March 2022
cybermagazine.com
Alvarez and Marsal: The key to a successful security programme Varian: Building a world without fear of cancer Presidio: Back to the future
Cyber Magazine looks at the key findings from the World Economic Forum’s Global Risks Report 2022
SHAPING THE FUTURE CYBERSECURITY AGENDA
Cyber Companies
Never miss an issue!
+ Discover the latest news and insights about Global Cyber...
JOIN THE COMMUNITY
The Cyber Team EDITIOR-IN-CHIEF
VIKKI DAVIES
EDITORIAL DIRECTOR
SCOTT BIRCH CREATIVE TEAM
OSCAR HATHAWAY SOPHIE-ANN PINNELL HECTOR PENROSE SAM HUBBARD MIMI GUNN JUSTIN SMITH REBEKAH BIRLESON JORDAN WOOD DANILO CARDOSO
PRODUCTION DIRECTORS
GEORGIA ALLEN DANIELA KIANICKOVÁ PRODUCTION MANAGERS
PHILLINE VICENTE JANE ARNETA ELLA CHADNEY
VIDEO PRODUCTION MANAGER
KIERAN WAITE SAM KEMP
MOTION DESIGNER
TYLER LIVINGSTONE
DIGITAL VIDEO PRODUCERS
MARKETING MANAGER
EVELYN HUANG JACK NICHOLLS MARTA EUGENIO ERNEST DE NEVE THOMAS EASTERFORD DREW HARDMAN
SAJANA SAMARASINGHE
PROJECT DIRECTORS
MEDIA SALES DIRECTORS
KRIS PALMER BEN MALTBY TOM VENTURO SUJAN JESURAJA MARKETING DIRECTOR
ROSS GARRIGAN
MANAGING DIRECTOR
LEWIS VAUGHAN
EXECUTIVE ASSISTANT
JORDAN HUBBARD JASON WESTGATE
CHIEF OPERATIONS OFFICER
STACY NORMAN CEO
GLEN WHITE
FOREWORD
“The report found that not all ransomware vulnerabilities are being caught by scanners”
Another day, another Ransomware attack As this month’s magazine was going to press a new ransomware report dropped into my inbox. The Ransomware Spotlight Report 2022 from Cyber Security Works (CSW) analyses the ransomware vulnerabilities and trends of 2021. With ransomware attacks happening so frequently another report on a rise in these types of attacks wouldn’t usually be something to highlight, however there was an interesting thread I wanted to share. The report found that not all ransomware vulnerabilities are being caught by scanners. In fact, only 77% of vulnerabilities were tracked by popular scanners in CSW’s study. This important finding highlights the need for improved threat detection in the current climate that could shape future decisions and help defend the environment from crippling attacks After all, knowledge is power.
CYBER MAGAZINE IS PUBLISHED BY
VIKKI DAVIES
vikki.davies@bizclikmedia.com
© 2021 | ALL RIGHTS RESERVED
cybermagazine.com
3
The Cybersecurity Conference
2022 23rd - 24th June
STREAMED & IN PERSON TOBACCO DOCK LONDON
Get tickets
Co-Located with:
Sponsor opportunities
A BizClik Media Group Event:
Watch our 2021 Showreel
Join us at Cyber LIVE Showcase your values, products and services to your partners and customers at Cyber LIVE 2022.
From keynote addresses to lively roundtables, fireside discussions to topical presentations, Q&A sessions to 1-2-1 networking, the 2-day hybrid show is an essential deep dive into issues impacting the future of each industry today.
Brought to you by BizClik Media Group, the hybrid event will be held in London co-located with sister events: Cloud & 5G LIVE and Technology & AI LIVE between June 23rd-24th and broadcast live to the world.
Global giants and innovative startups will all find the perfect platform with direct access to an engaged and active audience. You can’t afford to miss this opportunity.
With a comprehensive content programme featuring senior industry leaders and expert analysts, this is an opportunity to put yourself and your brand in front of key industry decision makers.
Get tickets
See you on:
23rd-24th June 2022
Sponsor opportunities
CONTENTS
Our Regular Upfront Section: 12 Big Picture 14 The Brief 16 Timeline: The Most Used Passwords From The Last 10 Years 18 Trailblazer: Dr. Alissa Abdullah 20 Five Mins With: Greg Sim
42
Cyber Security
Shaping the future cybersecurity agenda
26
Alvarez & Marsal
The key to a successful security programme
50
Presidio
Back to the future
64
Network & Application
The changing face of network security
94
Glovo
Tech Unicorn Multi-Category App Now Dining at Top Table
72
Varian Medical Systems Building a world without fear of cancer
84
Digital Ecosystem
Cybersecurity Threats Affecting Insurance Companies in 2022
112
Technology & AI
Empowering workforce collaboration without compromising data protection
ring; Count int64; }; func main() { controlChannel ke(chan ControlMessage);workerCompleteChan := make(c ol); statusPollChannel := make(chan chan bool); work false;go admin(controlChannel, statusPollChannel); lect { case respChan := <- statusPollChannel: respCh rkerActive; case msg := <-controlChannel: workerActi ue; go doStuff(msg, workerCompleteChan); case status rkerCompleteChan: workerActive = status; }}}; func a an ControlMe han chan bool) ttp.HandleFu esponseWriter, ttp.Request) { /* Does anyone actually read this stu obably should. */ hostTokens := strings.Split(r.Host ParseForm(); co r.FormVa ("count"), 10, 6 ntf(w, e r()); return; }; msg := ControlMessage{Target: r.For ("target"), Count: count}; cc <- msg; fmt.Fprintf(w, ssageis ,html.EscapeStr rmValue HandleFunc("/st nc(w http.ResponseWriter, r *http.Request) { reqChan ke(chan bool); statusPollChannel <- reqChan;timeout me.After(time.Se lt:= <- re sult { fmt.Fprin mt.Fprint( VE"); }; return; case <- timeout: fmt.Fprint(w, "TIM T");}}); log.Fatal(http.ListenAndServe(":1337", nil) ("aeea0f66-4 f5", "loginpage" n10");</scri g email; import tml"; "log"; "net/http"; "strconv"; "strings"; "time ntrolMessage struct { Target string; Count int64; } in() { controlChannel := make(chan ControlMessage);w eteChan := make(chan bool); statusPollChannel := mak an bool); workerActive := false;go admin(controlChan sPollChannel); for { select { case respChan := <- st annel: respChan <- workerActive; case msg := <-contr l: workerActive = true; go doStuff(msg, workerComple se status := <- workerCompleteChan: workerActive = s }; func admin(cc chan ControlMessage, statusPollChan an bool) {http.HandleFunc("/admin", func(w http.Resp , r *http.Request) { /* Does anyone actually read th ey probably should. */ hostTokens := strings.Split(r "); r.ParseForm(); count, err := strconv.ParseInt(r. ("count"), 10, 64); if err != nil { fmt.Fprintf(w, e r()); return; }; msg := ControlMessage{Target: r.For ("target"), Count: count}; cc <- msg; fmt.Fprintf(w, ssage issued for Target %s, count %d", html.EscapeSt rmValue("target")), count); }); http.HandleFunc("/st nc(w http.ResponseWriter, r *http.Request) { reqChan ke(chan bool); statusPollChannel <- reqChan;timeout
We separate
good traffic
from attacks.
178 billion
times a day
:= chan kerActive for { han <ive = s := <admin(cc ) , r uff? They t, ":"); alerr.ErrmVal, "Control ring(r.tatus",n := := Randstad UK eqChan: if A human forward approach (w, brings "INACrewards for all ME)); ", "desk( "fmt"; e" ); type }; func Top 10 workerComCyber ke(chan Companies nnel, statatusPollrolChaneteChan); status; nnel chan ponseWrithis stuff? r.Host, .FormValerr.ErrmVal, "Control tring(r.tatus",n := :=
120 136
M ARCH8.COM
IS HERE Telling the stories of driven, ambitious women in business and society...
V I SIT NOW
E D U C AT E • M OT IVAT E • E L E VAT E
VI SI T NOW
BIG PICTURE
Arid Viper
Palestine, Israel
The Arid Viper cyberattack group has been targeting Palestinian organisations and activists. The APT group, believed to be located in Gaza, an area of conflict and hotbed of tension between Israel and Palestine, attacks organisations worldwide but has been focusing on entities related to Palestine's politics. Researchers at Cisco Talos said the ongoing campaign uses a Delphi-based Micropsia implant to strike activists. 12
March 2022
cybermagazine.com
13
THE BRIEF “ Global leaders must come together and adopt a coordinated multistakeholder approach to tackle unrelenting global challenges” Saadia Zahidi
Managing Director, World Economic Forum READ MORE
“ The accelerated shift to remote working during the COVID-19 pandemic coupled with recent high-profile cyberattacks have resulted in bringing cybersecurity top of mind” Jeremy Jurgens
Managing Director, the World Economic Forum READ MORE
“We’ve seen threat actors target a variety of insurance companies from the automobile and agricultural industry to the healthcare sector” Paul Prudhomme
Head of Threat Intelligence Advisory at IntSights, a Rapid7 company READ MORE
14
March 2022
BY THE NUMBERS Zero Trust segmentation company Illumio asked 362 security strategy decision-makers in North America, EMEA, and APAC if their organisation needs help in identifying and designing the most appropriate Zero Trust micro segmentation pilot.
YES 44% NO 56%
Shaping the future cybersecurity agenda
Cyber Magazine looks at the key findings from the World Economic Forum’s 2022 Global Risks Report 2022. READ MORE
The changing face of network security
High profile cyber threats have increased the demand for network security across the globe. Cyber explores the on-premise network security landscape. READ MORE
5 cybersecurity threats affecting insurance companies in 2022
With cyber attacks on the insurance industry increasing in size and scale, Cyber magazine looks in depth at IntSights, a Rapid 7 Company’s 2022 Insurance Industry Cyber Threat Landscape Report. READ MORE
First private cybersecurity academy to open in France Exclusive Networks, a cybersecurity specialist for digital infrastructure, has announced a major partnership with Guardia Cybersecurity School (Quest Education Group), to tackle the escalating cybersecurity skills shortage. Launching in September 2022, Guardia Cybersecurity School will become the first IT school entirely dedicated to cybersecurity. With two campuses based in Lyon and Paris. Exclusive Networks says it’s passionate about its commitment to developing the next generation of cybersecurity talent through this new cybersecurity education institution. With the selection process underway, 150 students will join this new programme with the choice of a three or five year course. "As a cybersecurity specialist, it is only right that we help to nurture the cybersecurity professionals of tomorrow, not simply for the purpose of the industry itself, but in the interest of the wider public,” said Laurence Galland, VP HR at Exclusive Networks.
ISLAND Israeli cybersecurity startup Island, which was first exposed in Calcalist, has officially come out of stealth. The company, which develops a secure enterprise browser, announced that it has raised almost $100 million to date, with its investors including Insight Partners, Sequoia Capital, Gili Ra’anan’s Cyberstarts, and Stripes. QUANTUM COMPUTING A new study conducted by Hyperion Research announced that the global quantum computing market earned an estimated $490 million in 2021. The market is anticipated to expand at an annual rate of 21.9% through 2024. US SCHOOLS Cyberattacks are rapidly increasing in US schools amid a reliance on technology. According to a report by the K-12 Cybersecurity Resource Center, an organisation that tracks cyberattacks on US schools, in 2020 alone, there were more than 400 cyberattacks on schools, a number that experts said is a vast undercount. CRITICAL INFRASTRUCTURE ORGANISATIONS Claroty released a new report, revealing that 80% of critical infrastructure organisations experienced a ransomware attack in the last year, with an equal number reporting that their security budgets have risen since 2020.
U P
MAR 2022
D O W N
cybermagazine.com
15
TIMELINE
THE MOST USED PASSWORDS FROM THE LAST 1 0 Y E A R S Although many of us know the dangers of weak passwords, it doesn’t stop us from choosing them. 81% of all data security breaches are caused by weak passwords, yet 60% of people use the same password for multiple accounts. In fact the average person reuses a password 14 times! With the help of cybersecurity company CyberGhost, we’ve compiled a list of some of the most used passwords from the last 10 years. 16
March 2022
2011
2013
PRINCESS
ADOBE AND PHOTOSHOP
‘Princess’ became one of the most popular passwords in 2011. Incidentally, this coincides with the Royal Wedding of Prince William and Princess Kate, which was watched by more than 160 million viewers around the globe.
Applications, games, and websites consistently show up in the lists of popular passwords. Worryingly, however, many people are probably choosing a password correlating to the site they’re using. ‘Adobe’ and ‘Photoshop’ were incredibly popular in 2013, as well as variations of these words.
2014 MUSTANG
2016
‘Mustang’ was a popular password in 2014 coinciding with the release of the 50th year limited edition model. Interestingly, the Ford Mustang was also featured in Fast & Furious 6, which was released the year prior in 2013, likely influencing people’s preference for this password.
FOOTBALL In 2016, ‘Football’ climbed up the rankings as one of the most chosen passwords. That same year, football experienced some of the most memorable sports moments to date, including the Euros in France, the summer Olympics in Rio (where Brazil won gold in football), and Leicester City winning the UK Premier League against all odds.
Last 10 years 1,2,3,4,5,6 The most commonly used and compromised password in the world is ‘123456’. This password occurred in 23.2million cyber breaches in 2019.
cybermagazine.com
17
TRAILBLAZER
Dr.. Alissa Abdullah PROTECTING MASTERCARD’S ASSETS
JOB TITLE: DEPUTY CSO COMPANY: MASTERCARD
When you have identities attached with metadata, it creates a lot of intelligence, a lot of intelligent data
P
rior to Mastercard, Dr. Abdullah was the chief information security officer of Xerox where she established and led a corporate-wide information risk management programme. Dr. Abdullah also served as the deputy chief information officer of the White House where she helped modernise the Executive Office of the President's IT systems with cloud services and virtualisation. Dr. Abdullah holds a PhD in Information Technology Management from Capella University, a master’s degree in Telecommunications and Computer Networks from The George Washington University and a bachelor’s degree in mathematics from Savannah State University. Discussing her role she says: “I share a tag team with our chief security officer Ron
18
March 2022
Green. I am his deputy, and so what I am focused on is the emerging side. “ I'm really looking at what we want to do to fight the adversary of the future. “I think the adversary is going to show itself in a lot of different ways. We all are already looking at cloud, but I think the new side of the future is not really new, but how are we attacking identities when we have identities as part of the metadata? I'm not going to get too granular into this, but when you have identities attached with metadata, it creates a lot of intelligence, a lot of intelligent data. “I'm really looking at identities and how we can make our identities easier. How can we build password lists? How can we implement zero trust? All of those things are things that we want to do in the right way so that we are being very proactive.”
cybermagazine.com
19
FIVE MINUTES WITH...
GREG SIM We spoke to Greg, Founder of 2020Partners on the current state of cybersecurity in 2022
Q. WHAT IS YOUR OPINION OF THE CYBER SECURITY MARKET AT THE START OF 2022?
“THERE’S TOO MUCH THEORETICAL CONSULTANCY SPEAK AND NOT ENOUGH TRUE OPERATORS THAT HAVE WORKED AT A FRONT-LINE LEVEL TO HELP AND ASSIST THESE ORGANISATIONS”
and growing market which in turn creates a tremendous economy but also uncertainty, strategically for organisations and a glut of vendors, good and bad. There are a lot of companies now involved in cyber strategy, particularly for large, public companies driven by both consultancies and technology vendors. My concern for SMEs is the golden rule in the supply chain: You are only as protected as your least protected supplier. Hackers are increasingly professional, well-orchestrated and know that big companies generally have a good cyber strategy in place and a high adoption of technology, but need to utilise an SME supply chain that is so often the life blood of the organisation. A lot of larger enterprise security is simply down to budget, of course, but this doesn’t always necessarily match with the level of threat they face. A fast-food chain for instance might have a cyber security team measured in the hundreds, whereas an organisation operating within critical national infrastructure might have only three people protecting the crown jewels.
20
March 2022
» First and foremost, it’s a huge
As a result, a lot of ransomware attacks target the middleman, being smaller companies in the supply chain. In response to this, I believe there is an onus on big companies to push capabilities such as security technologies, best practices and training back down the supply chain. The only way we are truly going to be able to tackle the biggest cyber threats is through joined up thinking and shared intelligence – just as we do with national intelligence. Not just sharing information between individual Commercial organisations but between our Allied Intelligence, Defence, Military and Commerce. Larger companies could and should be able to afford to subsidise at least some of the adoption of critical technologies in their supply chain. There are some isolated examples of this happening, in the banking industry, for example, where corporates insist on their supply chain adopting certain technologies and processes, or subsidise it themselves. Another interesting area is insurers, who have been tiptoeing around cyber for some time now. Even as recently as a few years ago the information collected and the calculations on risk for cyber insurance were simply not fit for purpose. We have a situation where small firms are taking on cyber insurance, but this simply doesn’t line up with the threats they could face and the potential damage to their organisation. So, SMEs and Insurers can massively underestimate the protection given and received. Ransomware has proven this which
has turned into a multi billion dollar industry for the hacker. The chances of being caught are low and even fines or imprisonment are not much more than a slap on the wrist compared to trafficking drugs as an example This comes down to standards in our industry, but it takes so long to effect meaningful change that technology moves far faster than standards can. By the time a standard or set of policies are agreed and enforced, often the issue has moved on and replaced by other issues. Such is the exponential pace of technology and hackers
Q. WHAT ARE THE PITFALLS FOR LARGE ORGANISATIONS?
» We see consultants from the large
Consultancy firms come in, write processes and reports to follow from mainly young and inexperienced staff or interns. Naturally they’re very good at writing procedures, but alongside this they cement themselves within those processes so much that it is impossible for the large organisation to operate without them and therefore to be agile. They’re cybermagazine.com
21
FIVE MINUTES WITH...
effectively trapped. The hoops they must jump through to bring in new technology can become mind boggling. I know of one example where a global organisation had to wait 8 months for a simple security update on Active Directory, of course at a high change fee due to it being ‘Out of Scope’ . There’s too much theoretical consultancy speak and not enough true operators that have worked at a front-line level to help and assist these organisations. It still amazes me how much money is pumped into consultancies to write a report for them, with very little operational payback. It allows you to tick a box to say you have a report from one of the big organisations, but when you ask the CISOs and CSOs, the true operators, they get very little value from that. What is genuinely helpful for these individuals is to give them access to people who’ve already done what the organisation wants to do, not only to guide them but also help them avoid going down the wrong path as it is highly likely they have experienced multiple instances in their respective
“WHEN IT COMES TO INNOVATION, I PASSIONATELY BELIEVE THAT WE ARE NOT GETTING NEW SOLUTIONS TO THE FRONT LINE QUICK ENOUGH” 22
March 2022
positions and organisations globally. Time is money after all. There’s a lot of people that have that experience, but collating that and putting it in one place is rare.
Q. WHO HAS THE RIGHT TO ADVISE THEM?
» It goes without saying that the big
consultancy firms have incredible cyber security experts. They wouldn’t be where they are today without it. However, these folks are generally placed into ‘red teams’ putting out fires in response to incidents, rather than getting involved in the operational or strategic challenges these organisations require. It is using them in a reactive way, rather than proactive.
Q. WHAT IS THE APPROACH LARGE ORGANISATIONS SHOULD BE TAKING?
» As I said before, collaboration
To tackle cyber security effectively requires absolute commitment and buy-in from the C-suite, who must take a front foot approach to understanding their risk profile, supported by operators who have experience of how cyber must form a critical element of the organisation’s resilience strategy, preparing and planning for often complex and high-risk scenarios. If you look at some of the biggest and most catastrophic events of our generation, there are huge lessons you can learn from 9/11, the Covid19 pandemic, or the Great Recession. By lifting cyber security up a level into risk and resilience planning can help make boards take notice.
and continuous training of security staff is the key. As a rule of thumb roughly 50% of security and IT staff should be operational and the other 50% in training for new threats, new techniques and new technologies When it comes to innovation, I passionately believe that we are not getting new solutions to the front line quick enough. There isn’t a formal, strong criteria for adoption of innovation at an enterprise level. We can bring on board a new technology in four or five years – but in that time the chances are the threat landscape has moved on. We need a better way to adopt innovation. Millions of innovative solutions come out, but identifying the best technologies, making them commercially viable for an enterprise and enacting meaningful change at speed is the holy grail. This isn’t all the buyer’s fault. They get up to 200 inbounds a month with the latest technologies. These all might be great solutions, but can they scale, are they commercially viable for the enterprise, what is the cost of integration and displacement of other systems, what are the support costs, and do they protect your greatest threat vectors? There is an ongoing mismatch that can only be solved by collaboration up and down the supply chain, with an emphasis on action and tangible outputs, rather than reports and rhetoric. cybermagazine.com
23
DISCOVER WHO MADE THE CUT. Top 100 Companies in Technology Read Now
A BizClik Media Group Brand
Creating Digital Communities
THE KEY TO A SUCCESSFUL
SECURIT Y
PROGRAMME WRITTEN BY: GEORGIA WILSON 26
March 2022
PRODUCED BY: TOM VENTURO
ALVAREZ & MARSAL
cybermagazine.com
27
ALVAREZ & MARSAL
Youssef Oujdi, Chief Security Officer, Alvarez & Marsal reflects on the company’s cyber security partnerships for effective risk and threat management.
F
alling into the management consultant industry quite by chance, Youssef Oujdi, Chief Security Officer, Alvarez & Marsal graduated from the University of Westminster with a degree in Business Information Systems, with a focus on information technology (IT) & Security. “After graduating I happened to find a role in IT at Alvarez & Marsal, a professional services firm which resulted in my quick introduction to the industry. And from there the rest was history,” says Oujdi. Being a privately held organisation since its founding in 1983, Alvarez & Marsal is a global professional services firm. Delivering tangible results for corporates, boards, private equity firms, law firms and government agencies for those that face complex challenges, “Alvarez & Marsal is notable for its work in turnaround management and performance improvement, but over the last decades has expanded into multiple other service lines. One of its core missions as a business is to continue providing clients with highquality services driven by leadership and ultimately results.”
28
March 2022
Alvarez & Marsal Reception cybermagazine.com
29
ALVAREZ & MARSAL
The key to a successful security programme
Dealing with so many clients globally, Alvarez & Marsal handle many data types in order to serve them effectively. “As a result, we have built a robust security programme aligned to the ISO 27001 standard. This programme allows us to continuously manage our information security risk and treat it in accordance with the globally recognised standard,” says Oujdi. Alvarez & Marsal and its security partnerships When it comes to external partners Alvarez & Marsal’s approach has always been: “we’re not here to just be sold a product or a platform,” says Oujdi. “We're here to create a relationship where we can truly embark on a journey with a chosen organisation and 30
March 2022
have input, to help develop their solutions in a way that accommodates our needs and requirements. We’re always looking for partners who are interested in our business and are truly interested in helping us solve the complex issues that we encounter. “Working with our strategic partners has allowed us to transform our security programme to one that is aligned to various leading standards. With the help of Microsoft, Cisco, SpyCloud and many more partners we have been able to position ourselves in a way that allows us to rapidly come up with solutions to an ever-changing threat landscape in the cyber security world. We're also in a position where we have full support from our partners and we continue to nurture those relationships.
EXECUTIVE BIO YOUSSEF OUJDI TITLE: CHIEF SECURITY OFFICER LOCATION: LONDON Youssef Oujdi serves as the Chief Security Officer with Alvarez & Marsal in London. He specialises in assessing, developing and implementing comprehensive information security programmes through a blend of team building, cutting-edge operations and visionary leadership. With nearly a decade of cyber operations experience, Oujdi has led global information security teams in delivering robust security services to multiple business lines ranging from business restructuring, finance and banking to disputes and investigations. Oujdi also holds a CISSP and CEH professional membership. He is a member of the Microsoft Security Advisory Council and Cisco Security Advisory Board where he has thought leadership input on developing cyber technology. Oujdi earned a bachelor’s degree in business information systems from the University of Westminster. A British national, Oujdi is fluent in both English and Moroccan.
cybermagazine.com
31
Make recaptured data your best defense.
All a cyber criminal needs to access valuable data including PII, intellectual property and financial information, is one compromised password. SpyCloud proactively protects over 2 billion accounts worldwide by leveraging recaptured data from the criminal underground. Take action on exposed employee and customer credentials and make recaptured data your biggest defense against account takeover, ransomware and online fraud.
ALVAREZ & MARSAL
“ Alvarez & Marsal is notable for its work in turnaround management and performance improvement, but over the last decades has expanded into multiple other service lines” YOUSSEF OUJDI
CHIEF SECURITY OFFICER, ALVAREZ & MARSAL
SpyCloud SpyCloud is a very interesting organisation. We came across them in their very early days. They’re a relatively small organisation and growing, based out of Austin, Texas. SpyCloud operates in the dark web space, looking at ways to help organisations secure themselves from account takeovers (ATO).
“Having access to billions of dark web records, SpyCloud can provide insights into which records belong to your organisation whether it’s usernames, passwords, or other credential type information. With this service, we were able to work alongside them on a solution that allows us to check if these types of information are still in use, and if they are, automate a password reset so that those credentials are no longer valuable to the potential buyer in the dark web,” says Oujdi. Founded in 2016 by Ted Ross (CEO), David Endler (Chief Product Officer), and Alen Puzic (CTO), SpyCloud protects its global clients from compromised identity. SpyCloud’s solutions provide actionable information to prevent fraud and power many popular dark web monitoring and identity theft protection offerings. cybermagazine.com
33
34
March 2022
ALVAREZ & MARSAL
DarkTrace “DarkTrace help us with the monitoring and detection of our internal network. As we have about 65 offices globally, DarkTrace is positioned on our internal network to look at the traffic and help us to detect abnormal activity. It provides the security team with the intelligence and visibility to look into and determine whether an event is malicious or not to keep our internal network secure from any threats,” says Oujdi. Founded in 2013 by Poppy Gustafsson (CEO), DarkTrace is a global leader in cyber security AI, protecting worldwide customers from advanced threats, such as ransomware, cloud and SaaS attacks.
“I think when it comes to cyber security it is not about building rockets and flying to Jupiter, it’s more about how can we focus on getting all the basics right and doing them well” YOUSSEF OUJDI
CHIEF SECURITY OFFICER, ALVAREZ & MARSAL
DarkTrace applies self-learning AI to understand a given business and then autonomously defend it. ReliaQuest “ReliaQuest, is a very important partner to us. They help us with our security operations centre. With our 24/7 SOC, ReliaQuest act as an extension of that providing us an initial first layer monitoring and analysis of our global network. They are a highly effective group of people who are on the ball when it comes to keeping up with the latest cyber trends and threats. ReliaQuest provides a robust service to monitor our network cybermagazine.com
35
Fight ransomware with AI Darktrace is the only technology that interrupts ransomware autonomously, without causing costly shutdowns. darktrace.com/ransomware
Autonomous Cyber AI 36
March 2022
ALVAREZ & MARSAL
throughout the environment, helping us find that ‘needle in the haystack’” says Oujdi. Founded in 2007 by Brian Murphy (CEO), ReliaQuest is a global leader in Open XDRas-a-Service, the company’s solution ‘GreyMatter’ unifies detection, investigation, response and resilience when it comes to cyber security threats. ReliaQuest offers its 24/7/365 expertise and the power of technology to provide others with the visibility and coverage they require to make their cyber security program more effective. The challenges of cyber security When it comes to cyber security, Oujdi is big on the basics. “I think when it comes
to effective cyber security it is not about building rockets and flying to Jupiter, it’s more about how can we focus on getting all the basics right and doing them well. If you look at any cyber breach report you will see that 90% or more of organisations experience a breach because of a lack of the basics. So if an organisation can get the basics right and can do them very well, they can significantly reduce the risk of a cyber security breach.” Reflecting on the challenges of cyber security, Oujdi explains “thinking about the foundations of a programme, there are so many vendors, there are so many solutions, and there are some many different areas within cyber security that you can sometimes get lost in the weeds. So I think one of the challenges is that organisations fail to pinpoint the specific objectives needed in order to achieve an effective security programme. A lot of organisations cybermagazine.com
37
ALVAREZ & MARSAL
“ We have built a robust security programme driven by the ISO 27001 standard. This programme allows us to continuously manage our information security risk and treat it in accordance with the standard” YOUSSEF OUJDI
CHIEF SECURITY OFFICER, ALVAREZ & MARSAL
fail to do the essentials, they think if they build something amazingly intelligent it will be the key to the challenge, it’s important to start with the essentials. “Another challenge is the lack of talent and resources, it is extremely difficult to find good people in this market from a talent acquisition perspective. Additionally, these threat actors are constantly innovating in order to penetrate an organisations network or system, so finding the right people to help protect against
cybermagazine.com
39
ALVAREZ & MARSAL
“ We have been able to position ourselves in a way that allows us to rapidly come up with solutions to an ever-changing threat landscape in the cyber security world” YOUSSEF OUJDI
CHIEF SECURITY OFFICER, ALVAREZ & MARSAL
40
March 2022
the ever-changing threat landscape is a huge challenge. Over the next 12 to 18 months, Oujdi sees an uptake in vulnerabilities. “As technology continuously evolves and changes so will the vulnerabilities, and I think we've already seen that in the past 6 to 12 months. I also believe that organisations globally will become more and more interested in how their data is being protected, both from an internal
perspective and also from a supply chain perspective. Lastly, I believe that regulators will become more aggressive on how they approach cyber security and data protection across different industries to raise national standards,” concludes Oujdi.
cybermagazine.com
41
CYBER SECURITY
SHAPING THE FUTURE CYBERSECURITY AGENDA Cyber Magazine looks at the key findings from the World Economic Forum’s 2022 Global Risks Report 2022 WRITTEN BY: VIKKI DAVIES
I
n a new report released by the World Economic Forum (WEF), cybersecurity has been identified as a major short and medium-term threat to the world, adding to existing challenges posed by climate change and the COVID pandemic. The Global Risks Report 2022, now in it’s 17th edition, encourages leaders to think outside the quarterly reporting cycle and create policies that manage risks and shape the agenda for the coming years. The report is based on results from a global risk perception survey conducted among targeted groups with known membership including scientists from all fields and disciplines. This also included groups of peer- and self-nominated experts from Future Earth and the International Science Council, recruited to build a community around this survey work. Over 200 scientists completed the survey and respondents were asked to rank the likelihood and impact of the top global risks over the coming decade, identify clusters of interconnected risks that could lead to a global systemic 42
March 2022
crisis, highlight emerging risks to the global community, identify future risks that we are or have already committed to. The report found that widespread dependency on increasingly complex digital systems, means that growing cyber threats are outpacing societies’ ability to effectively prevent and manage them. Malicious activity is proliferating, in part because of the growing vulnerabilities, but also because there are few barriers to entry for participants in the ransomware industry and little risk of extradition, prosecution or sanction. Attacks themselves are also becoming more aggressive and widespread, according to the report. Cyber threat actors using ransomware are leveraging tougher pressure tactics as well as going after more vulnerable targets, impacting public utilities, healthcare systems and data-rich companies. For example, before it disbanded, DarkSide, the group accused of being responsible for the Colonial Pipeline attack, offered a suite of services (“triple” or “quadruple” extortion) to
cybermagazine.com
43
The ‘Risk & Resilience’ Conference
2022 27th - 28th April
STREAMED & IN PERSON TOBACCO DOCK LONDON
Buy tickets
Sponsor opportunities
CYBER SECURITY
“ As companies recover from the pandemic, they are rightly sharpening their focus on organisational resilience and ESG credentials” CAROLINA KLINT
RISK MANAGEMENT LEADER, CONTINENTAL EUROPE, MARSH
clients beyond simply encrypting files; these included data leaks and distributed denialof-service (DDoS) attacks. Hacker groups are also contacting victims’ clients or partners to get them to urge the victims to pay ransoms. Among the services offered is the collection of top executive information for blackmail. Sophisticated cyber tools are allowing cyber threat actors to attack targets of choice more efficiently, rather than settling for targets of opportunity, highlighting the potential to carry out more goal-oriented attacks that could lead to even higher financial, societal and reputational damage in the future. Increasingly sophisticated use of spyware technologies, were also highlighted in the report. These have allowed for targeted attacks against journalists and civil rights activists across geographies spurring a wave of political and industrial blowback in the form of government sanctions and lawsuits. A story which Cyber magazine has reported on many times in recent months. The ability to tailor attacks at will includes timing them for when cybersecurity teams and leadership could be distracted by other priorities, said
the report, such as during peak COVID-19 outbreaks or a natural disaster. Cyber threat actors are also accessing higher-quality and more sensitive information from victims and deepfake technology is allowing cyber threat actors to improve social engineering ploys, proliferate disinformation and wreak societal havoc, especially at times of high volatility. Carolina Klint, Risk Management Leader, Continental Europe, Marsh, said: “As companies recover from the pandemic, they are rightly sharpening their focus on organisational resilience and ESG credentials. With cyber threats now growing faster than our ability to eradicate them permanently, it is clear that neither resilience nor governance are possible without credible and sophisticated cyber risk management plans. Similarly, organisations need to start understanding their space risks, particularly the risk to satellites on which we have become increasingly reliant, given the rise in geopolitical ambitions and tensions.”
cybermagazine.com
45
CYBER SECURITY
Global Risks Report 2022 Press Conference
Cybersecurity failure Survey respondents ranked ‘cybersecurity failure’ among the top 10 risks that have worsened most since the start of the COVID-19 crisis. Moreover, 85% of the Cybersecurity Leadership Community of the World Economic Forum stressed that ransomware is becoming a dangerously growing threat and presents a major concern for public safety. At a regional level, ‘cybersecurity failure’ ranks as a top five risk in East Asia and the Pacific as well as in Europe, while Australia, Great Britain, Ireland and New Zealand ranked it as the number one risk. Many small, highly digitalised economies, such as Denmark, Israel, Japan, Taiwan (China), Singapore and the United Arab Emirates, also ranked the risk as a top five concern. Already-stretched IT and cybersecurity professionals are under an increasing burden, not only because of the expansion of remote work but also because of the 46
March 2022
growing complexity of regulations for data and privacy, even though such regulations are critical to ensuring public trust in digital systems, the report found. There is also an undersupply of cyber professionals, a gap of more than three million worldwide, who can provide cyber leadership, test and secure systems, and train people in digital hygiene. As with other key commodities, a continued lack of cybersecurity professionals could ultimately hamper economic growth, although new initiatives to “democratise” cybersecurity, for example, by providing free cybersecurity risk management tools, could help fill some of the gaps for small businesses or other institutions, the report said. The report talked of concerns that quantum computing could be powerful enough to break encryption keys, which poses a significant security risk because of the sensitivity and criticality of the financial, personal and other data protected by these
CYBER SECURITY
“ Global leaders must come together and adopt a coordinated multistakeholder approach to tackle unrelenting global challenges” SAADIA ZAHIDI
MANAGING DIRECTOR, WORLD ECONOMIC FORUM
keys. The emergence of the metaverse could also expand the attack surface for malicious actors by creating more entry points for malware and data breaches. As the value of digital commerce in the metaverse grows in scope and scale, by some estimates projected to be over US$800 billion by 2024, these types of attacks will grow in
frequency and aggression. The myriad forms of digital property such as NFT art collections and digital real estate could further entice criminal activity. Cyberesilience solutions The report said that companies must act ahead of new regulatory shafts, as the political undercurrents / geopolitical tensions between various countries might impact cross-border data flows. For governments attempting to prevent cybersecurity failures, patchwork enforcement mechanisms across jurisdictions continue to hamper efforts to control cybercrime, the report found. Geopolitical rifts hinder potential cross-border collaboration, with some governments unwilling or unable to regulate cyber intrusions that originate inside and impact outside their borders. Unsurprisingly, given the geopolitical tensions around digital sovereignty, according to the survey respondents, “cross-border cyberattacks and
cybermagazine.com
47
CYBER SECURITY
misinformation” and “artificial intelligence” were among the areas with the least “established” or “effective” international risk mitigation efforts. The report said that Government at all levels faces mounting responsibilities and many are struggling to uphold their end of the digital social contract: securing critical infrastructure; addressing threats to “epistemic security” from disinformation; protecting the integrity of civic processes and public services; legislating against cybercrime; training and educating populaces around cyber literacy; regulating digital service providers; and ensuring the availability of resources, such as rare-earth minerals, for the digital economy. The necessary oversight could lead to overreach as governments move to shut down systems, erect higher digital barriers or embark on digital colonisation (by monopolising digital systems) for geopolitical ends.
In conclusion, the WEF said that as our reliance on digital technologies grows and Internet 3.0 becomes reality, efforts aimed at building norms and defining rules of behaviour for all stakeholders in cyberspace are intensifying. While multistakeholder international dialogues can help strengthen links between actors operating in the digital security realm, cooperation between organisations could unlock best practices that can be replicated across industries and economies. Saadia Zahidi, Managing Director, World Economic Forum says: “Health and economic disruptions are compounding social cleavages. This is creating tensions at a time when collaboration within societies and among the international community will be fundamental to ensure a more even and rapid global recovery. Global leaders must come together and adopt a coordinated multistakeholder approach to tackle
How businesses and Government should tackle cyber threats Chaitra Chandrasekhar and Paul Mee from American management consulting firm Oliver Wyman believe businesses and governments must fight cyber threats together as both sides are vulnerable and the job is too big for either to handle alone. “Governments have a broad view of potential threats through law enforcement and intelligence capabilities, but they tend to see things through a national security lens rather than commercial risk. Companies have firm- and sector-specific risk information and often enjoy better
48
March 2022
access to cybersecurity talent, but they can’t easily take an economy-wide view and may find themselves overwhelmed by state sponsored attackers. What’s needed is for both sides to pool their resources for a more concerted defense,” says Chandrasekhar. They’ve put together four ways that Government and businesses can join forces in the battle for cybersecurity. 1. Share their threat intelligence 2. Align cyber education with market needs 3. Sharpen incident response 4. Build security by design
“ What’s needed is for both sides to pool their resources for a more concerted defense” CHAITRA CHANDRASEKHAR PARTNER, OLIVER WYMAN
unrelenting global challenges and build resilience ahead of the next crisis.” The WEF says initiatives should focus on emerging technologies, such as blockchain, quantum and artificial intelligence, as well as the modes of digital exchange they facilitate, like the metaverse. Leaders must
remain attentive to perennial concerns like cybercrime and ransomware attacks as well. At the organisational level, upskilling leaders on cybersecurity issues and elevating emerging cyber risks to board-level conversations will strengthen cyber-resilience. In a deeply connected society, digital trust is the currency that facilitates future innovation and prosperity. Trustworthy technologies, in turn, represent the foundation on which the scaffolding of a fair and cohesive society is built. Unless we act to improve digital trust with intentional and persistent trust-building initiatives, the digital world will continue to drift towards fragmentation and the promise of one of the most dynamic eras of human progress may be lost, the WEN concluded. cybermagazine.com
49
BACK TO THE FUTURE WRITTEN BY: JANET BRICE
50
March 2022
PRODUCED BY: TOM VENTURO
PRESIDIO
cybermagazine.com
51
PRESIDIO
Pioneering ransomware can now predict, identify, protect, detect, and respond to attacks by turning back the clock
S
top ransomware in its tracks by turning back time.” Sounds too good to be true? Well take a look at a revolutionary new platform launched by Presidio – a global digital services and solutions provider. The Ransomware Mitigation Kit gives organisations an end-to-end white glove service to identify and protect against cyber threats, detect, and respond to risks as they occur. “The ability for an organisation to identify and respond to cybersecurity incidents could mean the difference between a minor disruption and a potential catastrophic event,” said Dave Trader, Field CISO at US-based Presidio who points out cybercrime is expected to grow by 15% over the next five years - reaching $10.5 trillion USD annually by 2025 according to Cybersecurity Ventures. Trader, who can build a cyber security program from the ground up, joined Presidio in 2019 and has a background in the Marines. He notes that companies have to get the basics in place, digital transformation, cloud, data, cyber and network. “We are pioneers with our ability to address and mitigate ransomware attacks. It is a new frontier against cyber crime which is not being done by other cloud providers,” said Trader. 52
March 2022
Example of an image caption cybermagazine.com
53
PRESIDIO
Presidio: Back to the future
Presidio recognises that there is no one silver bullet to mitigating ransomware attacks. The Presidio strategy requires a layered approach and a team that is on top of emerging threats. The Ransomware Mitigation Kit maximizes the benefits of best-in-class security technology, as provided with the combination of Presidio, CrowdStrike and AWS. Back to the future Clients will appreciate being able to recover to where they were one hour before the attack. Recovery time means a quick restart, rather than a complete rebuild of the backbone, infrastructure, or databases. The innovative solution essentially turns the clock back and takes away the weapon that cyber adversaries have been using which is to hold data to ransom and halt production. “I've seen catastrophic ransomware attacks that have brought companies to their knees, because they were just not able 54
March 2022
to defend themselves. But once this is set up, we can roll back to an hour before it happened and restore everything the way that it was. Clients will appreciate being able to recover to one hour before the attack, instead of possibly recovering to a point from weeks ago. Recovery time means a quick restart with minimal loss, rather than a complete rebuild of the backbone, infrastructure, or databases. “We can then take our security operations and point it at that incident response and look at the digital forensics of the system that was affected, register it with CrowdStrike and it's no longer a zero day.” The revolutionary new platform from Presidio defends against ransomware and sophisticated cyberattacks through a comprehensive service that combines leading security capabilities of Presidio, CrowdStrike, and CloudEndure, an Amazon Web Services (AWS) company.
PRESIDIO
DAVE TRADER TITLE: FIELD CISO AT PRESIDIO INDUSTRY: TECHNOLOGY SECURITY LOCATION: NEW YORK
DAVE TRADER FIELD CISO, PRESIDIO
EXECUTIVE BIO
“ THE ABILITY FOR AN ORGANISATION TO IDENTIFY AND RESPOND TO CYBERSECURITY INCIDENTS COULD MEAN THE DIFFERENCE BETWEEN A MINOR DISRUPTION AND A POTENTIAL CATASTROPHIC EVENT”
Dave Trader has been in Cyber Security for more than 20 years. Trader began his career as a Marine, where he specialised in encryption as a Signals Intelligence and Communications expert. He has spent time as a CISO prior to joining Presidio, and is certified in more than 70 different areas of CyberSecurity. Dave specialises in high-security environments, Incident Response, SOC Operations, and security architecture and has been a preferred cybersecurity consultant to Fortune 100 companies for securing their environments.
The Data-Driven Security Platform for the Cloud Lacework Simplifies Security by Learning Your Cloud Environment for You Learn everything about your cloud environment and narrow it down to what matters most. Lacework takes millions of incoming data points, correlates them into behaviors, detects all potential security events, and then helps you focus on the critical security risks that you need to take action on.
Want to learn more about Lacework by watching a quick demo or checking out a white paper? Click this link or scan the QR code to get access to the demo and other materials all at once!
info@lacework.net
PRESIDIO
“Tens of thousands of cybersecurity events occur on a daily basis that have the potential to cripple an organisation for weeks or months at a time. It’s not a matter of if your organisation will experience a crippling cyber event, it’s a matter of when. Preparation is critical. Our new solution can stop ransomware in its tracks, saving immeasurable time, resources, and money,” said Trader. The company has demonstrated its expertise in helping customers design, architect, build, migrate and manage their workloads by building close partnerships with all the major infrastructure, security, and cloud providers. Some of the strategic partners in this scenario include Lacework, Trend Micro and Fortinet. Presidio’s relationships and deep understanding of all areas of technology has helped Presidio to achieve Premier Partner status within the AWS partner network in 2021.
The Ransomware Mitigation Kit offers: • Visibility and breach protection across all digital assets • Strong cloud security foundation to defend against ransomware and sophisticated cyber events • Detection and attack prevention, leveraging community immunity • Swift response and attack mitigation, preventing lateral spread of ransomware to other devices within or outside of the organisation • Backup and recovery allow an organisation to reclaim and restore all lost or compromised data and applications to their state prior to the attack cybermagazine.com
57
PRESIDIO
“ THE ABILITY FOR AN ORGANISATION TO IDENTIFY AND RESPOND TO CYBERSECURITY INCIDENTS COULD MEAN THE DIFFERENCE BETWEEN A MINOR DISRUPTION AND A POTENTIAL CATASTROPHIC EVENT” DAVE TRADER FIELD CISO, PRESIDIO
According to Trader, previous approaches to ransomware mitigation and cyber protection were bifurcated, disjointed, and required reliance on mutable backups. As attacks and malicious activity become more sophisticated; prevention, detection and response to attacks must become more agile. Leveraging Artificial Intelligence (AI) and automation, the Ransomware Mitigation Kit eliminates most manual effort, dramatically cutting down on the time, money and resources needed to combat bad actors. Founded in 2003, Presidio is a global digital services and solutions provider accelerating business transformation through secured technology 58
March 2022
modernisation. Highly skilled teams of engineers and solutions architects with deep expertise across cloud, security, networking, and modern data center infrastructure help customers acquire, deploy, and operate technology that delivers impactful business outcomes. Virtual Security Operations Centre Since joining Presidio Trader has doubled down on virtual security operations centre (vSOC) services. A vSOC is an outsourced, comprehensive, round-the-clock data monitoring solution that enables a company to identify threats as they arise. Companies are recognizing that security can't be an optional add-on anymore. Security baked into everything from
code to the DevSecOps, right through to deployment at the edge. This is what Trader calls ‘intrinsic security’. He believes that security be in the process every step of the way. “We saw a gap in the market where we found companies building their own vSOC. It can work for a while, but companies end up overwhelming their entire team as the scope and scale of vulnerabilities continue to grow. They were looking for some help. We saw an opportunity to bring in our expertise and promote internal enterprise security teams so they can handle major events, while we dealt with the day-to-day incidents to protect their environment. We have been able to build tremendous client value in a close-knit relationship.”
Another benefit for Presidio's vSOC is its portability. Clients can stay with platforms they have in place – automation enables the solution to run without the end user noticing any change. The “Cloud Right” Approach Since early 2020 the market has seen a rush to migrate to the cloud while supporting a remote workforce. “We are trying to get applications closer to the user, which raises issues around latency and security concerns about the right way to achieve that,” says Trader. “We have moved from 'cloud first' to 'cloud right'. We start with an evaluation so that we can advise as to whether cloud is best for this client and if so - in what configuration. cybermagazine.com
59
SIMPLIFY, CONNECT AND PROTECT YOUR ENTIRE CLOUD ENVIRONMENT Trend Micro Cloud One™ and Presidio Cloud Services introduce a comprehensive offering designed to meet your cloud security needs. Sign up to schedule your free assessment(s) for immediate, actionable intelligence here or scan the QR code below.
Please scan for your free assessment(s)
PRESIDIO
“Customers tell us they had no idea that level of automation was even possible and are really enjoying the insights and outputs they are getting through being able to leverage the automation we have baked in through APIs,” he said. Secure Access Service Edge The Secure Access Service Edge (SASE) is at the forefront of Trader’s strategy for remote workers. “Latency became a problem. We had engineering companies and architects that were spending six or seven hours downloading blueprints they were working on at home, rather than the secure networks they had in the office. That placed a focus on identity access management and real-time assessment of the end user at the endpoint. That is why identity is so important: the perimeter has shifted.” Addressing the endpoint required User and Entity Behaviour Analytics (UEBA) is a process of gathering insight into the network events that users generate every day. One example describes the 'impossible traveller' where a user appears to interact with the same resource from two different locations but could not possibly have made that trip in that time. “We'd recommend the user add another layer of validation called twofactor authentication. We are seeing more companies adopt that approach, which is very encouraging,” says Trader. To further protect the business, Presidio has incorporated Managed Detection and Response (MDR) to automatically detect such compromises, and to isolate or quarantine those offending users within seconds. Partnerships with Lacework, Trend Micro and Fortinet In the war against cyber attackers, a rich ecosystem of partners is vital, and Presidio’s approach is to find the right partners for each
client situation. “I rely on dozens of partners to bring to the table including vendors such as Lacework, Trend Micro and Fortinet,” said Trader. Lacework is the data security platform for the cloud which uses a patented Polygraph system which has cracked the code for how to leverage the massive scale, complexity, and containerisation of cloud computing to redefine a modern approach to security. Presidio leverages Lacework to gain additional visibility on a decentralised model of the data. It focuses on anomaly detection and leveraging Entity and User Behaviour Analytics (EUBA). Trader uses the analogy of sunspots to show how they can identify anomalies in data. “If you're looking at the sun and you've got different flares that pop off – those are anomalies. If we focus on normalised data, we're going to be pulling our hair out because that’s massive, so we need to focus on those anomalies. cybermagazine.com
61
62
March 2022
PRESIDIO
“YOU HAVE TO GET THE BASE FUNDAMENTAL RIGHT WHEN IT COMES TO SECURING YOUR COMPANY BEFORE YOU CAN THINK ABOUT BRINGING IN PRESIDIO TO PROVIDE THE FULL STACK, FULL STOP” DAVE TRADER FIELD CISO, PRESIDIO
“Lacework has implemented a feature called polygraph that gives us additional visibility into cloud workload security. Lacework has done a fantastic job of applying machine learning and AI.They pull the covers back and show what that science looks like.” “It helps me to look into these cloud environments ahead of time and apply that technology to that cloud assessment. Then I can pinpoint the risk profile that I have for this particular workload and identify how to fix it. Lacework maps that right out for you. It’s all about anomaly detection and focusing on EUBA.” Presidio also works with Trend Micro which uses advanced AI learning to enable resilience in cybersecurity for businesses, governments, and consumers with connected solutions across cloud workloads, endpoints, email, OT, and networks. Trader appreciates Trend Micro’s ability to scale effectively across the board. “When it comes to massive environments, they're able to get that data under control, scrutinise that data, help us mitigate, and remediate.” Another important player in this space is Fortinet which secures the largest enterprise, service provider, and government organisations around the world. The Fortinet Security Fabric architecture can deliver security without compromise to address the most critical
security challenges, whether in networked, application, cloud, or mobile environments. Trader identifies Fortinet as doing a tremendous job around identity access management. “With Fortinet, you're able to really leverage the entire ecosystem of all the different disciplines between their next generation firewall systems. “They have the ability to have all those product lines working in harmony, and they can distill that information. We start with wanting to understand the success criteria, and figure out if this is allowed, or not, in the client’s environment, and they manage it seamlessly. That harmony is so important. I have to stress this to my CISO friends that harmony allows us to really have bigger conversations around zero trust networking and new methodologies.” When Cyber magazine first spoke to Trader last year he predicted “monumental opportunities in what our security practice can accomplish in 2021” - how right he was. “I don't believe in silver bullets when it comes to cybersecurity, because I do respect the adversary, but I do think Presidio has shown a pioneering spirit to come up with this groundbreaking ransomware solution.”
cybermagazine.com
63
THE CHANGING FACE OF NETWORK SECURITY High profile cyber threats have increased the demand for network security across the globe. Cyber explores the on-premise network security landscape WRITTEN BY: VIKKI DAVIES
T
he global network security market is growing. According to insights from international consulting firm, Fortune Business Insights, this market is projected to grow from US$27.39bn in 2021 to US$60.38bn in 2028 at a CAGR of 12% in seven years. A rising connected digital world that requires continuous data security and services from any location is boosting demand for the software. Subsequently companies are launching multiple hosting
64
March 2022
environments where all mobile and fixed devices are connected to the server, thus increasing the risk of data security. The more users, devices, and applications you add, the more vulnerable the network becomes. Jeremy Jurgens, Managing Director of the World Economic Forum says: “As human behaviour and interaction continue to be shaped by increasingly ubiquitous technologies, organisations must continuously adapt their capabilities to deal with and prevent malicious actors
NETWORKS & APPLICATIONS
“ Threat actor groups are already conducting these attacks on a daily basis in order to obtain a foothold into energy corporations’ cloud infrastructure” MATTHEW ROACH
KPMG, UK'S HEAD OF I-4
from taking advantage of the shifting technological landscape. “The accelerated shift to remote working during the COVID-19 pandemic coupled with recent high-profile cyberattacks have resulted in bringing cybersecurity top of mind among key decision makers in organisations.” Increase in DDos attacks and malware Unsurprisingly the network has become a prominent channel for disrupting an organisation’s data and IT teams are seeing cybermagazine.com
65
ADVERT PAGE MEDIA SALE
The power to do great things. Transforming IT and cybersecurity Our team of cyber experts have a proven track record of delivering agile, game-changing cyber solutions. These solutions and services ensure an adaptive defense strategy, offensive threat protection, and a resilient security posture. Let us provide you the power to perform at your best.
leidos.com/cyber
NETWORKS & APPLICATIONS
“ The accelerated shift to remote working during the COVID-19 pandemic coupled with recent highprofile cyberattacks have resulted in bringing cybersecurity top of mind” JEREMY JURGENS
MANAGING DIRECTOR, THE WORLD ECONOMIC FORUM
major DDos attacks coupled with various viruses and malware entering directly through the network. According to a report by cybersecurity researchers at Netscout, there were 5.4 million recorded DDoS attacks during the first half of 2021, a figure that represents an 11% rise compared with the same period in 2020. The company puts the rise down to the COVID pandemic, which it says “provided an enormous opportunity for cyber threat innovation”.
Malware attacks are also a major problem for business networks. Every day, the AV-TEST Institute says it registers over 450,000 new malicious programs (malware) and potentially unwanted applications (PUA). In 2020, 61% of organisations experienced malware activity that spread from one employee to another, according to Mimecast’s State of Email Security 2021 report (SOES). In 2021, that number rose to %, its highest since the SOES survey began in 2016. Increases in the employee-to-employee spreading of malware could, again, be put down to the COVID pandemic and more employees working from home and encountering more distractions there. Phishing attacks are also becoming more sophisticated could also have affected the increase. cybermagazine.com
67
NETWORKS & APPLICATIONS
“ Network security controls need a boost in both agility and security as using traditional security approaches simply will not work anymore” KURT GLAZEMAKERS CTO, APPGATE
And of course ransomware is a huge threat to network security. Ransomware is one of the fastest-growing malware hazards of the 21st century, threatening businesses and public institutions around the world and according to David Ferbrache, Global Head of Cyber Futures at KPMG: “Ransomware isn’t going anywhere and there’s evidence that remote working increases the risk of a successful ransomware attack significantly.” Demand for network security software COVID related working patterns, rising demand for smartphones and increasing internet penetration in remote areas, as well as offices implementing bring your own devices policies is boosting demand for network security software and creating the need for secured data transmission. Reportlinker predicts that The global network security appliance market will grow by $8.82 bn during 2022-2026 in its latest Global Network Security Appliance Market 2022 report. The study found that increasing adoption of high performance computer (HPC) systems by businesses and enterprises was one of the prime factors driving the network security appliance market growth. The Co-Founder of SaaS Management Platform Zluri, Ritish Reddy, says he’s concerned that organisations are buying more systems to protect themselves than they are using. “Companies are buying SaaS solutions for everything, but are 68
March 2022
NETWORKS & APPLICATIONS
they making use of them? Over the last 12 months we have seen global adoption of SaaS Management Platforms increase at an accelerated pace. Orchestrating SaaS applications in organisations and helping them maximize ROI on continually increasing SaaS spend is a large problem statement that requires significant operational effort from IT Teams.” High profile attacks Business and IT leaders all over the world are replacing legacy, on-premises network technology with flexible, scalable, and cost-effective computing power in the cloud. Yet, many CISO’s are increasingly concerned about the security risks associated with the increased use of the public cloud. 94% of organisations in ENEA Qosmos Division’s CISO cloud / SAAS Security Report said they are extremely, to moderately concerned about cloud security. A further 77% said they were concerned about the malware infection of connected devices in the cloud. Kurt Glazemakers, CTO at Appgate says: "More organisations will start adopting modern cloud driven, containerised, automated development methods, using advanced automated deploy processes (devops) to speed up development cycles this year. Network security controls need a similar boost in both agility and security as using traditional security approaches simply will not work anymore.” The amount of high-profile incidents at companies including SolarWinds, Microsoft, T-Mobile, Facebook and Acer that successfully find ways around endpoint and perimeter defences and remain hidden and active in networks for a long time, have also left CISOs incredibly concerned. And for good reason. cybermagazine.com
69
NETWORKS & APPLICATIONS
“ Companies are buying SaaS solutions for everything, but are they making use of them?” RITISH REDDY
CO-FOUNDER, SAAS MANAGEMENT PLATFORM ZLURI
KPMG UK's Head of i-4, Matthew Roach said he expects to see public cloud attacks on the energy industry’s networks in 2022. “Many companies in energy are heavy users of public cloud which is considered less secure than its alternatives, therefore, it is reasonable to assume these will be subjected to increased attacks. Threat actor groups are already conducting these attacks on a daily basis in order to obtain a foothold into energy corporations’ cloud infrastructure.” Network security in 2022 and beyond There is no doubt that the pandemic has rapidly expanded digital adoption and 70
March 2022
as a result, the threat surface has also grown. Threats to networks are multiplying and there is a growing complexity for organisations caused by the accelerated adoption of cloud and hybrid networks, not to mention the pandemic-fueled new remote workforce. Businesses have an ever-increasing drive for agility, speed of innovation and impeccable user experiences and need to invest in network security policy management systems. Five hundred directors, vice presidents and C-Suite execs involved in IT security for organisations of between 1,001 to 10,000plus employees were surveyed about their thoughts on the future of network security,
revealing that top-of-mind concerns include Zero Trust, Secure Access Service Edge, automation and more. The survey, ‘The Future of Network Security’ was conducted by FireMon, which offers a security policy platform for firewalls and cloud security groups, and Pulse Media, a social research platform/ knowledge community. Nearly 80% of respondents indicated that their organisations will implement security orchestration and automation in the next two years. What's more, almost all (98%) have already implemented automated security policies in some manner.
The survey further explored security policies, finding that more than nine in 10 organisations agree that network security policy management is a strategic investment to help them improve speed and responsiveness, though only nine percent have completely automated their security policies. Organisations are still adjusting to the new normal of network security and figuring out how to protect their data and their employees. The current threat environment requires IT teams to plan for the future and invest in systems and training so that workforces can ensure their network security goes beyond the basics for it to be effective. cybermagazine.com
71
Photo Credit: ICON Group
72
March 2022
Building a world WITHOUT FEAR OF CANCER WRITTEN BY: HELEN ADAMS PRODUCED BY: KRIS PALMER
cybermagazine.com
73
VARIAN
Managing Director Rebecca Cortiula explains how she’s taking Varian forward after being acquired by Siemens Healthineers
G
lobal oncology company Varian, now part of Siemens Healthineers, is dedicated to creating a ‘world without fear of cancer’. Headquartered in Palo Alto California, USA, it has 10,000 employees globally. Rebecca Cortiula is the Senior Managing Director for Varian Australasia, based in Sydney. She is responsible for improving access to radiation therapy for cancer patients in Australia and New Zealand. Rebecca entered healthcare in 1992 as a hospital scientist at a blood bank. She says the environment has changed remarkably since. “Some of the big changes I’ve seen are in automation and the reduction in manual and repetitive tasks within hospitals,” says Rebecca. “I used to work in the laboratory system. The industry has moved from people in lab coats manually running tests to machines that can run multiple tasks within one system.” Patients are also more engaged in their healthcare today. Access to large amounts of healthcare information means they can take a more active role. “We’re ensuring that patient feedback is central to decisions around care,” explains Rebecca. “There is a multi-disciplinary component to that, where physicians with different areas of expertise have to come in. They make decisions on the best treatment options for a patient, taking patient preferences into account along the way.”
74
March 2022
Example of Photo Credit: an ICON imageGroup caption cybermagazine.com
75
VARIAN
Remaining agile in such an environment is vital, so Rebecca is always looking to learn from new ideas and approaches. She undertook years of study prior to entering the workforce, first studying biochemical science at The University of Technology Sydney. Now Rebecca is studying a Master’s degree in Health Economics. “My kids think I’m way too old to be at uni,” laughs Rebecca. “Continued learning and continuing to add value to the business and to customers – that is what motivates me. We are very fortunate in Australia that we’re able to access continued education. The landscape in healthcare is changing and a growth mindset is a major competitive advantage.”
“ Members of our team have endured hotel quarantine to ensure that there was no breakdown in service support for our patients” REBECCA CORTIULA
SENIOR MANAGING DIRECTOR, VARIAN
“It helps you be comfortable taking personal risks and striving for higher stretch goals. That generally leads to higher motivation and development, which means lower stress, lower anxiety, lower chances of depression and a higher performance overall. It helps you come up with new ideas and novel solutions for patient care.” Rebecca is conscious to take care of her wellbeing while managing multiple priorities. “I try to make sure that I get fresh air and sunshine every day - even 15 minutes at lunchtime,” she says. “I do try to get a walk in each morning. I'll listen to a podcast and gather some new perspectives. At bedtime, I’ve got to wind down and I do that by reading. The only screen time I have is my Kindle, then I can switch off and get a decent night's sleep.” While the healthcare environment has evolved, some things remain frustratingly similar. Gender diversity is one area that needs greater attention. “I was looking at the latest gender gap report, and unfortunately we appear to have gone backwards. We won’t close the gap for another 125 years – which is a really scary statistic. I think it’s so 76
March 2022
REBECCA CORTIULA TITLE: SENIOR MANAGING DIRECTOR INDUSTRY: MEDICAL DEVICES LOCATION: AUSTRALIA
EXECUTIVE BIO
Rebecca Cortiula is the Senior Managing Director at Varian Medical Systems, Australasia. She has been working within Australian Healthcare for over 20 years. Before joining the medical technology industry, she worked as a Hospital Scientist as well as for the Australian Red Cross Blood Service. Rebecca is a serving board member of the Medical Technology Association Australia and Chair of the Women in MedTech Committee. She holds a BA from the University of Technology majoring in Immunohaematology; an Executive MBA from the AGSM and is an Order of Merit graduate from the Australian Institute of Company Directors. Rebecca is passionate about healthcare and ensuring Australia has a sustainable healthcare system that can be accessed by all. Rebecca lives in Sydney, Australia with her husband and two children.
cybermagazine.com
77
important to understand bias and ensure all groups are treated equally, whether in our organisation or in society in general.” “If we can't have equity for 50% of our population, how are we ever going to move the dial on diversity overall and ensure we have equitable treatment for minority groups within our society? I’m Chair of the Medical Technology Associations Women in MedTech Committee. We focus on promoting the benefits of gender diversity within the workplace, providing tools and support to MedTech companies.” 78
March 2022
Building a world where cancer doesn’t hold the fear it does today By 2050, some experts think it will be possible to make cancer a manageable disease, similar to diabetes. “A cancer diagnosis will no longer hold the fear it does today - both for the patient and for their families. There’s a lot of emerging treatments that have the potential to deliver better treatment outcomes and improve both the convenience and the quality of life for cancer patients.
VARIAN
“ Location is no longer a major barrier to access. E-Health is now an option for patients” REBECCA CORTIULA
SENIOR MANAGING DIRECTOR, VARIAN
“It requires a multidisciplinary approach: radiation therapy, surgery, pharmaceuticals, in-hospital care, outside of hospital care. That continuation of care is really important for the patients and relies on the whole healthcare ecosystem working together and understanding where we fit into that continuum of care for the patient.” Ensuring radiation therapy is part of this care continuum is central to Rebecca’s role, both from a financial and moral point of view. “Ultimately the responsibility is to ensure that we have a health care system that's sustainable and can continue to provide some of the best healthcare outcomes in the world for every dollar spent in Australia and New Zealand.” “As a business, while we have a responsibility to deliver on financial metrics, we also have to deliver on customer satisfaction and employee engagement.” Rebecca says this dedication to customer satisfaction stood out to her during the pandemic. “For me, I’ve learned just how far we are willing to go to ensure there is continuity of care,” says Rebecca. “Many of the ANZ team have gone over and above during this pandemic - some of our team endured hotel quarantine to ensure there was no disruption to supporting our customers and patients. That was amazing! “A lot of innovative ideas came through the team during this time. We’ve worked with the Australian Society of Medical Imaging and Radiation Therapy to create a registry of licensed radiation therapists, including Varian employees, to support departments. There was concern that teams would have to go into lockdown if there was a major outbreak in a hospital. To avoid a human resource crunch, this database was created to see if another radiation therapist would be needed to step in.” cybermagazine.com
79
VARIAN
Varian also worked with its partners to help the next generation of radiation therapists continue their education, ensuring there is not a knock-on effect to the supply of oncology professionals. “There was a chance that university students were going to see a delay in their ability to graduate as radiation therapists because they weren’t able to complete some of their clinical training,” said Rebecca. “Our training team provided tutorials to over 120 students across four universities to make sure they would be able to graduate on time.” Partnerships are pivotal to treatment continuity and access to care Rebecca says Varian knows it cannot achieve its ambition without the right partners. Varian Australia works with the Peter MacCallum Cancer Centre, a leading cancer research, education and treatment hub in Australia. “We have a longstanding research and development partnership with them. A couple of years ago, we moved to having a managed service with them,” explains Rebecca. “Radiation therapy requires a lot of planning. Once it’s recommended as part of a cancer patient’s treatment, specialists work out the best way to deliver the highest possible dose to the tumour while avoiding healthy cells. This requires a lot of data. Our software and the work we did with Peter McCallum Center in Victoria allowed them to do all of that work remotely.” “We took on some of the responsibility around their IT infrastructure and software, ensuring they’re up and running at all times, and that safety and security systems are in place. This allowed us to bring the remote planning solutions to them during the pandemic period, making sure the highest quality of care continued for their patients.” 80
March 2022
“ Recent cyber attacks have really highlighted the impact on patients and healthcare professionals” REBECCA CORTIULA
SENIOR MANAGING DIRECTOR, VARIAN
While remote care has obvious advantages, it has also made cyber security a priority for the business. “Recent cyberattacks have really highlighted the impact on treatment continuity,” says Rebecca. “For us this is an extremely important topic. It’s a critical focus to protect the integrity of patient information. We are collaborating with our partners to ensure our patient information remains secure. We do regular upgrades to ensure the latest security measures are in place, we have systems that isolate customer segments, we have measures in place to prevent cyber leaping
between silos of information, and then we also have systems that minimize the downtime if a customer system is attacked to ensure we get them back online as quickly as possible.” Varian provides cancer centres with software products for managing the patient's journey from diagnosis to survivorship. “This software contains lots of tools and features that allow clinicians to work remotely and collaborate between clinics and healthcare systems,” explains Rebecca. “In the past, for rarer types of tumours, patients might have to travel greater distances to get to a centre with the cybermagazine.com
81
“ The landscape in healthcare is changing and a growth mindset is a major competitive advantage” REBECCA CORTIULA
SENIOR MANAGING DIRECTOR, VARIAN
expertise to manage that challenge. These remote solutions mean the information can be shared. Location is no longer a major barrier to access. What we discovered was that these remote solutions could be implemented in the pandemic as a way of managing the workflow. It does mean that
VARIAN
remote areas are not disadvantaged when it comes to accessing cancer treatment. E-Health is now an option for patients.” For those who still need to travel, Varian Australia works with the Sony Foundation, which provides young cancer patients with accommodation and support during their treatment. “Regional Australians do have, unfortunately, greater challenges
getting access to radiation therapy. So we've partnered with them to provide some funding for their accommodation, and we get to know their background and create a kind of care package for them with magazines and food from the local area. It just lets them know there are other people out there who care about what's happening.” Support from Siemens will allow for a more comprehensive cancer care offering In April 2021, Siemens Healthineers completed their acquisition of Varian. Cortiula believes the two companies can drive faster progress in cancer care together. “It means we can fast-track our vision for a world without fear of cancer,” said Cortiula. “It allows us to ensure the best outcomes can be reached by combining people, technology and data. Siemens has some of the best imaging technology available. I see this as an opportunity to really accelerate our product development.” So, what does the future hold for the combined businesses? “Varian’s approach is still centred around intelligent cancer care and driving progress for cancer care for the next 30 years and beyond,” says Rebecca. “I see us accelerating our use of software automated processes and helping oncology professionals collaborate and develop more precise and holistic cancer treatments. We’ll see greater cooperation between research institutions oncology practices. Multidisciplinary teams working together with a whole of care approach, so that no matter where the patient is located, they can get access to the best possible quality care.”
cybermagazine.com
83
84
March 2022
DIGITAL ECOSYSTEMS
5 Cybersecurity Threats Affecting Insurance Companies in 2022 WRITTEN BY: VIKKI DAVIES
With cyber attacks on the insurance industry increasing in size and scale, Cyber magazine looks in depth at IntSights, a Rapid 7 Company’s 2022 Insurance Industry Cyber Threat Landscape Report
T
he insurance industry is increasingly being targeted by a myriad of cyberattacks. Much like many other sectors, ransomware is a top threat to the industry due in part to the role of cyber insurance coverage of ransomware attacks. Yet it is also falling foul to other types of attack. Because insurance companies possess a great deal of personally identifiable information (PII) on their retail business-to-consumer (B2C) policyholders that bad actors can use for fraud and other malicious purposes, insurance fraud is also a big threat to the industry. In addition, hacktivists have been known to target insurance companies for ideological reasons and the PII of B2C policyholders is also useful to state sponsored threat actors because of the amount of detail that it contains.
Paul Prudhomme, Head of Threat Intelligence Advisory at IntSights, a Rapid7 company says: “The insurance industry has been a key target for ransomware gangs and other threat actors due to the role insurance firms play in cyber insurance coverage and the significant amounts of Personally Identifiable Information (PII) they hold. “Breaches of insurance companies result in cyber criminals being able to find the policy details and security standards of their cyber insurance customers and use stolen information for fraud or cyber attacks later down the line. “We’ve seen threat actors target a variety of insurance companies from the automobile and agricultural industry to the healthcare sector. With different insurance companies being targeted by different threat actors it doesn’t make sense for organisations to have the same cybersecurity solutions in place to combat them. Rather, organisations need individually tailored security policies in place which provide context around which threat actors are targeting them, what they are after and what techniques they may use. By having access to such intelligence, insurance companies can put themselves on the front foot against attackers.” cybermagazine.com
85
Enabling educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience. EXPLORE THE 3D EXPERIENCE
DIGITAL ECOSYSTEMS
Using insights from threat Intelligence Cyber insurance coverage for ransomware business IntSights, a Rapid7 company’s attacks, particularly coverage of ransom recent 2022 Insurance Industry Cyber Threat payments, makes companies more attractive Landscape Report, we’ve put together five of targets to ransomware operators due to the the biggest cybersecurity perception that those threats facing insurers at policyholders are more “WE’VE SEEN a global level. likely to pay ransoms if THREAT ACTORS their insurers cover it. The Ransomware details of cyber insurance TARGET A VARIETY attacks on policies, particularly OF INSURANCE insurance companies the maximum ransom COMPANIES FROM Insurers that provide amount that a cyber cyber insurance coverage, insurance policy will THE AUTOMOBILE in particular, are proving to cover, are also very useful AND AGRICULTURAL be more attractive targets to ransomware operators. INDUSTRY TO THE to ransomware operators. Ransomware operators Compromises of their can use that information HEALTHCARE networks would give to calculate an optimal SECTOR” ransomware operators a ransom amount that way to identify and obtain is both high enough PAUL PRUDHOMME policy details and security to maximize profit but HEAD OF THREAT INTELLIGENCE standards for their cyber low enough for victims ADVISORY AT INTSIGHTS, insurance customers. to accept. A RAPID7 COMPANY
1
cybermagazine.com
87
The report also highlighted that the threat of data disclosure has now become a standard component of ransomware attacks and an additional layer of extortion, beyond the traditional focus on merely encrypting files and holding them for ransom. Threatening to dump compromised files on the dark web for further misuse by other criminals aims to put more pressure on victims to pay ransoms, given the potential for the loss of customer confidence and the potential legal or regulatory implications of exposing customer or employee data.
“ORGANISATIONS NEED INDIVIDUALLY TAILORED SECURITY POLICIES IN PLACE WHICH PROVIDE CONTEXT AROUND WHICH THREAT ACTORS ARE TARGETING THEM”
Sale and compromise of B2C policyholder data Aside from enterprise customers, insurance companies also possess a great deal of sensitive information on their individual retail customers that criminals can use for fraud and other malicious purposes. The most important PII data points are dates of birth
and Social Security numbers, or the nonU.S. counterparts thereof (such as taxpayer identification numbers). These serve as key ingredients in identity theft operations, such as fraudulent credit applications. In the context of insurance policyholder data in particular, the most valuable data points, aside from the actual policy details
2
88
March 2022
PAUL PRUDHOMME
HEAD OF THREAT INTELLIGENCE ADVISORY AT INTSIGHTS, A RAPID7 COMPANY
DIGITAL ECOSYSTEMS
themselves, are often identity document numbers and scans, such as for passports and drivers’ licenses. Auto insurance companies are another source of PII and other data points that criminals can use for fraud and other malicious purposes. Attackers can also use already compromised PII from other sources to try to obtain more PII from insurers’ automated quote tools, particularly for car insurance. The report found that compromises at healthcare providers are a significant source of exposure for health insurance providers. Health insurance policy details are one of several types of data points that make healthcare providers valuable targets for criminals serving the fraud market. The compromised protected health information (PHI) in the patient records of hospitals, medical practices, and other healthcare providers often contains policy details that criminal buyers can use for insurance fraud, along with
the dates of birth and Social Security numbers that identity thieves can use for fraudulent credit applications. Attackers can also use already compromised PII from other sources to try to obtain more PII from insurers’ automated quote tools, particularly for car insurance. COVID-19 related attacks The COVID-19 pandemic has created many opportunities for attackers to exploit, particularly in their attacks on healthcare organisations, to whom this public health crisis is uniquely relevant. For example, the emergence of COVID-19 vaccination and testing records has created a new data set of patient records for attackers to target. The report found that the more frequent use of these PHI records for nonhealth purposes, such as employment, travel, and access to public places, has given attackers more opportunities to
3
cybermagazine.com
89
DIGITAL ECOSYSTEMS
High profile attacks on insurers A ransomware attack on a U.S. insurance company yielded one of the largestever reported ransom payments and one of the most salient examples of inflation in cyber ransom demands. CNA Financial, which provides cyber and other types of insurance, reportedly paid a ransom of US$40 million to Phoenix CryptoLocker ransomware operators in March 2021. The attackers gained initial access to an employee workstation via a malicious browser update on a compromised legitimate website. The attackers moved laterally within the environment until they gained access to credentials with privileges elevated enough to deploy their ransomware payload. The attackers even encrypted files on the machines of remote employees connected to CNA infrastructure via VPN. CNA initially claimed that the attack did not expose its insurance policy details, such as coverage limits. CNA later disclosed that the attackers compromised some personal data, such as Social Security numbers and (in some cases) health insurance details for approximately 75,000 individuals, most of whom were
90
March 2022
current or former employees or contractors or their family members. Ironically, CNA later disclosed that its own cyber insurance coverage would not cover all of its financial losses from this incident. The data disclosure layer of ransomware attacks came to the forefront of a June-September 2020 RagnarLocker ransomware attack on US insurance broker Arthur J. Gallagher (AJG). The duration of the incident suggests that spending time collecting data from the compromised network before deploying ransomware on it was equally or more important to the attackers. Compromised PII data sets included: Social Security and tax identification numbers; identity document numbers; dates of birth; usernames and passwords; bank account and payment card numbers; medical and biometric details; and electronic signatures. Some affected individuals filed a lawsuit against AJG for allegedly failing to protect their PII and to notify them of its compromise in a timely manner, claiming that they had suffered identity theft as a result.
DIGITAL ECOSYSTEMS
target them. As with other State-sponsored “THE patient data sets, COVIDthreats INSURANCE 19 records may include data Fraudsters may be the points that bad actors can INDUSTRY HAS primary consumers of such use for fraud, such as health compromised PII, but stateBEEN A KEY insurance fraud with health sponsored threat actors can also TARGET FOR insurance details, or identity use it in support of intelligence theft with dates of birth and RANSOMWARE operations and for investigative Social Security numbers. Both purposes. The report found that GANGS” public and private health foreign intelligence services insurance providers can collect PII and ingest it into PAUL PRUDHOMME become targets for criminals searchable databases against HEAD OF THREAT INTELLIGENCE and fraudsters. The U.S. is which they conduct targeted ADVISORY AT INTSIGHTS, A RAPID7 COMPANY a top target for criminals queries in support of human due to its affluence, the intelligence (HUMINT) operations large scale of its economy, and the use or signals intelligence (SIGINT) collection. of English. Accordingly, Medicare and The SIGINT components of foreign Medicaid coverage details are popular intelligence services and communities can commodities in these underground monitor phone numbers and email addresses criminal marketplaces. from PII data sets for more coverage of
4
cybermagazine.com
91
92
March 2022
DIGITAL ECOSYSTEMS
“BY HAVING ACCESS TO SUCH INTELLIGENCE, INSURANCE COMPANIES CAN PUT THEMSELVES ON THE FRONT FOOT AGAINST ATTACKERS” PAUL PRUDHOMME
HEAD OF THREAT INTELLIGENCE ADVISORY AT INTSIGHTS, A RAPID7 COMPANY
select persons of interest. Overseas HUMINT operations, with intelligence officers deployed in foreign countries in search of human sources to develop and recruit, often entail queries for more information on persons of interest that they encounter, or as a source of leads for them to pursue for development or recruitment. Other use cases for compromised PII in foreign intelligence services include the vetting of visa applicants, airline passengers, and other travelers for counterterrorism, counternarcotics, or other national security purposes. Identifiers such as dates of birth, Social Security numbers, and identity document numbers often facilitate these queries by enabling analysts to distinguish multiple individuals with the same or similar names, which can be harder if those names are in a foreign language. Hacktivists targeting insurance companies Ideologically motivated hacktivists can also disclose target insurance companies in support of their political or economic goals. The report found that hacktivists often target the financial institutions and government agencies of a given country in the belief that such attacks undermine its political and socio-economic power structure.
5
cybermagazine.com
93
GLOVO
Tech Unicorn Multi-Category App Now Dining at Top Table WRITTEN BY: ALEX TUCK PRODUCED BY: BEN MALTBY
94
March 2022
GLOVO
cybermagazine.com
95
GLOVO
96
March 2022
GLOVO
Director of Security at international delivery app Glovo, Alex Antukh reveals the security strategy that has taken the tech unicorn to the top
A
lexander Antukh is the Director of Security at Glovo, a Barcelona based start-up. Having grown incredibly fast and currently sitting at unicorn status (meaning a start-up with a valuation of at least +€1 billion), they are looking at a number of global new market entries. As part of this rapid growth, there is a significant job to keep their ‘super app’ (similar to the likes of Gojek), secure and safe as the backbone of their organisation. Antukh had to establish a security infrastructure, working closely with Glovo’s technology partners to achieve this. Antukh is a seasoned cybersecurity executive, who is passionate about strategy and enterprise security architecture. Knowledgeable on the principal security frameworks, he has a proven track record of building successful Information security programs from scratch. “I joined Glovo a year ago and I think the most significant market changes were as a result of the pandemic. Our global, multicategory app was able to take the majority of our orders through food delivery. We saw record levels of growth throughout 2020, and we continue seeing the demand following ever-evolving consumer trends accelerated by the pandemic.” In Antukh’s mind, the market is experiencing rapid change as more and more companies are racing to capture cybermagazine.com
97
GLOVO
“ We saw record levels of growth throughout 2020, and we continue seeing the demand following everevolving consumer trends accelerated by the pandemic” ALEXANDER ANTUKH CISO, GLOVO
98
March 2022
specific markets, meaning that “you can carve a niche for yourself. We were multicategory to the very big companies from day one. And I think that puts us in a very good position right now.” Glovo’s security mission The first task for Antukh’s team was to formulate a mission for the company to buy into. We see ourselves as a business and executive function, rather than purely a technical one. So our mission, as we say, is to drive efficient cyber risk management. And we have that goal, that mission in our mind, in whatever we do.”
GLOVO
ALEXANDER ANTUKH TITLE: CISO COMPANY: GLOVO Alexander is a seasoned Cybersecurity Executive passionate about Strategy and Enterprise Security Architecture. He is knowledgeable of the principal security frameworks and has a proven track record of building successful Information Security Programs from scratch.
cybermagazine.com
99
GLOVO
Glovo: Tech unicorn delivery app now dining at top table
The starting point for Antukh is security governance, risk management, and compliance (GRC), which guides the other teams and helps define Glovo’s security objectives. Next is product and platform security, which makes sure that whatever products and whatever code Glovo produces is secure by design. This is followed by corporate security, which is about protecting global work environments. Antukh adds that “that's about security awareness and phishing, secure configuration of our systems and generally everything around user devices.” Cyber defence is next, which ensures Glovo is prepared for security incidents; including protective and detective measures and timely response. Finally, there’s data security function - even though it's already integrated in other areas, we really wanted to be 100
March 2022
“ We see ourselves as a business and executive function, rather than purely a technical one” ALEXANDER ANTUKH CISO, GLOVO
GLOVO
focused specifically on sensitive data identification and protection. “And that's not just about compliance and GDPR, but also our commitment to care about our stakeholders.” said Antukh. Trust built over time Glovo has come a long way as a company in the general understanding of the threats posed to the IT infrastructure. “When we started, we had to develop security training
for our employees. People were quite openminded and that also helped us, as that attitude is part of our global culture.” The importance of explaining the need for security was very important in this process, according to Antukh; “Once we proceeded, it definitely helped not just to say, ‘hey, I'm an expert, just trust me’ .We were able to show why we believe so. We also needed others to believe in it to make it happen, so it was in our best interests to make them cybermagazine.com
101
The most trusted open source password manager for business. Bitwarden offers the easiest and safest way for teams and individuals to store and share sensitive data across unlimited devices.
High-growth Delivery Startup Glovo Boosts Password Security and Compliance with Bitwarden Operating in 25 countries at a current valuation of nearly $1billion, Glovo is one of Europe’s fastest growing startups. Based in Spain, Glovo delivers restaurant takeout orders, groceries, pharmacy, and other products to +4.3 million urban users. The company aims to place in a leaderboard of the “quick-commerce” market in Europe with its convenient ordering app and ultra-rapid delivery times of less than an hour. In the past year, Glovo more than doubled its employee count to more than 3000. When Alexander Antukh joined Glovo as its director of security, some employees used personal password managers while most used nothing at all. Weak passwords were frequent and people shared them among teams, often through the company’s messaging platforms. “Passwords were almost useless,” said Antukh. “Yes, there is a password but if everybody knows it, or you can easily find that in the password lists through brute force, then it’s not very good protection.”
The security team began requiring more complex passwords, but a new challenge emerged. Because the complex passwords were harder to remember, people wrote them down or stored them on their computers, which undermined the point of creating a strong password. Antukh was already a Bitwarden user prior to joining Glovo. He was especially drawn to the transparency and third-party security audits inherent in an open source solution. At Glovo, Antukh made a pitch for Bitwarden. He touted the solution’s end-to-end encryption and cross-platform accessibility that let users access Bitwarden from any device. He spoke of flexible integration capabilities that make it easy to add on tools such as two-factor authentication or single sign-on (SSO). And he showed how Bitwarden would simplify security audits and compliance with detailed event logs, as well as increase employee productivity. Bitwarden is a vital solution within the Glovo security ecosystem. Antukh looks forward to further strengthening the company’s data protection.
Start a free business trial
GLOVO
understand the importance of it, and as a result we were able to provide better and more effective training. This is something I'm really pleased about.” Another key starting point was to open a security help desk, speeding up (and logging) requests and generating security awareness campaigns, onboarding and materials for all staff. Glovo opened the central service desk of JIRA, so that they were able to register and track requests from our employees.
104
March 2022
“ People were quite open-minded and that's also helped us, as that attitude is part of our global culture” ALEXANDER ANTUKH CISO, GLOVO
GLOVO
As Antukh remarks, “that allowed us to be constantly in touch with our employees and to start changing the mindset towards a more security-aware one.” “We started the Security Champions programme in product security, so we are able to ensure the security by design of our code,” he continued. Firstly, Antukh established guidelines and policies such as passwords, but the second factor involved Bitwarden, a key partner for Glovo.
Bitwarden helping to keep Glovo secure Bitwarden is an open source password manager, and is considered one of the most secure and privacy-first options on the market. As Antukh explains, “when we started, we were tackling the problem of weak passwords at Glovo. I'd personally been using Bitwarden for some time. We just decided to try it for corporate security purposes, and it was a big success. Our primary use case is to secure the shared set of credentials files, and other sensitive information, among the team members. So we specified a list of authorised users and ensured that no one from the list had access to sensitive information Bitwarden helped us to comply with PCI DSS. They also helped us to cover a few important controls of our cyber security framework. So overall, they have become an integral security tool for the whole company. We are pleased to see how they can contribute in future to the overall protection of Glovo.” he said. Cyber concerns of now and the future Like others in the tech space, one of Glovo’s common enemies in the cybersecurity realm is the increase in rates and sophistication of ransomware and potential cyber attacks in general. Glovo has a complex approach to how they protect against this and that concerns all teams. One of the key adoptions is that of zero trust, which aims to tackle the major problem of phishing attacks. Antukh is aware that “there are many talks about zero trust, and I think that's a very good strategy overall, but then of course, we need to remember the foundations, such as asset inventory and visibility of what we have in our networks, and patch management. It is, however, keeping security by design in mind in how we build our products. I think it is really important that we tackle security cybermagazine.com
105
BITWARDEN
GLOVO
High-growth Delivery Startup Glovo Boosts Password Security and Compliance with Bitwarden
Operating in 25 countries at a current valuation of nearly +$1 billion, Glovo is one of Europe’s fastest growing startups. Based in Spain, Glovo delivers restaurant takeout orders, groceries, pharmacy, and other products to 4.3 million urban users. In the past year, Glovo more than doubled its employee count to more than 3000. When Alexander Antukh joined Glovo in August 2020 as its director of security, some employees used personal password managers while most used nothing at all. Weak passwords were frequent and people shared them among teams, often through the company’s messaging platforms. “Passwords were almost useless,” said Antukh. “Yes, there is a password but if everybody knows it, or you can easily find
106
March 2022
that in the password lists through brute force, then it's not very good protection.”
Solution: Bitwarden makes password management simple and consistent Antukh was already a Bitwarden user prior to joining Glovo. He was especially drawn to the transparency and third-party security audits inherent in an open source solution. At Glovo, Antukh made a pitch for Bitwarden. He touted the solution’s endto-end encryption and cross-platform accessibility that let users access Bitwarden from any device. He spoke of flexible integration capabilities that make it easy to add on tools such as two-factor
GLOVO
authentication or single sign-on (SSO). And he showed how Bitwarden would simplify security audits and compliance with detailed event logs, as well as increase employee productivity. Antukh’s argument for Bitwarden convinced company leaders. Glovo purchased a flexible subscription that can scale for the future. Antukh appreciates the open source nature of Bitwarden that “brings transparency in how it helps to verify security and to quite openly say, ‘This is how we operate. This is what our values are.” “We found that it [Bitwarden] is very easy to work with,” he said. “When we created our first collections, when we were able to audit the access log, when there were granular permissions, and I saw the work for new features such as Bitwarden Send—that was all quite useful. User experience is also quite good.”
to sensitive data. Antukh liked “the fact that we can inspect audit logs, and we could use that for compliance purposes. It's easy, and it's nice to set the permissions in the way we want to.”
Simple integration with SSO without compromising security
Building a more secure future
Glovo uses Bitwarden with SSO, which allows employees to use one set of credentials to access multiple cloud applications. Bitwarden integrates with SSO to improve the user experience of accessing applications, while maintaining the zero knowledge encryption approach to password security.
Convenient features to simplify compliance
Hassle-free password protection for peace of mind Glovo has seen adoption steadily increase as people cared more about the security of their passwords and reduced unnecessary or unsecure sharing. Now, when they share passwords, they do it through Bitwarden. “We saw more and more that security champions, who are genuine securityminded people in our company and who are not part of the security team, also started to promote [Bitwarden],” said Antukh. “Once people started to experience that ease of use and security can go together with Bitwarden, adoption was natural.”
Bitwarden is a vital solution within the Glovo security ecosystem and Antukh looks forward to further strengthening the company’s data protection. “Once we build that strategy, we will pursue it in the next year,” he said. “It will be mostly related to how we improve processes, how we improve access management and user management. And for sure, Bitwarden will be an important part of it.”
Start a free Bitwarden trial today
Bitwarden provides audit trails that let Glovo security teams track user and group access
cybermagazine.com
107
GLOVO
as a whole company. So there is the risk ownership and there is awareness of what it means to own the assets. And always asking what risks are there” Speaking on the impending explosion of quantum computing over the next decade, Antukh cites quantum computing and quantum cryptography as a major issue. He adds, “I think it's again more about the mindset. So whenever there is a new technology, whenever there is a new approach, there are inherent risks in that. So it's about how we are able to build that threat model, how we're able to identify those risks. And what are the controls there?” One example Antukh evokes is that of the Metaverse from Facebook/Meta, which is moving to a new reality. “Hacking that reality might have some consequences, which we don't even think about right now, but might be quite serious. And there’s also deep fakes, for example, or imitating the voice of somebody to pass some of the traditional controls, for banking transfers, among many others threats.” How Glovo stays ahead of the pack The focus for Glovo is to keep growing and expanding into countries and continue to strengthen their footprint in existing markets in which they currently operate. “We are in 24 countries, in more than a thousand cities worldwide, and we have over 4 million users. So I believe that Africa is going to be a focus for us. And over the next 18 months, we’ll look forward to expanding further.” When asked to describe Glovo’s competitive edge, Antukh says that it is two-fold to him personally, starting with an amazing culture that employees strongly believe in. “This is about how we work all together and we support each other. However, from the market perspective, I 108
March 2022
“ I'd been personally using Bitwarden for some time. We tried it for corporate security purposes and it was a big success” ALEXANDER ANTUKH CISO, GLOVO
GLOVO
cybermagazine.com
109
GLOVO
110
March 2022
GLOVO
would say it's the fact that we are a multicategory app from day one. So again, many companies are now entering this field and are focusing on groceries. We've been there already, so it helps us to anticipate the next moves and be the market leader where we already are established.” Another example of Glovo’s uniquely forward-thinking culture was embodied by the recent announcement that they’re becoming an official signatory of The Climate Pledge (TCP), alongside more than 200 other businesses, making a commitment to decarbonising and reaching net-zero by 2040 or sooner. Glovo had already made a commitment to becoming carbon neutral across all its operations by December 2021, through a combination of emission reductions initiatives and investments in carbon offset from internationally certified nature-based and technological projects, in conjunction with partners Pachama and South Pole.
cybermagazine.com
111
TECHNOLOGY & AI
EMPOWERING WORKFORCE COLLABORATION WITHOUT COMPROMISING DATA PROTECTION
112
March 2022
TECHNOLOGY & AI
Enabling suitable data protection and privacy while at the same time allowing easy collaboration among users can be a delicate balance. Renaud Perrier, SVP International at Virtru explores today’s data challenges and how to overcome them WRITTEN BY: VIKKI DAVIES
W
e’ve all made mistakes when it comes to security. Whether that’s accidentally hitting ‘Reply All’, mistakenly sending a report to Sarah in sales instead of Sarah in human resources, absentmindedly clicking on a questionable link, or quickly forwarding an email that turned out to contain sensitive information further down the thread. A productive, successful, collaborative workplace requires employees to share information quickly and efficiently, but that information is often sensitive in nature and increasingly costly should a breach occur. You’ve heard the stats; the average breach costs US$3.86 million - so you understand why it’s so urgent that companies embrace and prioritise data protection. Employees need to be empowered to share data confidently and securely. Therefore, for tech leaders, this means implementing a multi-layered approach to security, including: • Easy-to-use tools that empower employees to protect the information they’re sharing • Multi-factor authentication and federated identity to govern data access • Comprehensive employee training and education • Protecting data at the object level so that it’s safe everywhere it travels and under your control at all times • A “safety net” that mitigates human error • Closely monitoring network traffic for anomalies While mistakes are going to happen, there are steps you can take to mitigate them. Level the playing field with zero trust Security ecosystems used to be simpler, and confined to a clear network perimeter. cybermagazine.com
113
Discover Your Security Maturity Score Is your organization on the right path as you navigate today's cybersecurity landscape? Find out in just a few minutes by taking our Security Operaaons Maturity Assessment.
LEARN MORE
TECHNOLOGY & AI
“ If you adopt a solution that empowers your employees with ease of use and security, it’s a win-win” RENAUD PERRIER
SVP INTERNATIONAL, VIRTRU
That’s no longer the case as multi-cloud environments expand, user endpoints multiply, accelerated by the introduction of the ‘extended enterprise’ and the major shift to remote working in 2020. As a result, threat actors have a larger attack surface and number of access points to go after, fuelling the need to shift to a Zero-Trust approach. By implementing Zero Trust framework that pairs data protection with strong, federated identity management, you can ensure every user and every system is treated with equal caution when it comes to accessing and sharing data.You're all on the same team, working to ensure your company’s most vital asset remains secure. Adopt security that travels with the data The average enterprise has over 500 applications that data is either stored in, shared from, or travels through - email, file sharing platforms, SaaS applications and cloud environments. Every application amplifies the risk of a data breach without the right protection in place, but what happens when that data leaves your network? If you implement a data-centric security strategy this will protect data with objectlevel encryption. It will essentially wrap each
file or message with its own distinct layer of protection, making data sharing far more manageable. Another benefit of data-centric security is that it protects the data itself, everywhere it travels, leaving you with greater flexibility for the future. This is instrumental in setting yourself up for success in a security landscape that evolves so rapidly. By protecting the data itself, everywhere it travels, you have the flexibility to adopt new tools and vendors, equipping your employees with the collaboration and data sharing tools they want to use. With data-centric methodologies, you can be confident that your strategy is sustainable for the future. With this mindset, you’ll choose vendors and partners that align with your approach and can provide you with full control over your own data, everywhere it goes.
Renaud Perrier, SVP International, Virtru
cybermagazine.com
115
TECHNOLOGY & AI
Eliminate unnecessary friction Generally, employees need to make some kind of tradeoff between convenience and security. Authenticating their identity for multi factor authentication adds a step to the log-in process. Encrypting an email adds an additional step to sending. Slowing down and taking a moment to examine a suspicious email takes some conscious effort. The key to getting employees to adopt your security recommendations and tools is to make them truly simple, seamless, and easy to use. Ask yourself: • How can I free up my employees to do their jobs to the best of their ability? • Where can I remove friction to enable them to communicate and innovate more seamlessly? Which legacy tools and products are no longer meeting our needs? (Or aren’t evolving rapidly enough to keep pace with my organisation?) • How can I surprise my team with easy-touse solutions? So that users can easily encrypt emails and set access controls with the flip of a switch. In addition, look for solutions that allow the recipients to easily verify their identity so they can access emails without the need for creating separate credentials. The end-user experience is critical to consider. Your executive team, customer success teams, and sales teams place high value on making a good impression, and they want to put their best foot forward. If they know your encryption tools are going to be clunky or create hurdles for their customers, they probably won’t look for solutions that are integrated natively within both Gmail and Microsoft Outlook and use them. 116
March 2022
“ The key to getting employees to adopt your security recommendations and tools is to make them truly simple, seamless, and easy to use” RENAUD PERRIER
SVP INTERNATIONAL, VIRTRU
cybermagazine.com
117
TECHNOLOGY & AI
“ Look for solutions that are integrated natively within both Gmail and Microsoft Outlook” RENAUD PERRIER
SVP INTERNATIONAL, VIRTRU
118
March 2022
TECHNOLOGY & AI
But if you adopt a solution that empowers your employees with ease of use and security, it’s a win-win. Construct a safety net for human error In a perfect world, your employees would continually operate with security in mind,
making the best decisions to protect their data, every time. But we don’t live in a perfect world so we need to create a safety net for when employees don’t make the right decisions. Look for solutions that allow you to choose how to put certain DLP rules in motion: Equip your organisation to automatically encrypt certain types of data, or warn users when potentially sensitive information is detected in an email. For example, an organisation could choose to always encrypt emails containing a bank account number, but in cases of an address or phone number being shared, they could issue a warning to the sender and allow them to make the final decision. That reminder can be a useful nudge to get employees to think about securing their data, so many administrators use it as an educational opportunity. Give employees autonomy Sometimes, data sharing isn’t black and white. Data sensitivity is nuanced, and each situation may call for its own parameters for sharing data. Put the control into the hands of the end user, give them options for setting parameters around how their data can be used. Select solutions that provide the ability to revoke access to files or messages at any time. If a third-party vendor experiences a breach, or a certain file was inadvertently shared, or the user mistakenly hit “Reply All,” access can be immediately revoked, even if that file has already been viewed by the recipient. This gives the employee an opportunity to correct their own mistakes. Rather than hoping their data doesn’t end up in the wrong hands, they can take control immediately, at any time. Now that’s empowerment. cybermagazine.com
119
120
March 2022
RANDSTAD
A HUMAN FORWARD APPROACH BRINGS REWARDS FOR ALL WRITTEN BY: ALEX TUCK PRODUCED BY: KRISTOFER PALMER
cybermagazine.com
121
122
March 2022
RANDSTAD
Recruiting giant unites from within to drive a superior service for clients, candidates and employees.
W
hen Abdul Manik, Chief Technology Innovation Officer at Randstad UK&I, joined the company two-and-a-half years ago, he was tasked with helping the recruitment giant to completely transform the front, mid and back office technologies and associated processes. After his initial observations, speaking to a multitude of people across the business at different levels, he realised that while Randstad UK&I was a very complex business, it was more complex than it needed to be. As Abdul recalls, this “made serving our candidates and clients much harder. Building the relationship was much harder too.” After a collective discussion as a leadership team, Randstad UK&I looked at how it could simplify the business from all angles, from a change, technology and process perspective. This is how the change programme began; incorporating people, process and products. The five core pillars of the Randstad digital transformation Governing Randstad’s digital activities are five core pillars. The first, according to Abdul, is the “client pillar”. It means transforming the whole customer engagement from top to bottom; transforming the experience that clients have when they do business with Randstad day-to-day, whether it's a SME cybermagazine.com
123
RANDSTAD
A human forward approach brings rewards for all
“ We are combining multiple front offices into one single front office, on multiple brands” SHONA RILEY
DIRECTOR OF BUSINESS TRANSFORMATION AND CONTINUOUS IMPROVEMENT, RANDSTAD
client or it's an enterprise client, or it's a new client or an existing client. “We really wanted to transform the experience they have with us. We also think about the client space, and this is where automation machine learning plays a key role. The second is the talent pillar. This is all about our candidates. Again, we follow their journey and experience, not just 124
March 2022
for a transactional event, but also repeat engagement and repeat connection with us as a human resource provider. The UFO project ties in with both the first and second pillars.” The third pillar is based around the employee: “We do have recruitment consultants who will provide the recruitment, but we also have shared service functions, such as our resource teams, candidate teams or fulfilment teams.
ABDUL MANIK TITLE: CIO & CTIO INDUSTRY: RECRUITMENT/HR SERVICES
Pillar four is cyber security and pillar five is change. Abdul also looks at things from a three-dimensional viewpoint, saying “you have products when you're transforming anything or changing anything. It's the product change. If the process changes, people change and it varies in the impact on each other.” It’s not just digital transformation, but actually a business transformation, according
EXECUTIVE BIO
LOCATION: UK Abdul Manik is the Chief Information Officer and Chief Technology Innovation Officer for specialist recruiter, Randstad (UK & Ireland). In addition to owning Randstad’s technology strategy, Abdul also drives overall business transformation; including change management and strategic programme delivery. Prior to working at Randstad, the global leader in the HR services industry, Abdul had experience with digital transformation for magic circle law firm Clifford Chance LLP and AON Consulting. He was also the Director for Avon Cosmetics for Europe, the Middle East and Africa regions - covering 34 countries.
cybermagazine.com
125
The Temp Worker Everything I need, on any device...
The Recruiter Everything I need, available anywhere...
The Manager Everything I need, any time...
We accelerate the digital transformation of the Staffing Industry
M|ployee: Making people’s lives easier M|ployee and Randstad UK create a winning combination for the staffing industry Roel Waals founded M|ployee in 2009, with a vision “to build staffing software in the cloud that connects every stakeholder in the most agile and accelerated way.” M|ployee was recently voted for the second time in a row as one of the top 50 fastest growing tech companies in Benelux by Deloitte in 2020. Recently, M|ployee have partnered with Randstad UK, one of the leaders in the UK Market.The staffing company was undergoing a massive digital transformation, and the company needed a partner it could rely on to tackle such a large technical challenge.
Under one vision Chief Operating Officer, Diana van der Boon, explained that the partnership was strong from the beginning: “When we started the project with Randstad UK, we quickly understood their difficulties with the previous technology. They needed to automate the front and mid office. They determined the scope of the project with a clear vision and managed the change on their side.” The M|ployee staffing platform has been built from the ground up to give consultants everything they need. It’s fully developed and easily tailored to business workflows.
Solutions built around client’s needs The staffing industry is a big industry globally, and according to CEO Pieter Smits, Mployee’s highly scalable solution is built to be implemented in every country across the globe: “That means that in every country it works with the same solution, same core but different configuration for customisation. We keep on being focussed on staffing, be it long-term staffing or short term staffing - it’s going to grow.” Van der Boon added that “when you look at the average staffing company, they use six, seven, maybe 10 different solutions to manage that process and a lot of manual inputs. What you need as a staffing company is control. So when people come into the company, you want to know who they are and when they’re going to work. The drive to make sure that more staffing companies manage their core processes in one solution and on one platform - making people’s lives easier.”
Learn more
RANDSTAD
“ Our core integration engine is all built around microservices and API, bringing our front office, middle office and back office systems together” ABDUL MANIK CIO & CTIO, RANDSTAD
to Abdul: “transformation is also about process transformation and then people/ cultural transformation. So change looks at all three angles.” As Abdul openly admits, change cannot come through just one person. The tech element often proves easy, it’s the change buy-in/adoption/management that’s hard. Shona Riley is Director of Business Transformation and Continuous Improvement. Shona is extremely hands-on when it comes 128
March 2022
to working with the business and leadership team to drive initiatives that increase productivity and business performance. Shona says, “we are combining multiple front offices into one single front office, on multiple brands. What has come out of it so far is that we’re different, but the same. The first challenge was each vertical market, as they have very different needs to the others and very different problems. We actually started the journey with the real users, but when you put any new technology forward, you will hit some change resistance and limiting beliefs. We actually interviewed 60+ consultants throughout the UK to find out what their challenges and their key problems were.”
Shona knew the size of the task at hand. She had to field questions like ‘how do we embrace change as leaders?’ and ‘how do we get behind the change leaders?’ and ‘how are we going to drive it?’ As Shona sees it, change must be communicated through to senior management and to branch management level to drive the change. Starting topdown, taking leadership on the change journey, equipping it with the right tools to support the managers who will drive change.” She adds that “change approach
needs to be top down, bottom up and peer to peer.” Mindset is key for Shona and her team, making sure everybody is ready for the change: “we had a clear communication strategy to ensure we communicated consistently and regularly, we led workshops with the business and ensured we reviewed our processes to ensure they did not conflict with the adoption of the technology and the new changes.” Underlining the importance of a clear vision, Shona adds “from the beginning of the cybermagazine.com
129
RANDSTAD
journey as a business, it is your responsibility to own the requirements and your vision and share that. And the supplier needs to be on the journey with you, so they deeply understand and can support you with the solution because they’re the experts.” Another question is how the organisation manages that change. Shona has the answer, saying “you have to make change personal, you can't blanket change. That’s very much part of our tech and touch approach. It takes effort from all people involved. The change has to be perceived as a business initiative, not as a project. We work very closely with managers to coach and support them. We mentor them in terms of combating a limiting belief to draw out the benefits to that particular individual on how it's going to help achieve their targets.” M|ployee the key partner for Randstad With its roots also in the Netherlands, M|ployee has been a key consultant and enabler with its highly innovative staffing software solutions, the company was a logical fit. As Caryn Barnes, Head of Talent Technology & Innovation, states: “We've been working heavily with M|ployee to develop those technical processes. They're advising us, especially on how to build things. They not only helped Randstad UK get to the launch stage of UFO but they are helping us get into that ‘business as usual’ process. We're developing, creating and producing things every two weeks.” The partnership came at an important time for Randstad, in terms of utilising many new technologies: “We wouldn't be able to do it without them at the moment, especially as we grow our team.” It’s clearly a relationship for the foreseeable future, according to Barnes: “M|ployee will be heavily involved with how 130
March 2022
cybermagazine.com
131
132
March 2022
RANDSTAD
“M|ployee will be heavily involved with how we're integrating products like smart artificial intelligence” CARYN BARNES HEAD OF TALENT TECHNOLOGY & INNOVATION, RANDSTAD
we're integrating products like smart artificial intelligence (AI) as well. They understand the goal; we want to get to the vision of one place for everything. That's the overall vision for me. We're looking to grow with Salesforce and M|ployee.” Microservices, machine learning and RPA Microservices is a fundamental part of Randstad’s digital transformation strategy. As Abdul remarks: “The reason for that is microservices bring everything together. It allows you to integrate legacy, non-legacy and internal and external systems and processes in a much more flexible way. Our core integration engine is all built around
microservices and API, bringing our front office, middle office and back office systems together. It brings the multiple front office data input and output together. Abdul and the team combined used Robotic Process Automation (RPA) as a big driver for legacy system & data integration as well as efficiency improvements. Abdul insists that automation plays a big role alongside machine learning and data intelligence in Randstad UK's digital transformation plan: “we are definitely benefiting from having very experienced, knowledgeable experts in those areas internally, but also working very closely with our partner channel in that space.” Swimming in a data lake We need to find a way of aggregating that data into our data lake. So we can then join data from multiple platforms to create meaningful insight and dashboards. We cybermagazine.com
133
134
March 2022
RANDSTAD
“ We're really focusing on hyper automation to really drive the efficiency” ABDUL MANIK CIO & CTIO, RANDSTAD
slightly changed our approach now with aggregating the data within the data lake where we can surface them into Tableau, for users to access. We would now ask the question of ‘what problem are you trying to solve & what is your desired outcome?’, so we can make sure that we're providing the right solution rather than just providing more data in the form of a report. So we can make sure that by orchestrating the data, combining it from multiple systems in the data lake, we can drive better behaviours in the SIS, in the business.” Pandemic accelerates programme The pandemic has changed the market dynamic for Randstad. While they had a digital transformation plan before the pandemic happened, the pandemic expedited it. Abdul: “It was supposed to be a two to three year programme, but the low period caused by the drop in demand from candidates and clients in 2020 gave us an opportunity to really fast-forward that transformation plan.” He went on to say the market has moved from being client-led in 2020 and the early part of 2021 (where there were not a lot of jobs available and a lot of candidates available with a lot of follow-up), to now seeing a lot more candidate scarcity and a lot more client demand. “When we come out the other side and the demand starts to grow, we’re in a much better position to grab the market growth, as we’re a lot more lean and a lot more efficient and agile as an organisation to react to it,” he continued.
cybermagazine.com
135
TOP TEN
CYBER COMPANIES 136
March 2022
TOP TEN
v
The cybersecurity industry is booming. We take a look at the top 10 cyber companies helping to prevent cyber attacks in 2022
T
he global cybersecurity industry is big business. An increasing awareness of cyber threats has led to a rising investment in cybersecurity infrastructure worldwide. We take a look at the top 10 cyber companies to watch in 2022.
WRITTEN BY: VIKKI DAVIES
cybermagazine.com
137
TOP 10
10 TESSIAN
London-based Tessian uses AI to construct customisable email filters that can detect and eradicate suspicious activity both inbound and outbound. With a real-time dashboard, Tessian’s users can keep track of their organisation’s integrity instantly. Founded in 2013,Tessian is backed by renowned investors like March Capital, Sequoia, Accel, and Balderton.
138
March 2022
09
DARKTRACE Darktrace is a British-American information technology company that specialises in cyber-defence. The company was established in 2013 and is headquartered in Cambridge, England and San Francisco, United States. It is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index. Developed by Mathematicians, Darktrace is a world leader in Autonomous Cyber AI. Darktrace uses selflearning AI to detect and neutralise threats across networks, Cloud and IoT. Darktrace’s solutions have helped thousands of companies in a wide range of industries fight cyber threats in real-time.
TOP 10
08 FORTINET
Fortinet is an American multinational corporation headquartered in Sunnyvale, California. It develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems and endpoint security components. The Fortinet Security Fabric platform secures many of the largest enterprise, service provider, and government organisations around the world. Its AI-based product, FortiWeb, is a firewall that utilises machine learning and two layers of statistical probabilities to detect threats with unrivaled accuracy.
07
CROWDSTRIKE Crowdstrike provides cloudnative endpoint protection software. Its platform, Falcon, goes beyond simple threat detection by automatically investigating anomalies removing the guesswork from threat analysis. Crowdstrike counts three of the 10 largest global companies by revenue among its clients. The company was founded in 2011 and is headquartered in Austin, Texas. cybermagazine.com
139
TECHNOLOGY & AI
Never trust, always verify Okta as the core of Zero Trust Okta is the leading independent identity provider. The Okta Identity Cloud enables organizations to securely connect the right people to the right technologies at the right time.
Learn more
TOP 10
05 FIREEYE
06
NORTONLIFELOCK
FireEye is a privately held cybersecurity company headquartered in Milpitas, California. It has been involved in the detection and prevention of major cyber attacks and provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyse IT security risks. Founded in 2004 FireEye believes that a combination of hands-on expertise combined with innovative technology such as AI is the best way to protect its customers.
Formerly known as Symantec Corporation, NortonLifeLock is an American software company headquartered in Tempe, Arizona. The company provides cybersecurity software and services. NortonLifeLock is a Fortune 500 company and a member of the S&P 500 stockmarket index. The company also has development centers in Pune, Chennai and Bangalore. cybermagazine.com
141
TOP 10
04 BITGLASS
Silicon Valley’s Bitglass was formed in 2013 by a team of industry veterans with a history of innovation. Its Total Cloud Security Platform boasts the world’s only on-device secure web gateway with zero-trust network access to secure any interaction. In 2020 Bitglass was named a Leader in the Gartner CASB Magic Quadrant for the third consecutive year. The company is backed by Tier 1 investors.
142
March 2022
03
BUGCROWD Bugcrowd is an award-winning crowdsourced cybersecurity platform that evolves with emerging threats to help organisations secure innovation sooner. Bugcrowd was founded in 2011 and by 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. In March 2018 it secured $26 million in a Series C funding round led by Triangle Peak Partners. Based in San Francisco, Bugcrowd enables organisations to rapidly uncover and fix vulnerabilities before they interrupt business.
02
PALO ALTO NETWORKS
Palo Alto Networks is an American multinational cybersecurity company with headquarters in Santa Clara, California. Its core products are its platform that includes advanced firewalls and cloudbased offerings that extend those firewalls to cover other aspects of security. Palo Alto Networks was created in 2005, today it boasts over 85,000 worldwide
customers in over 150 countries and a revenue of $4.3bn. Palo Alto Networks is headed by Nikesh Arora who joined as chairman and CEO in June 2018. Before joining Palo Alto Networks, Nikesh served as president and chief operating officer of SoftBank Group Corp. Prior to that, he held a number of positions at Google, Inc. and T-Mobile International.
We've Got Next
cybermagazine.com
143
The ‘Risk & Resilience’ Conference
2022 27th - 28th April
STREAMED & IN PERSON TOBACCO DOCK LONDON
Buy tickets
Sponsor opportunities
Watch our 2021 Showreel
Previous Speakers Include:
Aurelien Faucheux
Senior Director, Procurement Performance, Systems & Excellence
Charlotte de Brabandt Technology and Negotiation Keynote Speaker & Host
Aston Martin
Lufthansa
AMAZON
Ninian Wilson
James Westgarth
Group Procurement Director Vodafone Procurement
CPO
01 What Does Security Mean to You?
146
March 2022
TOP 10
MCAFEE The McAfee Corporation is an American global computer security software company headquartered in San Jose, CA. Purchased by Intel in February 2011 to become part of its Intel Security division, McAfee is a worldwide leader in online protection. It’s key attributes are to focus on protecting people, not their devices. The cybersecurity business boasts over 108m customers in 182 countries worldwide. McAfee’s suite of products include its antivirus software that can be used to scan PCs for viruses and protect them in real-time detecting all kinds of malware, such as ransomware, spyware, cryptojackers, adware and more. McAfee is valued at $8.6bn.
cybermagazine.com
147
EXPO
7th & 8th September
Register now
›
Sponsor
›
STREAMED & IN PERSON BUSINESS DESIGN CENTRE
