who has been Presidio's Cybersecurity Practice Lead since the beginning of 2019, and global Field CISO since January 2021. He is one of the industry's leading security experts with 20 years' experience, including eight years with 28
August 2021
the Marines specializing in critical military security and communications, and most recently Chief Information Security Officer at GalaxE Solutions. He's also a graduate of the FBI CISO Academy, one of fewer than 200 since the program was inaugurated in 2015. Since early 2020 the market has seen a rush to migrate to the cloud. “We are trying to get applications closer to the user, which raises issues around latency and security concerns about the right way to achieve that as the workforce moves from office to home,” says Trader. “We have moved from 'cloud first' to 'cloud right'. We start with an evaluation so that we can advise as to whether cloud is really best for this client and if so in what configuration.”
PRESIDIO
DAVE TRADER TITLE: VICE PRESIDENT AND FIELD CHIEF INFORMATION SECURITY OFFICER (CISO) INDUSTRY: TECHNOLOGY SECURITY
Intrinsic Security and vSOC Security can't be an add-on anymore. Security baked into everything from code to the DevSecOps space right through to deployment at the edge is what Dave Trader calls intrinsic security. “AWS is a good example of that in the cloud space. We believe that security has to be in the process every step of the way as we test the environment and look for gaps and vulnerabilities that we can exploit.” His team rigorously looks for cracks in the clients' systems, then makes sure they are all sealed. Since his arrival Trader has made a point of highlighting certain key services. “I've really tried to double down on our virtual security operations center (vSOC) services and bring
EXECUTIVE BIO
LOCATION: NEW YORK Dave Trader holds numerous CyberSecurity certifications; including CISSP. He has received numerous endorsements from the Department of Homeland Security, FBI, and NSA and is a graduate of the FBI CISO Academy. A results-driven leader, MBA graduate, and senior-level IT Executive offering years of experience, Dave creates secure network environments for large, global enterprises as a Chief Information Security Officer. Dave has the ability to build an entire Cyber Security program from the ground up. He has created a template for a successful cybersecurity program and is constantly evaluating against that template. Dave has an extensive networking and technology background with broad security experience and success in applying cutting-edge approaches to incoming threats by joining the tactical military strategy he obtained in the United States Marine Corps to a practical enterprise application.
Never trust, always verify Okta as the core of Zero Trust Okta is the leading independent identity provider. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time.
Learn more
Watch about the partnership between Okta and Presidio
Okta: identity for the internet Okta’s vision is a world where everyone can safely use any technology: its promise, to protect the identities of all users, while asking “what more can we make possible?” Today IT leaders cite secure employee access as their primary focus, thanks largely to an explosion in remote working. “One of the scariest parts of the quick switch to remote work is the need to move quickly and securely,” says Brock Dooling, Partner Alliances Engineer at Okta, a trusted platform to secure every identity, from customers to workforce. More than 10,000 organizations trust Okta’s software and APIs to sign in, authorize, and manage users. Getting identity right is really important – but complicated. Clients can use Okta to enable their users to sign in with a username/password or with their social accounts like Google or Facebook using pre-built sign-in components from Okta. “After the user has signed in, you can retrieve their user profile, secure your APIs and application backends so that only authorized users and applications can call them. With Okta clients can use their existing stack to build sign in, protect their APIs and move on with their lives!” That message is not lost on Okta’s
partners. Recently the CTO of lifecycle managed services provider Presidio Dave Trader told us: “Okta has been a huge help in managing secure user authentication, while allowing developers to build identity controls into applications, website web services and devices.” Password access is notoriously vulnerable, so automation of user authentication is at the top of the developers’ agenda. Okta FastPass is already delivering passwordless login using default authentication implemented through biometric capabilities, rather than only by user-specific certifications. On March 4 2021 Okta acquired a complementary authorization platform. It will continue to support and expand Auth0, with a view to eventual integration. “Together, we will shape the future of identity on the internet,” promises Brock Dooling. “Okta and Auth0 address a broad set of identity use cases, and our identity platforms are robust and extensible enough to serve the world’s largest organizations and most innovative developers.”
Learn more
PRESIDIO
DID YOU KNOW...
THE 20 CIS SECURITY CONTROLS
32
Basic CIS Controls 1. Inventory and Control of Hardware Assets 2. Inventory and Control of Software Assets 3. Continuous Vulnerability Management 4. Controlled Use of Administrative Privileges 5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers 6. Maintenance, Monitoring and Analysis of Audit Logs Foundational CIS Controls 7. Email and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports, Protocols and Services
August 2021
10. Data Recovery Capabilities 11. Secure Configuration for Network Devices, such as Firewalls, Routers and Switches 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Control 16. Account Monitoring and Control Organizational CIS Controls 17. Implement a Security Awareness and Training Program 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises
PRESIDIO
those forward.” A vSOC, he explains, is an outsourced, comprehensive, round-theclock data monitoring solution that enables a company to identify threats as they arise. “We saw a gap in the market where we found companies building their own SOC. That can work for a while for companies but ends up enveloping their entire team as the vulnerabilities overwhelm them. They were looking for some help and we saw an opportunity to bring in our expertise and promote internal enterprise security teams so they can handle major events, while we are at hand to deal with the day-to-day events and protect their environment. We have been able to build a great practice around that.”
Traditionally, security events have been viewed through aggregating or logging programs like Palo Alto's Prisma, he explains. “When those logs and events come in they typically go to a security center dashboard or platform, but we now see clients getting overwhelmed with a host of lower level alerts. They'd never be able to hire enough analysts to cope with the onslaught of events. That's why our managed service component utilizes automation to the hilt to combat the problem of alert fatigue. We are doing that very successfully with the help of partners like Palo Alto and others, fighting automated attacks with our own machine learning defenses: our team here at Presidio has built a first class offering and a first class vSOC service.” cybermagazine.com
33
PRESIDIO
5-STAR MILITARY-GRADE CYBERSECURITY FOR ALL Rapid cyber incident response and early cyber threat detection. Contact your Presidio representative today. LEARN MORE
PRESIDIO
Another benefit for Presidio's vSOC is its portability. Clients can stay with platforms they have in place – automation enables the solution to run without the end user noticing any change. “Customers tell us they had no idea that level of automation was even possible and are really enjoying the insights and outputs they are getting through being able to leverage the automation we have baked in through APIs.” Covid opportunities and challenges In March 2020 Presidio saw a freeze on travel and has since worked mainly from home. “Generally, about 70% of people now work entirely from home,” says Trader. “That brings with it a lot of security concerns, for example shadow IT. We saw VPN licensing go through the roof. The home network may be insecure, and once it is connected to the office network, others using a shared device may be downloading malware through games or social media. Cybercriminals look for their chance, well aware of the wormholes that can open up this way.” The secure access service edge (SASE) is made front and center of his conversations
with clients. “Latency became a problem. We had engineering companies and architects that were spending six or seven hours downloading blueprints they were working on at home, rather than the secure networks they had in the office. That placed a focus on identity access management and real-time assessment of the end user at the end-point. That is why identity is so important: the perimeter has shifted!” Addressing the end-point required user and entity behavior analytics (UEBA), a process of gathering insight into the network events that users generate every day. It can pick up
“ I have seen companies where up to 50% of their network is scorched earth, irrecoverable” DAVE TRADER
VICE PRESIDENT AND FIELD CHIEF INFORMATION SECURITY OFFICER (CISO), PRESIDIO cybermagazine.com
35
PRESIDIO
the 'impossible traveler' where a user appears to interact with the same resource from two different locations but could not possibly have made that trip in that time. “We'd have to ask that user to add another layer of validation, and we are seeing companies adopt that, which is very encouraging,” says Trader. One of Presidio's main partners Cisco has a gold standard UEBA solution in DUO, which is scalable, easy and inexpensive to set up. “I see DUO becoming integrated with identity access planning at many enterprises and it is really working out well.” COVID-19 has proved that a dispersed workforce can work as well as a concentrated one, so this is likely to become a permanent change. However, in most cases people are working on systems that the company does not own or control so
PRESIDIO
“ We tackle alert fatigue very successfully with the help of partners like Palo Alto and others, fighting automated attacks with our own machine learning defenses: our team here at Presidio that has built a first class offering and a first class vSOC service” DAVE TRADER
VICE PRESIDENT AND FIELD CHIEF INFORMATION SECURITY OFFICER (CISO), PRESIDIO
what used to be called BYOD has morphed into MDM, or mobile device management. This enables IT departments to secure, monitor, and manage end-user mobile devices from smartphones, tablets, laptops, and even IoT devices. “Nevertheless, I'd say that 70% of companies are not doing validation on their employees' devices ahead of time, so these systems may not have antivirus and we are seeing compromised systems being allowed into enterprises,” cautions Trader. “Hacking organizations are aware of this and I have seen them purposefully seeking out these back doors to the enterprise networks. I have also seen an uptick since November 2020 of hacking organizations doubling down on ransomware in almost every vertical.” Prevention better than cure The problem is very serious: Trader is getting around four calls a week from cybermagazine.com
37
PRESIDIO
Discover Your Security Maturity Score Is your organization on the right path as you navigate today's cybersecurity landscape? Find out in just a few minutes by taking our Security Operaaons Maturity Assessment.
LEARN MORE
PRESIDIO
major companies under attack despite taking reasonable care. “We are helping companies recover and step through triage, getting them stabilized and moving them through into recovery. But I have also seen companies where up to 50% of their network is scorched earth, irrecoverable. A situation like that is an existential threat for a business. But I am trying to have more conversations on the proactive side so that firefighting is not needed. But even if you do everything I would prescribe as best practice it doesn't mean that a state-sponsored entity won't be able to breach your defenses with some kind of ransomware or other form of cyber-attack.” This may seem bleak, but Presidio and its partner ecosystem have the best minds in cybersecurity focused on staying ahead in this war. “In 2021,” he says, “ransomware will pick up, so our trusted advisor position will become even more relevant. Many more companies are hiring CISOs, and their conversations are going direct to the board. I have been doing presentations at the board level to give them a perspective on cyber threats and best practice solutions. My
“ I see monumental opportunities in what our security practice can accomplish in 2021” DAVE TRADER
VICE PRESIDENT AND FIELD CHIEF INFORMATION SECURITY OFFICER (CISO), PRESIDIO
message is that this mountain is not insurmountable. If you get the fundamentals right and follow best practice you can prevent the majority of the issues that are happening all around the world. We are continually
investing in additional capabilities to provide cybersecurity consulting, advisory services and vSOC/MDR+ services our customers are consuming”
PRESIDIO
Partnership, and cooperation In the war against cyber attackers, alliances become vital. “I rely heavily on what our partners bring to the table,” insists Dave Trader. “We work with tremendous partners, depending on their specific specialty. Palo Alto and Cisco are always our number one and two partners across the board. They do a great job full stack, and they have solutions around everything we have talked about today.” 40
August 2021
Cisco is working on SecureX, an open, cloud-native platform that connects Cisco's integrated security portfolio with those of customers for a simpler, more consistent experience across endpoints, cloud, network, and applications. “SecureX will be the hub joining the spokes of all Cisco's security products and that is really working out well. We engage well with them because so many customers leverage the full portfolio of services they have.”
PRESIDIO
“I'd say that 70% of companies are not doing validation on their employees' devices ahead of time, so these systems may not have EDR and we are seeing compromised systems being allowed into enterprises” DAVE TRADER
VICE PRESIDENT AND FIELD CHIEF INFORMATION SECURITY OFFICER (CISO), PRESIDIO
INDUSTRY Technology security
3,000
Number of employees
For the rest, he is guided by his customer. “When we go into a customer's environment and ask them to lay out the controls they have in place to protect themselves, I am actively listening for over a dozen key areas.” Basically, he follows the NIST-CSF governance controls, and as he goes through those domains, customers tell him which solutions they prefer and have adopted. “I routinely find they have covered most of the best practice controls, but I introduce some partners they may not have considered.” He always starts with the data. “With the edge dissolving if you don't have a good handle on who is accessing your data, when, where and how, you can quickly lose your grip on it. Varonis is a good example because they really understand how the data is encrypted, how it lives and breathes and traverses the network.” If we start with the data, we know what we’re protecting. If we secure the data properly and absolutely, we have less risk when an intruder does get into the network. Varonis provides outstanding visibility to that data and helps us understand the level of security needed. cybermagazine.com
41
PRESIDIO
Data Security Platform The most powerful way to find, monitor, and protect sensitive data on premises and in the cloud
Data Protection
Privacy & Compliance
Threat Detection & Response
Get a free data risk assessment. GET STARTED
Trusted by thousands of the world's most secure organizations.
www.varonis.com
PRESIDIO
To address incident response issues, a partner he might suggest would be CyberDefenses. “I have done multiple engagements with this team. They bring rigor to the security response, bringing in forensics, knowing how to run triage then move on through stabilization to recovery. They can find out not only how the target was compromised but what was taken and what this event looks like from a governance risk and compliance perspective. Presidio works really well with CD throughout the incident performing remediation steps including professional services and additional consulting to recover the business operation.”
Many attacks get through because the alert was missed or not actioned. He has found Arctic Wolf a dependable ally for its (SIEM) offering. “From a concierge perspective my customers feel that Arctic Wolf has a handle on everything they do.” Though at first glance some of these services may seem to compete with Presidio's in-house portfolio, partners are essential in delivering successful outcomes.. “Where I can I always lead with Presidio's services, but there are situations where we need to bring in partners.” One problem facing the end user may be different dashboards that complicate authentication. To overcome this, he has found Okta a big help in managing cybermagazine.com
43
PRESIDIO
PRESIDIO
“ SecureX will be the hub joining the spokes of all Cisco's security products and that is really working out well” DAVE TRADER
VICE PRESIDENT AND FIELD CHIEF INFORMATION SECURITY OFFICER (CISO), PRESIDIO
secure user authentication, while allowing developers to build identity controls into applications, website web services and devices. “In practice I may have different options to suggest. I feel that IAM (Identity Access Management) is a cornerstone for so many broader security methodologies like Zero Trust, SASE, and others. Okta does a great job helping with IAM at every level from CASB through MFA. I have many larger enterprise companies that utilize Okta as their primary identity partner and they are incredibly happy with the versatility.” These partners and many others are bringing in new applications and services all the time, so here Presidio's strength is knowing exactly what is in development. This work will continue, he promises. “My team is going to continue to grow: we are hiring across the country and across the world and we are going to continue to be able to support our customers in every region. I see monumental opportunities in what our security practice can accomplish in 2021.”
cybermagazine.com
45
CYBER SECURITY
FUTUREPROOFING
YOUR CYBER SECURITY INVESTMENT With cybersecurity attacks on the rise we look at how futureproofing can help you minimise the risk WRITTEN BY: VIKKI DAVIES
M
inimising the threat of a cybersecurity attack is a day-to-day struggle for many businessesin the current climate. According to a recent Pricewaterhouse Coopers (PWC) survey, the rapid pace of digital transformation due to the COVID-19 pandemic, which saw businesses move services online, supply chains disrupted and employees work from home, has pushed cybersecurity to the top of the agenda for CEOs. Ninety-one per cent of UK CEOs appearing in PWC’s 24th Annual CEO survey said they were concerned about the threat of cybersecurity risks, up from 80% last year and the highest figure ever recorded since CEOs were first asked about cyber threats in the survey. With cybersecurity attacks on the rise and threats coming from multiple angles, having a futureproof risk management plan is essential for businesses of all shapes and sizes. Ed Martin, Director of Product Management at American Cybersecurity company Secureworks, says:
46
August 2021
CYBER SECURITY
cybermagazine.com
47
Enabling educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience. EXPLORE THE 3D EXPERIENCE
CYBER SECURITY
“The key to success is to plan for all eventualities, including what to do if a breach occurs, while still taking a strategic approach to minimising risks. A risk management plan should cover every aspect of where threats are likely to arise and what to do when they occur.” The COVID-19 pandemic changed the world of work and infrastructure was transformed overnight for many organisations. A sudden switch to remote working, increased use of cloud services and greater reliance on personal devices created a significantly expanded attack surface for many enterprises. Security operations teams have become overwhelmed with alerts and unable to pivot away from daily tactical firefighting to more strategic, proactive threat hunting
and organisations continue to respond by adding security tools to their technology stack further enabling an uncoordinated approach to securing data and devices. Security staff are overloaded, made worse by a reported severe shortage of qualified cyber security professionals and lack of staff training for in-house teams. Martin says: “The global nature of the pandemic saw the targeting of healthcare, pharmaceutical, and government organisations including laboratories researching Coronavirus by both nation-states cybermagazine.com
49
CYBER SECURITY
and financially motivated cybercriminals. And attacks targeted to exploit changes due to the pandemic didn’t slow the constant barrage of zero-day, ransomware attacks or data breaches organisations face, as demonstrated by incidents relating to SolarWinds in the US and Microsoft Exchange across the globe. “Of course, there will always be changes in the work environment. Companies grow, sometimes by merger or acquisition and in doing so may open themselves to threats they have not previously experienced. Risk management plans need regular revision and updating.” Ernst and Young’s Global Consulting Cybersecurity Leader, Kris Lovejoy, says a future risk management plan created in 2021 will likely look very different from just one year ago, as there are new risks to worry about. “With people returning to work in various configurations and normal operations resuming, CISO’s need to anticipate that some employees will be reluctant to return and continue to work remotely, shortages and supply chain risks will continue to disrupt normal business and insider threats remain high as staff members’ futures remain unclear. Nation-states will continue to exploit the persistence obtained previously, InfoSec will continue to uncover historical breaches while managing ongoing significant ransomware risks and companies will invest in infrastructure as emphasis on resiliency and contingency planning is renewed.” Kris says cybersecurity strategy and road maps, as well as security governance, management and operational structure, need to be realigned. “Risk assessment methodologies should be revised to reflect revised operational requirements and new KPIs and KRIs for business stakeholders will 50
August 2021
“ Securing an enterprise is far more than ensuring the CIO builds the right technical controls. It is about simplifying the organisation to be securable” CHRIS GAINES
CYBER SECURITY LEADER, PWC UK
PwC Cyber Security
be necessary to reflect cyber performance in this new world,” she adds. Planning for the future Understanding the inherent risks is, of course, an important part of the cyber security puzzle, yet to createa truly futureproof cybersecurity risk management plan, there’s lots of work that needs to be done in house according to Chris Gaines, Cyber Security Leader at PWC UK. “With every area of every organisation now more reliant on technology, and more reliant upon the technology of suppliers and other organisations within their ecosystem, business leaders need to appreciate the role they must play in securing their organisation,” he says.
“Securing an enterprise is far more than ensuring the CIO builds the right technical controls. It is about simplifying the organisation to be securable. It is about assessing, understanding and managing the cyber risk impact of every business decision. And it is about recognising that much of cybersecurity risk originates from vulnerabilities outside their organisation. CEOs are right to be concerned about cyber security risk but the challenge they face is shaping their organisations to be securable. However, this period of change we find ourselves in presents the perfect moment to face into that challenge,” he adds. PWC’s Global DTI 2021 survey found that more than half of businesses are expanding their cybersecurity teams. cybermagazine.com
51
CYBER SECURITY
“ Risk management plans need regular revision and updating” ED MARTIN
DIRECTOR OF PRODUCT MANAGEMENT, AMERICAN CYBERSECURITY COMPANY SECUREWORKS
52
August 2021
CYBER SECURITY
Three-and-a-half million people globally are needed for cybersecurity jobs in 2021 because despite the advancement of technology, it is still human error which poses the biggest threat to data security. Therefore, cybersecurity needs to become part of company culture and viewed as a priority. Secureworks’ Ed Martin says security teams need help in improving investigation capabilities and accelerating the ability to respond to discovered threats. He believes businesses today need a solution that will keep staff from being overwhelmed by the number of different security tools to manage and allow those resources to focus on proactive and strategic activities. “The security marketplace is flooded with vendors and solutions. Few of them by themselves really meet the needs of overburdened, under-resourced CISOs and point solutions are often targeted by hackers or other threat actors exploiting gaps in these products. It can be difficult to identify exactly where vulnerability is occurring with many separate tools in play. This is deeply irritating as advanced adversaries and emerging threats continue to increase, while organisations struggle with uncoordinated tools and lack of qualified staff,” he says. The cybersecurity industry is evolving at a phenomenal rate and is accelerating innovation and growth, yet with cybersecurity threats on the increase, more cybercriminals and more complexed infrastructures in our day-to-day lives there’s no time to rest on our laurels. Modern businesses must take a proactive, forward-looking approach to cybersecurity that will help prepare for the unknown as failure to plan for the future could put the whole company at risk. cybermagazine.com
53
BSI CYBERSECURITY
54
August 2021
BSI CYBERSECURITY
ENABLING CYBER-RESILIENCE IN THE ERA OF EMERGING TECHNOLOGY WRITTEN BY: MELISSA KHAN
PRODUCED BY: BEN MALTBY cybermagazine.com
55
BSI CYBERSECURITY
Organisations need to embrace digital transformation to remain ahead. BSI helps clients with digital innovation, governance measures and cyber resilience
W
“ Leadership is an evolution, and while managers are appointed, this doesn’t naturally mean that they are recognised as leaders” MARK BROWN
GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE, BSI
56
August 2021
ith the rise of the internet, one thing that became evident was the simultaneous exposure to an increase in risk. Slowly but surely, organisations looked at enterprise solution providers to protect their networks from hacking, cyber-attacks and data breaches. Now, years later, and with no sign of technology advancements halting, is cybersecurity enough to keep organisations protected and resilient? Mark Brown, Global Managing Director Cybersecurity and Information Resilience, Consulting Services at BSI, talks about cybersecurity in a post COVID world. Mark addresses the imminence of Industry 4.0 and the transition to cyber-resilience as a growing frontier to technology enabling business transformation, rather than inhibiting it being solely focused on negative risk and compliance. A managing director with almost 30 years’ industry experience, Mark has held a number of high-profile leadership positions in cyber-security. Notable places of work include organisations such as Ernst & Young, SABMiller and SunGard. Leading up to his current position in BSI’s Cybersecurity and Information Resilience team, Mark also worked with Wipro as Senior Partner and Global Practice Head, leading the Industry 4.0, Operational Technology (OT) and Internet of Things (IoT) Security practice. Having served in the Armed Forces up until 2005, Mark brings a level of discipline,
BSI CYBERSECURITY
cybermagazine.com
57
BSI CYBERSECURITY
BSI - Enabling cyber-resilience in the era of emerging technology
commitment and fortitude to his role, and this reflects in his leadership style. Mark is a strong mentor and believes in trusted empowerment, adding “Leadership is an evolution, and while managers are appointed, this doesn’t naturally mean that they are recognised as leaders.” He is a strong advocate of the power of coaching. When asked about some of his major influences, Mark says “Family is always a big influence in how you respond in business and you always look up to the success of your direct family. My father worked for the same company his entire life, so I have a blend of influences from my own professional and personal life that leads me to trust the empowerment and openness of management.” To date, Mark believes in having the metaphorical ‘open door’ policy for his people as he finds that being approachable is crucial to productivity, inspiration and retention within the team. 58
August 2021
“ Family is always a big influence in how you respond in business and you always look up to the success of your direct family. My father worked for the same company his entire life, so I have a blend of influences from my own professional and personal life that leads me to trust the empowerment and openness of management” MARK BROWN
GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE, BSI
BSI (British Standards Institution) is at the cornerstone of shaping, sharing and embedding best practice for organisations. The Cybersecurity and Information Resilience division is specifically tasked with
BSI CYBERSECURITY
MARK BROWN TITLE: GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE INDUSTRY: INTERNATIONAL TRADE & DEVELOPMENT LOCATION: ENGLAND Mark is responsible for driving the global growth of BSI’s Cybersecurity and Information Resilience business, with a key focus on strategy and how BSI can help clients manage their cybersecurity and data governance challenges. Mark has more than 30 years of expertise in cybersecurity, data privacy and business resilience consultancy. He has previously held leadership roles at Wipro Ltd., and Ernst & Young (EY), amongst others. He brings a wealth of knowledge and proficiency on the Internet of Things (IoT) and the expanding cybersecurity marketplace having worked for Fortune 10 and Fortune 500 firms as Global CISO/ CIO and CTO.
EXECUTIVE BIO
providing cyber risk advisory and security testing services to clients, looking at areas like data privacy, compliance and governance, as well as niche capabilities such as e-discovery, and e-forensics. In addition to these core services, a large number of new and enhanced services directed at overcoming the threat involved with emerging technologies such as Artificial Intelligence, Machine Learning, 5G, Blockchain, Industrial security are also offered by BSI, including but not limited to OT and IoT security, penetration testing technology arenas such as infrastructure, network ,application, attack simulation and red teaming exercises. With the world moving towards a virtually digital space as a direct consequence of COVID-19, more and more organisations are now looking at transitioning to cloud-based systems. This opens up a significant number of vulnerabilities pertaining to cyber security and governance. Even with this acceleration, the burning question remains – why do organisations need cyber resilience? To explain this in the simplest way possible, Mark draws a direct comparison between traditional IT structures and cloudbased systems. He says “Using traditional routes to manage your own IT would mean you were in control of your own destiny and the advantage of on-premises technology meant it was within your perimeter and within your control. With cloud-based systems, you are no longer in control, and you have to have a trade-off between the benefits of cloud with elasticity and the speed to deployment, the avoidance of capital costs on an ongoing basis, and the move to an evergreen IT, which is an opex cost. However, that trade off comes with the reality that you lose control and somebody else is now looking at managing that environment on your behalf.”
BSI CYBERSECURITY
“ Using traditional routes to manage your own IT would mean you were in control of your own destiny and the advantage of on-premises technology meant it was within your perimeter and within your control. With cloudbased systems, you are no longer in control, and you have to have a trade-off between the benefits of cloud with elasticity and the speed to deployment, the avoidance of capital costs on an ongoing basis, and the move to an evergreen IT, which is an opex cost. However, that trade off comes with the reality that you lose control and somebody else is now looking at managing that environment on your behalf” MARK BROWN
GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE, BSI
According to Mark, BSI is not just an end-of-the-line security service provider, adding “BSI is the business improvement and standards company – whilst standards are a big part of what we do, we also help to create excellence and business improvement within organisations. This means that we have to understand the journey our clients are going on, and we have to be able to be there to assist them on that journey.” Embracing that journey for clients would mean being ahead of these technologies, and one way to ensure that BSI continues to provide ancillary services is through an ecosystem of strategic partnerships. One such partner, McAfee
provides BSI with the expertise to offer a full portfolio of services to their clients. However, this partnership goes beyond business solutions. Mark adds that there is a level of maturity and brand recognition that sharing an ecosystem with McAfee offers. Speaking of their shared synergies, Mark says that BSI and McAfee have employed a joint approach towards this partnership, creating a mutual benefit for both parties. Whether it's introducing accounts to each other or sharing the wealth of knowledge that both organisations have, a joint partnership with McAfee has created many business and thought leadership opportunities for BSI. Having a cloud security strategy is crucial for organisations as it gives them a better understanding of the breadth of cloud
BSI CYBERSECURITY
services and in turn helps them navigate risks and enhance governance, especially those that rushed to Cloud without fully understanding its scope. Mark adds, “Although the cloud is more advanced today, data breaches do still occur. This is often due to a lack of understanding of Cloud architecture and awareness of responsibility
“ BSI is the business improvement and standards company – whilst standards are a big part of what we do, we also help to create excellence and business improvement within organisations. This means that we have to understand the journey our clients are going on, and we have to be able to be there to assist them on that journey” MARK BROWN
GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE, BSI
for securing data.” For organisations to adopt an effective cloud security strategy they need to consider how they will integrate often disparate security solutions. This is necessary to maintain control over a dynamic infrastructure and technology landscape, but more importantly, it needs to strike a balance between security protection and compliance. Central to achieving this balance are two key actions. Firstly, organisations should ensure that they deploy automated discovery of new virtual machines extending the organisational cloud landscape. This first step is necessary to enable the secondary action, i.e. the deployment of consistent security policies across the hybrid cloud environment. However, as more and more organisations move towards a cyber-physical model and increase their dependence on IoT, the risk continues to grow. 62
August 2021
BSI CYBERSECURITY
1901 Company founded
£539.3m Revenue (2020 results)
5,237 Number of employees
cybermagazine.com
63
BSI CYBERSECURITY
ADOPTING A CLOUD-BASED SYSTEM
DID YOU KNOW...
• 17% decrease in Cloud adoption in sectors such as media, due to perceived lack of visibility and control of cloud-based systems
64
• 80% of decision makers blame the fear of vendor lock-in for their Cloud aversion • 75% of IT managers lack confidence in ongoing data protection and privacy in the Cloud Source: bsigroup Insights Cloud Adoption
August 2021
So how long can organisations ignore these cybersecurity risks? Understandably, it is impossible to protect something if you’re not fully aware of what needs to be protected. For this reason, BSI provides clients and partners with the right tools to understand their cloud infrastructure and works in collaboration with them to help mitigate the risks. In recent years, many organisations have increased their cyber security measures to protect their enterprise technology, however that only covers one side of the resilience equation. Is on the rise, and companies now need to also look aggressively at securing their operational technology (OT) – the manufacturing systems and software that control business processes, as well as the production of goods and services. Mark adds “The lifeblood
BSI CYBERSECURITY
Cybersecurity challenges in the 4th Industrial Revolution
of business, OT arguably faces security challenges even more grave than classic enterprise IT. You can't take all the best practices from enterprise IT and simply apply them to that industrial world; they simply won't work.” The advent of 5G wireless and other trends is starting to bring far more digital intelligence into business production processes. As the Internet of Things (IoT) meets legacy OT, an entirely new set of vulnerable targets emerge. Although many organisations are reviewing their practices in light of their pandemic experiences to recommit to digital transformation, these vulnerabilities could have a much greater impact. Mark further adds that when it comes to industrial IT, factors like confidentiality, integrity and availability flip on its head. The two key priorities in
“ Although the cloud is more advanced today, data breaches do still occur. This is often due to a lack of understanding of Cloud architecture and awareness of responsibility for securing data” MARK BROWN
GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE, BSI
cybermagazine.com
65
BSI CYBERSECURITY
INDUSTRY 4.0 • By 2024, the world will no longer be talking about OT because it will all be the Industrial Internet of Things (IIoT)
DID YOU KNOW...
• By 2025 there are expected to be 75 billion IoT devices connected to the Internet, resulting in even greater risks and challenges facing CISOs
66
• Over the past three years, more than 60% of organisations have added industrial security responsibility to the CISOs’ already over-flowing portfolio • 80% of organisations say they are now starting to address OT and IoT cybersecurity. Source: bsigroup Insigvhts Industry 4.0
August 2021
these machine-led environments is safety and availability, therefore much emphasis needs to be laid on ensuring that board level discussions consider these differences between enterprise and industrial IT, and safeguard them with the right security tools. From a strategic perspective, organisations should follow a phased approach – first, identifying the assets of their environment and detecting the risks they pose. Next, determining the response to failure and putting a framework in place for governance and recovery. The final step would be to actually implement that framework in a sustainable, rather than project-focused manner. Mark uses the example of when discussing the impact that IoT will have on the environment. He says that globally, over 50% of people buying new cars consider security as a key purchase decision, putting evidence out there which indicates that placing security into the process provides a continual assurance in the decision-making process.
“ If you wait to simply do testing as a final stage, you may reduce your costs up front but you'll actually increase your costs overall for the project, because the retrofit of security into a project which hasn't had security built in by design can often be as much as 30 to 40% of the total project cost” MARK BROWN
GLOBAL MANAGING DIRECTOR, CYBERSECURITY AND INFORMATION RESILIENCE, BSI
BSI CYBERSECURITY
Digital trust | The route to a safe, secure and cyber resilient organisation
Historically, an often underestimated arm of cyber resilience is testing. Whether it’s an automated vulnerability assessment or a simulated penetration testing, businesses need to employ offensive testing techniques to verify the full impact of
identified vulnerabilities. However, this is not a one-time process. Organisations need to adopt a continued testing model as opposed to point-in-time testing, which doesn’t present a full picture of potential threats. This overall cyber resilience method should ideally run from initial concept to minimal viable product (or MVP) and through internal staging versions before being tested again in the live environment. Best practice aside, this model of testing also has proven benefits. Mark concludes by saying “If you wait to simply do testing as a final stage, you may reduce your costs up front but you'll actually increase your costs overall for the project, because the retrofit of security into a project which hasn't had security built in by design can often be as much as 30 to 40% of the total project cost.”
cybermagazine.com
67
NETWORKS & APPLICATIONS
68
August 2021
NETWORKS & APPLICATIONS
Cyber Security in the built
environment Building management systems have revolutionised the facilities management landscape yet advances in technology mean these systems are increasingly susceptible to attack WRITTEN BY: VIKKI DAVIES
S
mart building management systems (BMS) that leverage the power of the Internet of Things to collect and analyse environmental data are becoming increasingly popular as more and more organisations look to connected technologies to improve the management of their buildings. In fact, a Global Industry Analysis, Trends, Market Size and Forecasts to 2024 report published by Infinium Global Research estimated the global market for BMS will reach up to $154.8 billion, wit a compound annual growth rate of 14.1 per cent by 2025. A BMS is crucial to managing demand for energy in a cost-effective way. By offering remote management of heating, ventilation and air conditioning, a BMS saves maintenance staff having to spend time visiting each building or room to shut down, switch on or adjust temperature levels or air conditioning. It also improves reporting and information management leading to quality, informed decision-making, better cybermagazine.com
69
Help us in the search for the Top 100 Leaders in Technology NOMINATE NOW
A BizClik Media Group Brand
NOMINATE
SHARE
CELEBRATE
Creating Digital Communities
NETWORKS & APPLICATIONS
“ Designers and decision-makers in charge of facilities or smart building systems often consider the risks of cyber security to be irrelevant and non-critical” TERRY EDWARDS
SENIOR VICE PRESIDENT, MARSH COMMERCIAL
performance and a reduction in energy use, thereby saving money. Advances in building technology mean BMS are invariably linked to all manner of other services and the internet. These advancements in technology and the ever-increasing reliance on automation and remote operations is exposing these systems to possible cyber-breaches and full on attacks. Although increasingly experts have started to alert building owners and managers that such systems are vulnerable
to external attack, most BMS are typically not designed with cyber security in mind. According to PwC UK’s Cyber Security Partner, Sean Sutton, building management systems are often deployed by a combined facilities management and IT projects team and where required with additional support from BMS vendors. Depending on the maturity of the organisations' project delivery methodology there may be standard security checkpoints built into the project requirements definition, design, build or validate phases. If this is not the case, the inclusion of security will rest with the experience of the project delivery team and will rely on recognising potential cyber risks and applying appropriate risk mitigation as part of a project Risks, Assumptions, Issues and Dependencies. cybermagazine.com
71
NETWORKS & APPLICATIONS
Kaspersky - Designing Cyber Secured Building Management Systems
“Once a BMS is in production the day to day operations responsibility will nearly always be with a facilities management team, however responsibility for cyber risks can be unclear and often falls between the role and responsibilities of facilities and cyber teams,” Sutton says. According to Terry Edwards, Senior Vice President at insurance broker Marsh Commercial: “Heating, lighting and security in most buildings is generally not being developed with technology designed to be connected into cross-building IT networks. In fact, designers and decision-makers in 72
August 2021
charge of facilities or smart building systems often consider the risks of cybersecurity to be irrelevant and non-critical,” he says. “Equipment failures are not new and these incidents have already been reported hundreds of times and redundancy techniques used by specialists in operational safety are effective methods for managing these risks but they do not cover the risks of cyber attacks,” he adds. Integrating a BMS into your IT infrastructure In a recent global corporate survey by Verdantix, 88% of respondents rated improving
NETWORKS & APPLICATIONS
cyber security for building operational systems as a priority over the next 12 months. In its global real estate asset manager survey, 54% of respondents rated cybersecurity risks as either a very significant or significant source of risk for their clients’ portfolios over the next five years. These studies demonstrate the urgency at which businesses need to consider security when purchasing a BMS. PwC believes facility directors should work alongside IT executives to run vulnerability assessments on internet-connected operational systems such as BMS or HVAC before purchase. When it comes to integrating
a new BMS into an organisation’s infrastructure, Sutton says there are four immediate concerns that need to be addressed. “My biggest concerns are failure to conduct a cyber risk assessment, not engaging with a cyber team for input, the integration of non-IT managed devices and connection to BMS IoT devices via insecure means which could breach the gap between an easy to attack remote device and a corporate network,” he says. It goes without saying that implementing a good BMS cybersecurity solution provides crucial benefits that reduce the risk from the ever-expanding cyber threat landscape. Sutton cybermagazine.com
73
NETWORKS & APPLICATIONS
“ One of my biggest concerns is failure to conduct a cyber risk assessment” SEAN SUTTON
CYBER SECURITY PARTNER, PWC
74
August 2021
NETWORKS & APPLICATIONS
says through deploying these systems in the last 12 months the key things he’s become aware of are connecting BMS to IT networks without appropriate logical separation and control, implementing BMS IoT in a way that introduces unknown vulnerabilities, failing to integrate BMS monitoring into a centralised security operations centre (SOC) and not developing threat use cases that can leverage physical data (e.g. badge entry to the office) with logical data (e.g. a user accessing their device from a remote location). “Threat use cases like this can assist with identifying unusualor improbable behaviours that could indicate a cyber breach,” he says. Edwards says the advantages of Incident Command Technology (ICT), Incident Command Systems (ICS) and BMS installations and for future smart systems are undeniable and nobody would think twice about going back on this system. Using new technology from the conventional IT world means we have to come to terms with the constraints that come with it. “Retroactively dealing with these issues can be costly and complex especially if they have not been factored into protocols at design phase. This is also the case for older assets that were built at a time when cyber security awareness and the ability to transfer and manage these risks was limited,” he says. There is no doubt that BMS have revolutionised the facilities management landscape. Yet with these great benefits also come the dangers in exposing these systems to possible cyber-breachesand full on attacks. With better relationships between teams and security knowledge to deploy the relevant security measures needed, the risk of attacks can be mitigated. cybermagazine.com
75
TXONE NETWORKS
76
August 2021
TXONE NETWORKS
Reduce the threat landscape for your ICS WRITTEN BY: JANET BRICE PRODUCED BY: JAMES RICHARDSON
cybermagazine.com
77
TXONE NETWORKS
“ If you have a profitable manufacturing business, you will be targeted by hackers” Dr. TERENCE LIU
CEO OF TXONE NETWORKS, VICE PRESIDENT OF TREND MICRO
78
August 2021
TXONE NETWORKS
TXOne Networks delivers convenient and reliable cybersecurity for the era of IT-OT convergence
I
f you have a profitable manufacturing business, you will be targeted by hackers.” This is the stark warning given by Dr. Terence Liu, CEO of TXOne Networks and Vice President of Trend Micro. For more than two decades Liu’s single-minded pursuit has been the eradication of cyber risk to industrial control systems (ICS). During a year in which we saw ransomware attacks on both the Colonial Pipeline, which supplies 45% of the US East Coast’s fuel, and JBS Foods, the world’s largest meat supplier, President Joe Biden has released a call to action for large-scale improvements to ICS cybersecurity - a call which has been answered by TXOne Networks. Speaking from his office in Taipei, Taiwan, Liu discusses the importance of adaptive cybersecurity for ICS shop floor protection and shows how this can be achieved from network to endpoints with maximised operational integrity for both legacy and modernised assets. Cybersecurity is the practice of protecting systems, networks, and computer programs from digital attacks in which hackers seek to change or destroy sensitive information, extort money from targets, or disrupt business activities. Hackers are cybermagazine.com
79
TXONE NETWORKS
Approaching Risk: Defending Against the Rapid Rise of OT-Focused Ransomware Attacks
becoming increasingly innovative in their targeted attacks on OT systems, which is why TXOne Networks works with global manufacturing clients from a wide range of specialisations including smart factories, the oil and gas sector, healthcare, and other critical infrastructure sectors to ensure there are no disruptions to critical missions. Mitigation of cyber risks Since their founding in 2019, TXOne has focused on using customised technology to mitigate cyber risk in connected industrial settings. 80
August 2021
“Our solutions are natively designed to fit a manufacturer's needs and special environments. They fit seamlessly into daily operations, becoming part of standard operating procedures. Cybersecurity is fabricated into your daily operation. It's not like an IT security product being put into OT – this is why manufacturers adopt TXOne products on their shop floor and in their plants,” commented Liu. “We listen to the needs of leading manufacturers and critical infrastructure operators to develop the best actionable approach to OT cyber defence. This allows us to create customised technology that
TXONE NETWORKS
Dr. TERENCE LIU TITLE: CEO OF TXONE NETWORKS, VICE PRESIDENT OF TREND MICRO INDUSTRY: CYBERSECURITY
goes beyond traditional security tools to mitigate the complex challenges of securing modern work sites. “Given that ICS environments are layered and composed of a variety of equipment in different operating systems, TXOne Networks offers both network-based and endpoint-based products to secure the OT network and mission-critical devices in a real-time, defence-in-depth manner. “Both IT and OT can have comprehensive visibility of ICS assets, protocols, control commands, risks, and threats. The goal is not only to maximise ICS protection, but also to keep the business and operation running
EXECUTIVE BIO
LOCATION: TAIWAN Dr. Terence Liu is the CEO of TXOne Networks, a subsidiary company of Trend Micro. TXOne Networks brings pragmatic and practical OT cyber defence to the industrial world by integrating Trend Micro’s security technology and Moxa’s ICS hardware and experience. As a vice president of Trend Micro, Liu also leads Trend Micro's Network Threat Defense Technology Group, where he focuses on developing and marketing distributed security solutions across the telecommunication infrastructure by leveraging new-generation telecommunication technologies like Software Defined Networks (SDN) and Network Function Virtualisation (NFV). Prior to this Liu was the CEO of BroadWeb. He defined its DPI licensing business and led profitability for five years in a row. BroadWeb was acquired by Trend Micro in October 2013.
cybermagazine.com
81
TXONE NETWORKS
Smart Factory. Smart Defense. Digital Security for Manufacturing.
Manufacturing is a lucrative target for cybercrime. As a large industry with valuable data and a growing IoT attack surface, your data is of direct value to hackers.
Learn more
TXONE NETWORKS
Securing Critical Infrastructure: Lessons Learned from the Colonial Pipeline Ransomware Attack
even when security is threatened. Hackers will pick the most profitable manufacturer or enterprise to attack. If your business is profitable and successful sooner or later they will come for you. You need to be prepared and protected.” Heightened risk from pandemic According to Liu, the current pandemic has shifted the security landscape considerably and introduced many new risks leaving the door wide open for malicious adversaries.
“ When the hackers get into the system, they have the ability to cause a catastrophe or even cause injury – this makes cybersecurity much more important” Dr. TERENCE LIU CEO OF TXONE NETWORKS, VICE PRESIDENT OF TREND MICRO
“The cybersecurity world has fundamentally changed. Prior to COVID-19, a manufacturer could rely on physical help for the machines on their shop floor. Now, such help is delivered through remote diagnostics which may have to be accessed through the internet. “When you open the door to that technician, you also open the door to hackers – actually, it's the same door. If hackers decide to target your company, they’ll return again and again trying to find a way into your network, and if they’re successful then not long after that the key to your door will be available for sale on the internet. Another group of hackers will leverage that information to get into your system, implant ransomware, exfiltrate sensitive data, and demand money for its return.” “Manufacturers need to think more about the process of creating protection, and how to have a secure way for your vendors or technicians to be able to access your system. That's a challenge for companies who don't have a good defensive strategy in place. cybermagazine.com
83
TXONE NETWORKS
Portable Security™ 3 makes it easy for ICS owners & operators to scan for malware on standalone computers
84
August 2021
TXOne ICS Cybersecurity Deployment Architecture
TXONE NETWORKS
In-depth Data Breach Analysis of Critical Infrastructure in the Asia Pacific Region
“Since the pandemic, manufacturers need to think about how they’re making their systems more automated. As new technology makes factories more automated, we don't need as many technicians or employees on site – but that automation also makes cyber attacks easier to conduct. Added convenience and control for personnel is turned into added convenience and control by intruders. When the hackers get into the system, they have the ability to cause a catastrophe or even cause injury – this makes cybersecurity much more important.” Research into cyber threats is crucial to educating the public and strengthening the defensive tools that help combat threat actors and attacks. TXOne Networks is supported by R&D and security research teams based in their US and Taiwan offices, as well as business development managers and subject matter experts working all over the world.
Three TXOne Network solutions for ICS environments: 1. Endpoint protection Modern work sites usually need to accommodate legacy endpoints in their operational environment, which must be able to interconnect and work with their different assets. “Traditional antivirus is not designed for the ICS environment – constant virus signature updates depend on an internet connection while intrusive file scans take up a lot of processing power and can easily interfere with operations,” comments Liu. “ICS endpoint protection requires a different spectrum of consideration. Security must never jeopardise routine operation, slow down computation, or delay decisions made in the factory production process.” TXOne Networks offers adaptive, allterrain ICS cybersecurity solutions in the cybermagazine.com
85
TXONE NETWORKS
Reduce the threat landscape for your ICS
form of different endpoint suites that secure both legacy systems and modern devices in a variety of work site environments, customized with input from leading specialists in each vertical. 2. Network defence Cyber attacks can spread through an OT network lightning-fast, creating a catastrophe with a price tag numbering into the millions of dollars. Unpatched and legacy assets are usually essential to operations, and they require specialised protection that safeguards and maintains productivity. “TXOne Networks’ adaptive ICS cybersecurity solutions are specifically designed to create 86
August 2021
a safe, reliable work environment even for the most sensitive or essential technologies, keeping the operation running,” said Liu. “Virtual patching shields unpatchable or legacy devices and network segmentation mitigates risk by making the network fundamentally more defensible while advanced ICS protocol-based trust list profiling gives granular, highly-detailed control over assets. These have been worked into industrial-grade ISIPS (Internal Segmentation IPS) appliances purpose-built for any business intention.” 3. Security inspection Continuity of security inspections is integral to a modern work site defense plan. “Without
TXONE NETWORKS
routine security inspections personnel, process, and technology are all vulnerable,” comments Liu. “The correct solution for scanning and clean-up streamlines the necessities: supply chain security auditing, inspection of all devices that visitors bring on-site, and checkups for air-gapped assets. “TXOne Networks’ Trend Micro Portable Security 3 offers a USB form-factor easy for non-experts to use, with LED lights that show the inspection result after scanning Windows or Linux devices. To eliminate the shadow OT, asset information will be collected during every scan and sent to the central management console where it’s easily reviewed and archived. This installation-free device’s portability and
user-friendliness is tailored to the fast-moving needs of ICS environments and fits in the palm of your hand.” Partnership with ATOS TXOne Networks began as a joint venture by “cyber giant” Trend Micro, which has more than 30 years of experience in cyber defence, and Moxa, who provide industrial networking products. “Having Trend Micro and Moxa on board allows us to leverage their technology and knowledge so that we can create ideal solutions for operational environments,” said Dr. Liu. Commenting on their partnership with ATOS, Liu said: “Our host, ATOS, has a cybermagazine.com
87
TXONE NETWORKS
QUICK FIRE QUESTIONS: Dr. Terence Liu, CEO of TXOne Networks, Vice President of Trend Micro Why should a smart factory adopt TXOne Networks solutions? “Manufacturers should adopt TXOne Networks solutions because we offer native cybersecurity technologies developed for manufacturers and critical infrastructure operators to make sure they can be seamlessly integrated into your operation.” What do you consider to be the biggest cybersecurity threats in 2021/22? “Targeted ransomware and double extortion are two of the biggest security threats right now, and potentially devastating supply chain attacks will be one of the main attack methods during the next two years.” What is the biggest mistake a company makes when looking at cybersecurity? “A company should be able to segment their infrastructure into small networks, have streamlined routine inspections, and make sure their east-west traffic is clean.” What technology are you most excited about in the future when it comes to enhancing cybersecurity? “ Artificial Intelligence and machine learning will be significant technologies for creating more manageable workflows and reducing alert fatigue in SOCs (Security Operation Centres). We also expect increased accuracy from XDR (Extended Detection and Response) platforms to ensure early breach detection and that the ideal response is chosen.”
88
August 2021
TXONE NETWORKS
“Our solutions are natively designed to fit a manufacturer's needs and a spatial environment. They can seamlessly fit into the operation and become the standard procedure” Dr. TERENCE LIU
CEO OF TXONE NETWORKS, VICE PRESIDENT OF TREND MICRO
fantastic relationship with Trend Micro. “We work closely with ATOS, who have partnered with us to make our products available in Europe.” Competitive edge “I think TXOne Networks is in a very unique situation,” said Liu. “When companies began trying to do industrial cybersecurity, they started from providing asset management, because if you founded a cybersecurity company for OT 10 years ago people didn’t have the anxiety that they do now – they just wanted visibility. “TXOne Networks was founded in 2019 at the right time, when the spotlight was shining on OT. Cybersecurity has three stages – you find, you identify, and then you protect. We’ve focused on providing streamlined, ICS-tailored protection to our customers,” said Liu, who admitted that while the pandemic may have slowed the
pace of development for some start-ups it had set off a significant increase in the need for OT cybersecurity. “Our competitive advantage is that our solutions are natively designed for the world of OT and the ability to work with a full modern control system – our competition takes their IT-based product, puts it into ruggedized hardware and calls it OT security, but to us there is a huge difference. OT stakeholders need solutions specially adapted to their environments and daily work. This is especially true for the different OT verticals, which often have different mission-critical needs. Our ability to adapt to the potentially fragmented OT environment and provide OT-native cybersecurity products is our main difference,” said Liu.
cybermagazine.com
89
DIGITAL ECOSYSTEM
With new cyber security attack methods on the rise, we talk to software company VMware Security Business Unit about how to fight back in 2021 WRITTEN BY: VIKKI DAVIES
FIGHTING
BACK 90
August 2021
DIGITAL ECOSYSTEM
U
ndoubtedly 2020 was a defining year for cybersecurity. The pandemic did more than broaden the attack surface, it provided the time, capital, and opportunity for cybercrime to industrialise. According to VMware’s 2021 Global Cybersecurity Outlook data, ransomware attacks are getting increasingly sophisticated. In the survey of IR, cybersecurity, and IT professionals (including CTOs, CIOs and CISOs) from around the world, nearly 40% of respondents said double-extortion ransomware was the most observed new
ransomware attack technique in 2020. The survey found attackers are leveraging a number of counter IR techniques, including security tool disablement (33%); Denial of Service attacks, Security tool bypass and Destruction of logs. Greg Foss, Senior Cybersecurity Strategist, VMware Security Business Unit, says: “Since 2019, we’ve seen e-crime shift from covert shadow groups into these pseudo-legitimate businesses, replete with customer service channels, clear business sites and increasingly sophisticated attack methods.” Greg’s colleague, Rick McElroy, cybermagazine.com
91
Get reliable network coverage and security protection, fast. A modern network must be able to respond easily, quickly and flexibly to the growing needs of today’s digital business. Must provide visibility & control of applications, users and devices on and off the network and Intelligently direct traffic across the WAN. Be scalable and automate the process to provide new innovative services. Support IoT devices and utilize state-of-the-art technologies such as real-time analytics, ML and AI. And all these must be provided with maximum security and minimum cost. This is the power that brings the integration of two cloud managed platforms, Cisco Meraki and Cisco Umbrella. This integration is binding together the best of breed in cloud-managed networking and Security.
cisco.com
cisco
CiscoSecure
CiscoSecure
DIGITAL ECOSYSTEM
“ CYBER SECURITY IS ADAPTING TO CHANGING CONDITIONS. THE OLD SCHOOL MENTALITY IS GONE” RICK MCELROY
PRINCIPAL CYBERSECURITY STRATEGIST, VMWARE SECURITY BUSINESS UNIT
Principal Cybersecurity Strategist at VMware Security Business Unit, adds: “Cybersecurity is adapting to changing conditions. The old school mentality is gone. Security teams realise they must change their architectures, adopt a cloud-first mindset, and work together to meet today’s challenges. The path they’re charting is a good one.” Security teams now know it's not a matter of if they'll get attacked, but when and have adopted a proactive mindset. Eighty one per cent of organisations surveyed, reported having a threat hunting programme in place. With new attack methods on the rise, they have been forced to shift their mindset and rethink their approach to security across applications, clouds, and devices. “Organisations recognise security tools won’t tell them everything,” Greg explains. “You need human beings to manually go through the information being collected to proactively look for clues and anomalies.” The past year has served as a security wake-up call for organisations in both the public and private sectors. As the threat landscape evolves, Greg and his team believe there are four best practices for CISOs and security teams looking to fight back in 2021.
Workload Security To defend against cloud jacking, organisations using private and public clouds need to focus on protection, not only at the endpoint level but across workloads, according to VMware. Cloud workload security is particularly complex, as workloads pass through multiple vendors and hosts, thus the responsibility for protecting them must be shared and prioritised. With the proliferation of apps and data, organisations must ensure they are protecting them wherever they are. “As we navigate a cloud-first world, security for the cloud that extends across workloads and Kubernetes protection will be critical for all organisations,” says Greg. “We’re seeing an increase in malicious actors targeting workloads because it is harder for organisations to monitor them,” he adds. Workloads are getting hit by adware and cryptominers as adversaries are focused cybermagazine.com
93
DIGITAL ECOSYSTEM
on profit because workloads are temporary services, making it easier to take advantage of these services quickly. With this approach, adversaries are able to break out of the sandbox setting within the workload, and actually target the servers and encrypt virtual machines that are held within. With this in mind, organisations need to look at both the host and the workload to ensure both are protected. With the distributed workforce and rapid move to the cloud, this type of attack has become more attractive than ever to the adversary. Identity Management and Continual Authentication Identity management is key, according to Greg and his team. Security teams today should have the mindset that attacks 94
August 2021
do not have a discrete beginning or end, rather, adversaries are continually accruing intelligence and harvesting data about the organisation suppliers and customers that they leverage in attack or profit from. Greg believes security teams must be able to track identities as they move throughout systems and workloads. This requires visibility into a lateral movement beyond PowerShell, as well as the integration of network detection response and endpoint detection response capabilities. Threat Hunting Greg says we should assume attackers have multiple avenues into our organisation. Given the nature of C2 on a sleep cycle, steganography, and other methods, adversaries can maintain clandestine
DIGITAL ECOSYSTEM
eliminating the bad actor. “Many organisations today are realising that threat hunting is an integral part of any security programme. It’s about understanding that a proactive approach is required alongside the contextual insights. Security teams are combing through massive amounts of data and are able to understand the context behind the attacks and trends they’re seeing in the data. Purple teaming is also becoming a more common approach to test threat hunting capabilities and identify gaps in visibility to prevent future vulnerabilities,” he says.
persistence in our systems. Threat hunting on all devices can help security teams detect behavioural anomalies. Once identified, organisations can then reimage devices,
“ WE’RE SEEING AN INCREASE IN MALICIOUS ACTORS TARGETING WORKLOADS BECAUSE IT IS HARDER FOR ORGANISATIONS TO MONITOR THEM” RICK MCELROY
PRINCIPAL CYBERSECURITY STRATEGIST, VMWARE SECURITY BUSINESS UNIT
Maturing Detection Finally, VMware says organisations should be constantly evaluating the effectiveness of their security posture. Doing so requires the vigilance of system users, the right tools, and platforms as well as qualified cybersecurity professionals to ensure their infrastructure is resilient and protected from ongoing threats and attacks. “Organisations need to understand how the larger cybercrime ecosystem plays into the attacks that they are most likely to be confronted with,” says Greg. While the focus has long been on “advanced nation-state adversaries,” the reality is that cybercrime groups are just as capable, if not more so in many cases. “These capabilities, combined with financial fallout from the pandemic and an ever-burgeoning cybercrime ecosystem, in which stolen data, exploitation and access as a service and more are traded at an incredible rate, result in a significant likelihood of catastrophic impact,” he concludes. As CISOs and security leaders navigate the evolving threat landscape in 2021 and beyond, it could be time to rethink security strategies and take the necessary steps to put the power back in the hands of defenders. cybermagazine.com
95
THE JUDGE GROUP
96
August 2021
THE JUDGE GROUP
Hiring Expert Talent – Post COVID and Beyond PRODUCED BY: TOM VENTURO
WRITTEN BY: JOANNA ENGLAND
cybermagazine.com
97
THE JUDGE GROUP
98
August 2021
THE JUDGE GROUP
Using the latest technology, the so-called “war for talent,” is taking on a whole new meaning post-Covid
T
he past 18 months have not only transformed the way companies operate and do business, but it has shifted the way companies hire top tier talent. These days, onboarding is likely to be virtual, and hiring an expert in their field can happen regardless of borders and oceans between employee and employer. It's a changing world, says Chris Flatley, Director of Technology Solutions for The Judge Group - a North American based consulting, learning, staffing, and search company. The digital workplace has shifted so quickly over the last 12 months that any company not willing to invest in technologies to help their team grow and develop will undoubtedly be left behind. Before Flatley joined The Judge Group, which uses next-generation solutions to determine the best outcomes for its clients, he was firmly embedded in the technology industry. With a 15-year career in IT, his work is now based on using the latest innovations in virtual systems to provide business solutions across all verticals, including financial services, healthcare, life sciences, technology, and others. Flatley is proud of the group’s achievements and describes his role in the current climate as “incredibly exciting times in the technology industry, with the opportunity to grow new and existing relationships, drive impactful engagements and scale software development teams across the US.” “We provide business solutions across all verticals and hold ourselves to the highest cybermagazine.com
99
THE JUDGE GROUP
Hiring Expert Talent – Post COVID and Beyond
standards and operate with integrity, professionalism, and trust, by hiring some of the most ethical and knowledgeable people in the industry,” he says. Pandemic and virtual onboarding Competition for expertise has transformed almost as much as hiring methods over the pandemic period, explains Flatley who says technology is now an integral part of the HR and Recruitment industry. “I've learned that technology is transforming the way businesses and people interact. And my experiences over the last 15 years have led me to this place where post-COVID, the war for talent is at an all-time high.” “It's exciting to be a part of the shifting business environments, and the everchanging technologies that drive enterprise solutions, as we move forward in the postCOVID era of business” But it’s the so-called war on talent that has seen one of the biggest changes, points 100
August 2021
out Flatley, who says the sector has taken on a whole new meaning. Talent management has undergone a massive overhaul, accelerated by the COVID-19 pandemic. Working environments, business priorities, and new technologies have been adopted with massive urgency. Virtual recruiting and onboarding is now the new normal – and my team and I have helped companies realise their potential when it comes to hiring new talent. “It’s here to stay,” he says with confidence. Instead of being a stop-gap that has propelled companies through a difficult period, Flatley believes such processes have opened up a whole new set of possibilities. “Virtual recruiting in 2020 helped organisations streamline recruiting processes, improve diversity hiring, and hire a more diverse set of talent by reaching across geographic barriers,” Flatley explains. Three major changes that he’s seen since COVID are:
THE JUDGE GROUP
CHRIS FLATLEY TITLE: DIRECTOR OF TECHNOLOGY COMPANY: THE JUDGE GROUP INDUSTRY: TECHNOLOGY SERVICES LOCATION: AUSTIN, TX
“ We are enabling people and resources to be put in a position with tier one worldclass organisations to build the future of technology”
Chris Flatley is the Director of Technology Solutions for The Judge Group responsible for growth strategies, sales, and recruitment delivery. In this capacity, Mr. Flatley is responsible for leadership of sales professionals & technical recruiters and is credited with helping organizations solve technical & talent challenges. His career has been dedicated to building high performing teams and longterm partnerships to achieve customer success. Chris has been involved with First Tee as an adult mentor for at-risk children. He is a proud graduate of Indiana University.
cybermagazine.com
101
The scheduling platform for business Thousands of global brands already use Cronofy’s secure scheduling technology DISCOVER MORE
JOIN US ONLINE: /CRONOFY
THE JUDGE GROUP
1 | “ First, the use of video platforms have helped organisations connect with prospects remotely, record interviews for feedback, and allow other team members to watch and assess skills and personality traits. The use of video platforms has changed the way companies hire talent. 2 | “ Secondly, companies are recruiting with flexibility. In a recent study, 85% of businesses said that productivity actually increased their workplace due to more flexibility. Offering that flexibility as a job
perk, like allowing employees to work in a hybrid work environment, can help you gain an advantage versus businesses offering positions that do not include that same level of flexibility.” 3 | “ The third aspect would be hiring outside of your target market for transferable skills. Employers will need to look for innate skills that they believe will help prospective employees easily adapt to the responsibilities of the job, otherwise known as, transferable skills, says Flatley” cybermagazine.com
103
THE JUDGE GROUP
“ Recruiting has allowed me and my team to put people in positions to succeed” CHRIS FLATLEY
DIRECTOR OF TECHNOLOGY, THE JUDGE GROUP
Diverse hiring through technology But these processes are not the only things to have evolved since 2020 dealt the world of business what seemed at the time like a near-fatal blow. The whole culture of hiring has shifted, with thought leaders now re-evaluating the traits they thought would be essential before COVID-19. Flatley refers to the transferable skills part of recruitment, explaining, “These skills can include things like dependability, problem 104
August 2021
solving, adaptability, and leadership. And the last would be challenging the bias. I often hear leaders say it's harder to assess candidates for culture fit over Zoom or WebEx than it is in person. “However, I'd urge managers to ditch that idea of a culture fit altogether. Fit implies sameness. It suggests you're looking for someone who acts and thinks like you.” Flatley says the Judge Group takes a different stance, and that is part of the
THE JUDGE GROUP
HIRING IN A POST-PANDEMIC WORLD
1970
Year Founded
850
Full Time Employees
5000 Contracted Employees
$500M Revenue USD
reason why it's so successful at matching expertise with the right positions. “We look for people who are culture adds, candidates who can make organisations better by bringing new perspectives to the table. “When you reframe it that way, interviewing becomes more about potential than personality. And in a video interview setting that is now virtual, small talk and rapport building are less organic, and that shift is critical.”
The job market post COVID has changed the way companies hire talent and it’s here to stay. Flatley describes it as “the biggest change in business since the birth of modern capitalism.” He also states three challenges employers face when recruiting in such an environment. • Retention: This has become very difficult because companies hire from their competitors and vice versa. They have to keep replacing people who leave and therefore, must be good at hiring across all skill levels because the candidates they need are doing the job somewhere else. Companies need to focus on retaining the best employees they have by providing a flexible work schedule, giving them opportunities to be challenged, promoting their employees and empowering them to take on new challenges. • The hiring process: Employers tend to be too obsessed with new technologies and driving down costs and therefore largely ignore the ultimate goal, namely, making the best possible hire and doing it as quickly as possible. The best companies hire quickly with a consistent process and do not drag out the process. • External candidates: Openings are now filled more often by external candidates than from promoting from within. If companies focused on resources they had by promoting from within, it would reduce their burden on trying to find external resources at a rapid pace. The most successful companies promote from within and fill in the gaps with outside resources.
cybermagazine.com
105
THE JUDGE GROUP
“The COVID-19 job market is unlike anything else we've ever seen since the birth of modern capitalism” CHRIS FLATLEY
DIRECTOR OF TECHNOLOGY, THE JUDGE GROUP
Diversity in recruitment Making sure a company is also adhering to diversity standards is another aspect of the job. This requires a greater level of commitment and complexity for the recruitment sector. Referencing a study by McKinsey and Co., Flatley points out that companies with greater racial and gender diversity were 35% more likely to have financial returns higher than their respective industry mediums on a national basis. He says, “Every single organisation we work with has made a significant investment to increase their DE&I within their organisation. And this year, 70% of job seekers said they wanted to work for a 106
August 2021
company that demonstrates a commitment to diversity and inclusion. So, it's becoming a massive shift in the current workforce and landscape of hiring and talent acquisition.” From the ‘people perspective’ side of the business, the agenda has also shifted, with teams working towards a culture of shared values. Flatley says this is happening on a global scale as agility and resilience become prized commodities. “High-performing teams start with a culture of shared values,” he says. “Hiring and onboarding have become essentially a remote activity. Since March of 2020, the world economic forum called for a global re-skilling revolution, and firms are now requiring different skills of their workforce,
THE JUDGE GROUP
including resiliency, adaptability, digital, and interpersonal skills that were not as relevant as they are today. “The reward for such efforts would be a more resilient, more talented, and betterpaid workforce, and a more robust and equitable society.” Harnessing technology in the recruitment space So, with digital transformation being key to the future success of all enterprises, how has The Judge Group managed to stay ahead of the curve? The Judge Group continues to move the needle in replacing manual processes with digital processes, explains Flatley, by
replacing older technology with newer technology. He says the digital workplace has shifted so quickly over the last 12 months that any company not willing to invest in new technologies to help their team grow and develop will undoubtedly be left behind. Managing a hybrid workforce has also become the new normal, and is a permanent fixture, he says. “It's here to stay whether we want it to or not. What COVID-19 has taught us is that the workforce can be trusted. People can continue to build and create amazing products, drive results, and accomplish goals without being in the office. “I believe going forward, we’ll see a massive shift in our workforce. Companies will allow employees to work in a hybrid work environment. A recent study said that 30% of employees would not return to their previous employer if they didn't allow a remote hybrid work environment.” He continues, “The Judge Group has done a phenomenal job adopting new technologies to enable our workforce to be successful. We recently partnered with a company called Cronofy, which allows us to book meetings without trading a bunch of emails back and forth.” Strategic partners Flatley describes Cronofy as a scheduling tool composed of embedded components, built into Outlook, and other applications to allow for ease of scheduling. Whether it's meeting with decision-makers or confirming candidates, their platform has reduced the number of emails it takes to schedule critical meetings. “The Judge Group takes privacy and security of our data extremely seriously, and Cronofy has helped us achieve greater results with their scheduling platform,” he says. cybermagazine.com
107
THE JUDGE GROUP
The technology streamlines the processes The Judge Group uses to manage its schedule. This has proven invaluable considering the level of transformation that has taken place across several key areas. According to Flatley, three primary sectors that have seen the greatest level of business transformation, includes healthcare, finance, and technology. These industries have had a significant amount of growth since the pandemic. And these are three industries that will continue to be staples of our economy for decades to come. Leadership and strategy The recruitment space is also one he’s grown to love because it opens up the opportunity to help talented people find the best role for their skillset and align their values to organisations they believe in. “Recruiting has allowed me and my team to put people in positions to succeed. We've allowed them to have doors opened up for opportunities that they may never have had before. And, at the end of the day, we're changing lives. He continues, “We are enabling people and resources to be put in a position with world-class organisations to build the future of technology. That is what I'm passionate about. Helping others, driving results, and engaging with clients and consultants alike to maximise their potential by leveraging technology.” Flatley says the issue of leadership is also more essential than ever before due to the digital transformation and the changes the pandemic has brought upon businesses. He explains that The Judge Group has four cornerstones of success by which it operates, namely, Attitude, Personal Accountability, Perseverance, and Habit. “As a leader within The Judge Group, leading by example and 108
August 2021
“ If firms focused on resources they had by promoting from within, it would reduce their burden on trying to find resources at a rapid pace” CHRIS FLATLEY
DIRECTOR OF TECHNOLOGY, THE JUDGE GROUP
THE JUDGE GROUP
becoming a master of communication in the new virtual world we live in are two of the biggest influences on myself,” he says. He also enjoys the opportunity to develop the desires and confidence in each team member. “This process starts with putting the right people in the right positions, coaching and empowering others to excel at their strengths, and supporting them in exceeding their expectations while contributing to the team's overall success. “It’s fulfilling and satisfying to achieve this level of success,” he says. Growth for the Judge Group With the face of recruitment changing so rapidly, how does that affect The Judge Group’s ability to plan its future strategies? Flatley believes the company has it all in hand and because it uses state-of-the-art technology to manage its services, solutions will continue to be provided and innovated. “We’ll continue to deliver phenomenal results for our clients and consultants alike,” he says. “Through our Professional Services offering, Judge Learning Solutions, and Judge Technical Services, we will continue to help companies act with speed, certainty, and confidence when facing complex business challenges.” He concludes, “Our solutions include business insights and outcome-based solutions around all aspects of technology, like project management, application development, digital strategy, and execution. Utilising top technology professionals in their respective fields, we will continue to build unique solutions for clients across the US and around the globe.”
cybermagazine.com
109
TECHNOLOGY & AI
The positive effects of on cyber security
AI
110
August 2021
TECHNOLOGY & AI
Artificial Intelligence is helping businesses withstand attacks on a daily basis. We speak to on modelling user behaviour and data interaction to detect malevolent activity WRITTEN BY: VIKKI DAVIES
A Audra Simons, Director of Researching and Engineering Forcepoint
rtificial intelligence (AI) and machine learning (ML) are playing an increasing role in cybersecurity in 2021. One of the key reasons is their ability to accurately automate some of the more mundane tasks of cybersecurity like assessing alerts and removing the false positive noise that analysts would otherwise have to do manually. American multinational corporation software company, Forcepoint, uses analytics to address two main challenges in cybersecurity. Firstly, AI automates and assists in task completion such as Security Operations Centre (SOC) triaging tasks. SOC analysts receive potentially hundreds to millions of alerts from multiple security systems. Analysts must wade through this flood of alerts and determine which are false alerts and which are actually alerts of interest that merit more investigation. The initial triage can be automated today with analytics. Using automated analytics as the ‘level 1’ analyst to cut out the false positives saves on the cost of the human analyst and makes alert responses more efficient as humans are only focusing on the alerts of interest. Secondly, analytics can also help crunch numbers in scenarios where there is a significant amount of data and an application of large-scale analytics is required. This is no simple task, as each scenario must be approached differently and it becomes tricky in terms of cybermagazine.com
111
ACCESS THE WORLD’S LEADING
TECHNOLOGY COMMUNITY
September 14th - 16th SPONSORSHIP OPPORTUNITIES AVAILABLE
CONTACT US NOW
BRAND AWARENESS | THOUGHT LEADERSHIP | NETWORKING | LEAD GENERATION
A BizClik Media Group Brand
Creating Digital Communities
81%
TECHNOLOGY & AI
of surveyed executives say that AI allows their organisation to respond faster to breaches
“ It's critical to take the right steps to keep people protected without sacrificing productivity” AUDRA SIMONS
DIRECTOR OF RESEARCH AND ENGINEERING FORCEPOINT
what kind of AI analytical models will work well for each specific use case. Forcepoint’s, Director of Research and Engineering, Audra Simons, says the key lies in having a sizeable relevant, unbiased data set for training and testing then you can apply multiple machine learning or statistical approaches to work out which method delivers the most accurate results for the scenario. “Some examples of where this application of methods is showing
success in cybersecurity today are in the processing and categorisation of websites, identification of compromised websites and classification of binaries into malware and benign ware,” she says. Ease The Burden Through Automation The support which analytics bring, through automation, of threat detection and response can ease the burden on employees and potentially help identify and classify threats more efficiently than other software-driven approaches. Additionally, it can be used to analyse large amounts of data for patterns and critical insights. Simons says: “For example, binary classification of malware and benign ware has immensely benefited from deep learning. AI, as a cognitive prosthesis, does not make decisions for the user but enables them to make better decisions, such as through the use cybermagazine.com
113
TECHNOLOGY & AI
of visualisation. The point of analytics is about augmenting and assisting the human analyst, not replacing them; giving them shortcuts and tools to help them wade through large amounts of data, and investigations to monitor and fight threats to an organisation's IT infrastructure and to assess security systems and measures for weaknesses and possible improvements.” Build On Strong Data Data analysis uses algorithms to continuously improve itself over time, to make them accurate quality data is necessary to help these models operate efficiently. It needs a substantial amount of applicable labelled data, which is large enough to provide both model training and
test data and to keep models accurate they need to be continually trained.Simons says: “Unfortunately, most security problems out there do not come along with that type of data, they are needle in a haystack exceptions to normality. “What we need to bear in mind is that AI analytics is not the answer to all of our security problems and it needs relevant unbiased data in order to be effective, using a variety of numerical, categorical, time series, and text data,” she adds. Understanding Behaviour Forcepoint models users, their behaviours and data interaction as a baseline to detect data exfiltration and malevolent activities. The business uses a range of experts, including
AI & ML: Identifying Risk with Behavior Analytics
114
August 2021
TECHNOLOGY & AI
“ At the end of the day, AI analytics is just another computer programme with its own vulnerabilities” AUDRA SIMONS
DIRECTOR OF RESEARCH AND ENGINEERING FORCEPOINT
cybermagazine.com
115
TECHNOLOGY & AI
116
August 2021
TECHNOLOGY & AI
75%
of surveyed executives say that AI allows their organisation to respond faster to breaches
69%
of organisations think AI is necessary to respond to cyberattacks
3 out of 5
firms say that using AI improves the accuracy and efficiency of cyber analysts
experimental psychologists to model and study human behaviour and how it manifests within socio-technical models which combine human behaviour with computer systems and applications. “In cybersecurity, we are actively engaged in a cat and mouse game with the attackers. They come up with a new attack, we respond. They work around our response, we build better detections and protections,” says Simons. “At the end of the day, AI analytics is just another computer programme with its own vulnerabilities. Understanding human behaviours and differences in an employee’s intent behind any supposed suspicious activity is crucial, whether it’s accidental, compromised or malicious. AI analytics solutions can help determine the context and intent of a particular user’s actions, like downloading large volumes of data, or logging on from multiple remote locations in a short period of time. Understanding what is normal behaviour and what is not can help to protect those who have had their accounts compromised and shed a light on any accidental breaches,” she adds. With people and data now operating outside the traditional business boundaries and the mass global adoption of remote working, application of these kinds of solutions is becoming more important than ever. “It’s critical to take the right steps to keep people protected without sacrificing productivity,” says Simons. “If we really understand user behaviour through the judicious usage of AI analytics, we can help our security analysts spot the truly risky behaviours amongst the noise of false positive alerts and develop security models that continually evaluate and react to changes in risk, protecting organisations, their users and data,” she adds. cybermagazine.com
117
TERANET
CYBERSECURITY AND ZERO TRUST SOLUTIONS IN AN AGILE WORLD WRITTEN BY: JOANNA ENGLAND
118
August 2021
PRODUCED BY: TOM VENTURO
TERANET
cybermagazine.com
119
TERANET
Creating a secure IT network that enables remote workers to operate with confidence is essential, says Brenda McCulloch, CISO of Teranet
I
“
have enjoyed working from home,” says Brenda McCulloch, Chief Information Security Officer (CISO) at Teranet, as we chat over Zoom on a Friday afternoon. “I’ve discovered lots of local walking routes that I didn’t know existed before the pandemic. I’ve even taken up skiing something I wouldn’t have considered before.” The world has changed, she acknowledges, and some of it has been for the better. Although, her area of expertise - highlevel cybersecurity, has definitely faced its challenges of late. The pandemic and the resulting increased digitisation of companies have unleashed a tidal wave of malware and ransomware cyberattacks across all industries globally. Companies that hold sensitive information have been especially vulnerable to attack. And for many, 2020 resulted in the worst hacking and breach incidents on record. McCulloch is responsible for the cyber fortification at Teranet, Canada's leader in the delivery and transformation of registry solutions, data and analytics, and platform modernization. As a provider of extensive expertise in land and commercial registries, data - the protection of it, is paramount to its success. But her 20-year career in the IT industry now stands her in good stead, and she believes an organized team, careful prep work, and properly allocated expertise and resources are the keys to making sure companies maintain their security correctly in these challenging times.
120
August 2021
Brenda McCulloch CISO, Teranet
TERANET
cybermagazine.com
121
TERANET
Teranet - Cybersecurity Best Practices
“It’s always about balance,” she says, with a hint of zen. “Ultimately, it’s risk versus reward. What you want to achieve out of a security programme and what you want to invest, versus what kind of exposures and risks that organization faces. As a self-confessed computer nerd, McCulloch has been immersed in the industry since an IT module caught her attention at university. Following a 16-month internship at IBM, where she says she learned “an immense amount”, her love for the IT industry was cemented, and McCulloch enjoyed a number of high-flying roles. “My past roles include positions where I was internally facing and externally facing, so I have consulting experience as well as building an in-house security practice from scratch. “From those two experiences and perspectives, I have built a very balanced view of different ways to deliver a security protocol to different companies. 122
August 2021
“So, I bring that balanced view to Teranet, and I work in tandem very closely with the executives on that. Corporate cybersecurity post-pandemic McCulloch has the onerous task of making sure Teranet utilises cutting-edge technology to maintain its robust and agile architecture against cyber threats - a challenge that she relishes. As part of her role, she has built a security practice programme and team and also works on Teranet’s identity and access management multi-factor programme. She also oversees the security posture enhancing initiatives including the zero trust model development. “The past 12 months have been an eyeopener for companies globally in terms of cyber awareness and breaches. Although, we keep saying this annually, to be honest with you,” she says.
TERANET
“ Richter helped us identify where we sat, as well as where we needed to go”
BRENDA MCCULLOCH TITLE: CISO INDUSTRY: INFORMATION TECHNOLOGY & SERVICES LOCATION: CANADA
BRENDA MCCULLOCH CISO, TERANET
Digital transformation The rush towards digital transformation has been instrumental, McCulloch says, in opening up companies to cyberattacks, whole populations have shifted to online operations, and that is causing a massive vulnerability. “Last year, there were more vulnerabilities reported than in any other year,” she says. “People are online more than ever before, and there are so many more digitized services. Even our kids are online. Literally, everyone is online. That inherently will have risks associated with it.
EXECUTIVE BIO
“But I agree that cyberattacks do continuously get more sophisticated and advanced. Teranet understands that, and in order to stay current, we have to continuously invest in our security and that our practise can't stagnate.” Ultimately, it's not the high flying glamorous side of being a tech genius that’s going to prevent a company from data haemorrhaging in an attack, says McCulloch, but the meat and potatoes of the job. “We know that security hygiene, as well as operations, are not exciting. But they are very important. Because of competing new initiatives, we know that we have to inject additional resources to support them and not rely on repurposing existing resources that are dedicated to the hygiene of the operational activity.”
Brenda McCulloch is a proven security professional with over 20 years of experience and is the CISO of Teranet. Under her thoughtful leadership, Teranet has undergone an ambitious modernization of its security program. In a short period of time, she expanded Teranet’s security practice and capabilities, led critical security initiatives and programs to fruition, and effectively led the integration of new solutions and processes. Brenda has a demonstrable track record in delivering forward thinking security strategy and programs in her previous roles as the Director of Information Security at IIROC and Senior Manager at Deloitte. Brenda is an alumni of the University of Toronto and holds various leadership and security certifications.
TERANET
Next LeveL threat risk assessmeNt: Richter’s Holistic Approach LeARN moRe AbouT ouR hoLisTic AppRoAch.
Challenge
ADVERT PAGE GOLD
For business owners, leaders and executives, understanding the impact of cyber risks to their organizations can be a challenge. Highly technical security reports often do not provide a risk-oriented, universal view inclusive of financial and business impacts and make it difficult to understand the full scope of the threats to an organization. Business leaders need a holistic view of their cyber risk through a threat risk assessment (TRA) that considers governance, culture, threat profile and risk appetite.
Key Benefits •
Risk scenarios provide a bridge between technical controls and business operations with qualitative and quantitative measurements that are understandable and actionable.
•
Practical recommendations are scaled to the size, complexity and capability of your organization.
•
Execution is led by highly experienced practitioners with technical and business proficiency.
Solution Richter’s Next Level TRA report is a holistic, customized and scalable threat risk assessment that has been adapted for business from the Harmonized Threat Risk Assessment (HTRA) methodology. Richter’s Next Level TRA adaptations leverage the structure and consistency of the HTRA and layer on a business view. We replace the traditional complexity of a TRA to make it simple and consistent with value added insights.
RICHTER.CA
Creating value and security, every step of the way.
TERANET
“ We know that security hygiene, as well as operations, are not exciting. But they are very important” BRENDA MCCULLOCH CISO, TERANET
McCulloch says that very often, the way companies maintain their hygiene routines on a day to day basis is the cause of unexpected hacks. “I think many of the root causes of many breaches were because of persistent vulnerabilities, phished users, excessive privileges, etc. “I think it's really important that when you augment new initiatives, that you also augment the resources at the same time,” she says. Cybersecurity and the cloud The shift to cloud-based systems has been massively instrumental in creating greater vulnerabilities, points out McCulloch, and mainly, this has been caused by limited security resources. She explains, “One of the challenges has been the movement to the cloud and the augmentation of security resources to support them, both on premise infrastructure as well as cloud services. “Most organizations have limited security resources, so during the transition phase, the augmented resources and skills required to support the paradigm shift is always challenging - especially if you look at other initiatives that you want to accomplish at the same time.”
Ensuring that an organization remains abreast of novel cyber threats is a constant challenge, and only one that can be met when cyber security is considered a top priority. And at Teranet, this mentality is evident. “At Teranet, we have very strong executive support, and we meet regularly to discuss our posture as well as challenges that the security office faces,” McCulloch says. Richter partnership and security The strategic partnership with Richter has also been highly instrumental in maintaining a secure footprint for the company. McCulloch says Richter entered the security journey “very early”; it was this longterm partnership that has helped in Teranet’s cybersecurity strengthening process. “They were engaged [in providing] a security maturity and threat risk assessment because of the security programme.” McCulloch says it’s essential to know precisely where companies sit in maturity in order to know what needs to be achieved.
cybermagazine.com
125
TERANET
“At the same time, Richter helped us based on what our client’s risk trauma level was. We needed to come up with an end game.” She continues, “Richter helped us identify where we sat, as well as where we needed to go - and ultimately, that kind of risk assessment and maturity assessment has given us a view that we can execute on. “It wasn’t a one-time thing for us. After we brought in Richter, we consistently looked back at this report and ensured that we were progressing against it. So it was a living document. It wasn’t a document we parked; the assessment helped us execute with a roadmap and a plan.” McCulloch says the Teranet team still relies on their strategic partnership with Richter to maintain thorough assessments of their 126
August 2021
“ In the last year, we saw more advanced supply chain attacks, ransomware attacks and vulnerabilities than we’ve ever seen before” BRENDA MCCULLOCH CISO, TERANET
TERANET
In a traditional security model, you protect the doors of the home. You lock the doors to ensure no security breach occurs. You use a strong lock and you make sure only certain people have keys to the lock. She continues, “Zero trust is different from that model because even if I have a key to the home and I live in the house, it doesn’t mean that I have access to every single drawer and cabinet in the house. “But, if I live in a room in the house, I also have the key to my room door, and if I share a room with someone else, then I get only the keys to the areas and cupboards that I am allowed access to. “We might both have keys to the closet, but I have access to the left drawers and my husband would have keys to the right drawers. “It’s essentially a multi-layer security architecture. And that means if you have a breach at the front door, it doesn’t put the jewels in the closet at risk right away. Hackers will have to work harder to get to it. There are barriers to other controls to get to the more sensitive data.” security as they evolve. “We bring Richter back as changes within the business happen, for example, M&A, to make sure our threat risk assessment is updated. It's definitely a partnership between Richter and Teranet.” Zero Trust modelling in cybersecurity Teranet is in the process of moving over to a zero-trust model in terms of its security architecture. This multi-layered solution that prevents and slows down the damage that can be wrought in a major breach has been instrumental in fortifying the company’s cyber strategy. McCulloch uses an analogy to describe exactly how the architecture works. “So, in terms of a home, you’ve got the doors to your house and there are keys to the door.
ID cybersecurity solutions As well as the zero-trust security architecture, Teranet has adopted and is also developing a number of ID gateways via its access management multi-factor programme. This means authentication, especially for sensitive data, requires several steps before access is provided. “For privileged accounts, authentication to sensitive data, systems and apps should be more than just passwords,” says McCulloch. “The difficulty in today’s landscape is that many providers are getting breached and hackers can stealthily steal a database of usernames and passwords which go on sale on the black market. This means the user is not the only person to have access to that account. cybermagazine.com
127
TERANET
She continues, “At Teranet we use more than one factor to authenticate our users for when they want to access sensitive data or systems or applications to our cloud single sign-on or VPN.” The authentication factors used by Teranet include the password, tokens on mobile phones and devices. The company is also exploring other types of authentication - such as biometrics.” Security practice programmes As part of her work at Teranet, McCulloch has also been instrumental in building a security practice programme and team. The challenges involved in such a project often hinge on resources and executive-level approval. “You’ve got to make sure the executives at the organization are mindful of the endgame - because the endgame is where they believe that investment must go - and a lot of the time the endgame is where the risk appetite ends. Ultimately, says McCulloch, if companies have low investment but high-risk weakness items, that's something they should definitely address. She says that executives have to be very aware of these programmes because there are so many non-security initiatives that are competing with the security initiative. She says companies should also prioritise the roadmap to decipher which initiatives are more important in terms of security and that building an expert and responsive team is part of the challenge. “I am extremely picky when selecting team members since we can only hire a certain number of security resources. We also want to ensure that each of the resources is able to deliver certain parts of the programme.” Looking at the whole skillset and not just the technical expertise, is the main hiring practice for McCulloch. She explains, “A lot of people in 128
August 2021
TERANET
1991
Year founded
IT & Services Industry
Canada Headquaters
the industry look at technical skills in terms of hiring. But I also look at soft skills because those are the ones that are more difficult to teach. “The way a team interacts and communicates with each other, that’s extremely important because if you have too many casualties along the way you are not going to be able to do another initiative down the road. We want to make sure when we hire someone it’s for the long haul for sure. She adds that authenticity is a critical element required of every team member. “Lastly, once we bring on team members, we’re very considerate of their desires. We like to make sure that team members can bring their whole self and true self to work.” Security post-covid McCulloch believes the hybrid working model is the answer to the bigger question regarding work/life balance, but with it, comes additional risk. Things are different now, she acknowledges, and companies need to move with the times and minimise their vulnerability footprints. For businesses to operate in today's landscape, they need to be able to connect with others and transmit data. “It’s part of our core business to enable customers to access the data and applications they need,” she says. “That comes with cyber risk so we have to leverage advanced malware detection technologies, automation, AI, adaptive policies and behavioural deviation detection as much as possible to optimise our resources. “In the last year, we saw more advanced supply chain attacks, ransomware attacks, and more vulnerabilities than we’ve ever seen before. So we know that plugging every single hole at all possible times simply isn't possible and the reality is, we just need to make sure we are as prepared as possible to contain and mitigate the extent of a breach.” cybermagazine.com
129
TERANET
130
August 2021
TERANET
“For privileged accounts, authentication to sensitive data, systems and apps should be more than just passwords” BRENDA MCCULLOCH CISO, TERANET
Work may be more challenging than it's ever been, but McCulloch is irrepressibly optimistic - and embraces the new remote working culture, despite the issues it presents. “Post pandemic, we really don’t know how it's going to look. So we just want to be ready with our strategy. If we take the scalable approach we can ensure the entire workforce can operate from home - or any location,” she says. And working from home is a pleasure that suits McCulloch well. “I personally am thankful I’ve had this chance to have more family time and the opportunity to try new things,” she says. “These days when I finish work, I don’t have a long and late commute. I simply shut down my computer and my son and I might go for a bike ride together. It’s a simple but wonderful pleasure that we never would have been able to enjoy before because working life didn’t allow for such mid-week activities.” Through the pandemic, innovations have been discovered, solutions to problems are steadily being solved, while families can have more time together. It’s not difficult to see why McCulloch is pleased to be part of a company that is embracing the change.
cybermagazine.com
131
TOP 10
132
August 2021
DATA BREACHES THE LAST 10 YEARS From Yahoo to Canva, there’s been some devastating data security breaches affecting billions in recent years. We’ve put together the top 10 data security breaches in the last 10 years WRITTEN BY: VIKKI DAVIES
D
ata security breaches that affect millions of users are becoming increasingly common. These breaches have far reaching consequences causing financial losses and affecting operations and compliance, not to mention the damage to reputation for years to come. According to IBM and Penemon’s Cost of Data Breach study, the global average cost per breach to businesses is $3.88m, with the healthcare industry footing the biggest bill. What’s more, 38% of UK and US companies lost business because of security issues with 41% of UK consumers and 21% of US consumers claiming they would never return to a business post-breach (Forrester study). Here we look at some of the top data security breaches in memory, what happened and how many people were affected.
cybermagazine.com
133
TOP 10
10
The NHS
United Kingdom In 2018 the NHS blamed a coding error for 150,000 patients in England being involved in a data breach. Those affected had requested that their confidential health information only be used to help provide them with care. But there was a problem with the software used by GPs to record objections to the same data being used for research and auditing purposes. As a result, the SystmOne application involved never passed on the request to NHS England's IT provider. 150,000 patients were affected.
09
British Airways United Kingdom
In 2018 hackers managed to breach British Airways (BA) website and app stealing data from thousands of customers in the process. BA was fined £20 million by the UK's data protection authority over data security failings leading to the breach which saw personal and payment card information stolen. 400,000 customers were affected.
08
United States In 2018 millions of Facebook user accounts were at risk after hackers exploited a security vulnerability on the site. The company preventively secured 40 million additional accounts out of an abundance of caution. 50m users were affected.
07 Uber
United States In 2016 attackers obtained credentials to access Uber’s cloud servers and downloaded 16 large files, including the records of 35 million users worldwide. The records included passengers’ full names, phone numbers, email addresses and the location where they had signed up. Uber was subsequently fined £385,000 for the data breach. 57m users were affected. cybermagazine.com
135
Help us in the search for the Top 100 Leaders in Technology NOMINATE NOW
A BizClik Media Group Brand
NOMINATE
SHARE
CELEBRATE
Creating Digital Communities
TOP 10
06 Dropbox
United States Popular cloud storage firm Dropbox was hacked in 2012 with attackers leaking users email addresses and passwords onto the internet. At the time Dropbox reported a collection of users’ email addresses had been stolen, the full extent of the attack didn’t come to light until four years later. 68m users were affected.
05 Canva
Australia In 2019 Australian graphic design tool website Canva suffered an attack that exposed email addresses, usernames, names and cities of residence and passwords. Hackers managed to view, but not steal files with partial credit card and payment data. 137m users affected. cybermagazine.com
137
TOP 10
04 Equifaax
United States In 2017, attackers exfiltrated millions of customer records from credit reporting agency Equifax in a much publicised data breach. The breach resulted in the company agreeing to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories including up to $425 million to help people affected. 150m customers were affected.
03 Marriott
United States In 2014 the Starwood Hotels Group fell victim to the first part of a huge cyber attack on Marriott, which later acquired the group in 2016. It was four years before the problem was first noticed in which time the attacker had access to names, email addresses, phone numbers and passport photos of guests. 339m guests were affected.
02
TOP 10
Aadhaar India
In March 2018 personal information of more than a billion Indian citizens stored in the world’s largest biometric database could be bought online. The massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. 1.1bn people affected.
cybermagazine.com
139
THE ULTIMATE TECHNOLOGY, AI & CYBER EVENT SEPTEMBER
14th - 16th STREAMED LIVE FROM TOBACCO DOCK LONDON A BizClik Media Group Brand
Confirmed Speakers Include: Danny Attias
Chief Digital & Information Officer Anthony Nolan
Marcell Vollmer
Chief Digital Officer Boston Consultant Group
Kate Maxwell
Chief Technology Officer Microsoft
Renata Spinks
CISO United States Marine Corps
Scott Petty
Chief Technology Officer Vodafone
EARLY BIRD TICKETS HERE
Creating Digital Communities
Yahoo
United States In 2016 Yahoo was subjected to the largest data breach on record. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over one billion user accounts, it was later confirmed that all three billion of its user accounts were impacted. 3bn users affected.
142
August 2021
TOP 10
Yahoo Data Breach Could Be Largest in History
cybermagazine.com
143
CLOUDFLARE
ON A MISSION TO HELP TO BUILD A BETTER INTERNET WRITTEN BY: LAURA V. GARCIA PRODUCED BY: TOM VENTURO
144
August 2021
CLOUDFLARE
cybermagazine.com
145
CLOUDFLARE
Harnish Kanani Chief Customer Officer, Cloudflare
146
August 2021
CLOUDFLARE
Serving four million customers around the world, Chief Customer Officer, Harnish Kanani of Cloudflare is on a mission to build a better Internet for all
L
everaging its people and empowered by critical partnerships, Cloudflare is on a mission to help build a better, safer Internet. As one of the world’s largest networks, Cloudflare believes its duty is to help protect the most vulnerable voices and most critical institutions on the Internet. It’s a mission Chief Customer Officer, Harnish Kanani, takes to heart, nurturing and empowering a successful team by ensuring they have the tools they need to proactively service some of the world’s biggest companies around the clock and the globe. His aim is to provide not only the best service but, as he puts it, the most awesome service. “At Cloudflare, I have the opportunity to serve our customers and deliver the most awesome customer experience possible. I see my role at Cloudflare in three prongs. Number one, I have to get into the shoes of my customers. I have to feel their pain. I have to imagine what they are going through when solving a business problem or their companies or environments are under
“ The Internet was brilliantly architected, no doubt about it. However, it wasn't architected for today's performance, security, and reliability considerations” HARNISH KANANI
CHIEF CUSTOMER OFFICER, CLOUDFLARE
attack. It's the only way for us to understand what they are going through,” says Kanani. “Number two, once we understand what our customers need from us, the next part of my role includes working with my team members, mentoring and coaching them to go beyond the status quo”. “The third part of my role is to make sure that we have systems, processes, technology, and tools that allow my team to get proactive in delivering that awesome experience”. “What is also important as we build organisations and teams around the world is to make sure we incorporate the right culture. What's most important to us is that we serve our customers in a proactive manner and that we optimise their experience. What that entails is that every day when you come to work, you wake up to serve your customers in the best possible manner”. “We are in a subscription economy, which means that the customer always has a choice either to leverage applicational services from us or from our competitors
CLOUDFLARE
Cloudflare, on a Mission to Help to Build a Better Internet
“ When a situation arises with a customer that we need to connect with, Gainsight provides us critical centralised data, repositories, and reporting dashboarding to effectively help us serve our customers” HARNISH KANANI
CHIEF CUSTOMER OFFICER, CLOUDFLARE
148
August 2021
for cybersecurity and networking solutions, and they are coming to us. When you are building a global culture, you need to make sure that your customers are taken care of 24/7 around the world because their people, their customers, and the people who use the services and products are around the world and at all times of the day. So it’s important to wake up every day to serve our customers. And that culture of customer success is what we are trying to build around the world”. Cloudflare, Bringing Safety to the Cloud Today, approximately 17% of the Fortune 1000 companies are customers of Cloudflare. Each and every day, Cloudflare blocks approximately 70 billion cyber threats each day and powers approximately 25 million Internet properties. “Cloudflare has a very simple yet ambitious mission. Our mission in life is to make the Internet environment better
CLOUDFLARE
HARNISH KANANI TITLE: CHIEF CUSTOMER OFFICER COMPANY: CLOUDFLARE
EXECUTIVE BIO
for everyone. There is no question that the Internet is the lifeblood of every business. We use the Internet for collaboration. We use the Internet for commerce, and we use the Internet for communication. The Internet was brilliantly architected, no doubt about it. However, it wasn't architected for today's performance, security, and reliability considerations”. Kanani says that for decades there were many hardware vendors who designed hardware boxes that were meant to alleviate the problems that the Internet had around performance, security, and reliability. These hardware boxes could be put on-premise situations, behind firewalls, or in data centres, and were in theory meant to alleviate the problems of the Internet. Until ‘the cloud’, when companies suddenly began to move security and work processes to the Internet. “As that began to happen, more attacks began to happen, and things began to get more complex”.
Harnish Kanani is Cloudflare’s Chief Customer Officer. Cloudflare runs one of the world’s largest networks which provides security, performance, and reliability to Internet applications, including websites and APIs to corporate networks and remote teams. Today Cloudflare has more than four million customers, including 17% of the Fortune 1000. Harnish has spent his career working with enterprise customers large and small and within networking and security. He joined Cloudflare after working with Palo Alto Networks, RedLock Security, and CipherCloud, overseeing post-sales and customer success, and with Ernst & Young and Tata Consultancy Services as a management consultant.
CLOUDFLARE
“Suddenly, these hardware boxes that at one point in time were serving the needs of enterprises around the world could no longer handle the traffic or the complexity of the attacks. It began to build an architectural shift at the network layer, and culture was at its forefront. What Cloudflare did is build a highly scalable and efficient global network platform that delivers secure network services. This network became the backbone of our platform. The job of Cloudflare’s network service is to make sure that cloud applications are secure and that they are delivered in a fast and efficient manner. They are highly scalable, and they are reliable”. “We are now able to deliver applications, products, and services in a very seamless manner and with less cost. All of this helped to alleviate the industry problems that the
CLOUDFLARE
“ Today, 17% of the Fortune 1000 companies are customers of Cloudflare. We block on average 70 billion cyber threats every day and power approximately 25 million Internet properties on our network. We are proud to be in this business” HARNISH KANANI
CHIEF CUSTOMER OFFICER, CLOUDFLARE
hardware boxes brought to the cloud and to the transformation journey. There is no other solution that can help customers deliver their applications and Internet properties in a fast, reliable, and secure manner”. “Today, approximately 17% of the Fortune 1000 companies are customers of Cloudflare. We block an average of 70 billion cyber threats every day and have approximately 25 million Internet properties powered by our network. We are proud to be in this business”. “I can't emphasise enough the importance of cloud security solutions. Take, for example, the Colonial Pipeline attack that suddenly exposed millions of people worldwide to the impact cyber threat has on our day-to-day lives. It's a really big concern of mine right now that we see more and more of these cyber attacks on a regular basis. In the last six months, I would say we've seen a real uptick in the global attacks that specifically are happening around critical infrastructure. We are obviously working around the clock to make sure our customers are safe. We are making sure that we can become thought leaders in the industry and guide the industry as well”. Gainsight, a Key Partner in Customer Success “The partnership with Gainsight is of premier importance to Cloudflare. Around the world, people want to make sure that we are delivering our services in a very proactive manner and that we are there for our customers 24/7. As a result, my customer success team needs to have all of the information around a particular customer in a centralised place. Gainsight is one of those technologies that we use and have embraced because Gainsight allows us to pull all of that data in one central place”. cybermagazine.com
151
CLOUDFLARE
“ The job of Cloudflare’s network service is to make sure that cloud applications are secure and delivered in a fast and efficient manner, and that they are highly scalable and reliable” HARNISH KANANI
CHIEF CUSTOMER OFFICER, CLOUDFLARE
152
August 2021
“We use Gainsight to have visibility into how our customers have purchased our services and products and ultimately how they're utilising these offerings and the return on investment they're getting from our offerings. We also use it for tracking usage and adoption of our services by our customers. Gainsight helps us to see how connected they are, who their customers are, and what the engagement is like with our company. That allows our customer success team to proactively reach out to customers around the world. When a situation arises with a customer that we need to connect with, Gainsight provides us critical centralised data, repositories, and reporting dashboarding so we can effectively serve our customers. The
CLOUDFLARE
2009 Year Founded
4,500+
Number of Employees
$431mn 2020 Revenue USD
Internet Industry
best part is, we are alerted when something is wrong with a particular customer situation. We have gained a lot of insights so far, and we continue to embrace the technology. It's a critical part of making our customer service team efficient and scalable around the world”. Cloudflare, Nurturing Businesses of the Future Cloudflare believes in helping to nurture startups and helping to create businesses of the future. Partnering with organisations such as DigitalOcean and the Hatch program, which helps developers create, launch, and scale their startups, Cloudflare for startups offers cloud-first services for up to 12 months free.
Project Galileo June is the seventh anniversary of Cloudflare’s Project Galileo, which offers free cybersecurity services for nonprofits or organisations working in the fields of arts, human rights, civil society, journalism, or democracy. “All of these organisations around the world have a voice on the Internet, but it is possible that without Cloudflare services, these voices could be suppressed on the Internet. We have approximately a thousand members and participants and have literally stopped millions of cyber attacks and cyber threats on these Internet properties such as their websites. And we are proud to be in partnership with them”. cybermagazine.com
153
CLOUDFLARE
154
August 2021
CLOUDFLARE
The Athenian Project Election websites serve a powerful role in democratic elections, yet election websites are often the targets of attacks and face vulnerabilities. Helping to meet Cloudflare’s mission of creating a better, safer Internet, the Athenian Project protects against these vulnerabilities. Cloudflare created the Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free so that their constituents have access to election information and voter registration. The COVID-19 Response Kanani says COVID-19 has been a test for the cyber resilience of corporations around the world. “There are no longer walls to a company. As companies began to work from home, cyber attackers started to become more sophisticated and skilled in their capabilities and tactics. They adapted. Attackers no longer go after website properties. What we've begun to see is that they've begun to infect and attack the critical infrastructure behind each of the companies. As employees work from home, they bring increased vulnerabilities and an increased level of attacks”. “This put a strain back on the IT and the security teams. Cloudflare responded by providing information and messaging through blog posts and, at the beginning of the COVID19 pandemic, began to offer a borderless security access product for free. We’ve seen huge demand, and it was no surprise that on-premise networking and security solutions have now moved to the cloud at a much faster speed. Security models have to evolve in this cloud-first world, and Cloudflare is here to help lead the way”.
cybermagazine.com
155
Enabling educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience. EXPLORE THE 3D EXPERIENCE