October 2021 - January 2022
SECURITY
New Zealand’s Computer Emergency Response Team (CERT) found that cyber incidents caused a financial loss of $16.9 million in 2020, with 7809 incident reports in total. This number continues to increase year after year. Recognising the risks and finding a solution The speed and agility that comes with the rapid deployment of cloud within organisations has enabled faster delivery of applications and numerous other benefits. However, these advantages need to be balanced against security risks that arise from cloud deployments, which can often be complex. Vectra’s PaaS & IaaS Security Survey Report reveals that risk exponentially increases as more people are granted access to a cloud environment. Although companies surveyed are investing heavily in security operations, the challenges of securing the cloud are expected to continue for the foreseeable future due to sheer size, scale, and continuous change. While the vectors of all these incidents have remained the same, the speed at which the attackers can now pivot through an organisation’s network and the coverage they are able to achieve as a result has greatly increased. This highlights that current prevention tools are no longer enough to mitigate risk. What we are seeing now is that increasing cyber security threats when combined with a rapidly evolving cloud environment is creating a perfect storm that is highlighting significant skills gaps. Constantly evolving critical national infrastructure threats means a round38 safetynews.co.nz
the-clock effort and highly specialised skills to bolster enterprise cybersecurity. Typically, most organisations have lean IT teams and lack the cybersecurity expertise required to preempt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource. Securing the cloud with confidence is nearly impossible due to its ever-changing nature. To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness. Securing critical national infrastructure with effective incident response Critical national infrastructure (CNI) organisations must be ready and able to defend against a wide range of threats that attempt to steal from, disrupt, damage, or deny their operations. When it comes to assets
and infrastructure that are essential for the functioning of a society or economy, it’s no longer enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks. Attackers are increasingly targeting Operational Technology and Industrial Control Systems in ransomware attacks. That’s where vendors with true cybersecurity expertise drive value, helping organisations not only to draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps. Slowing down the attackers is only part of the challenge. CNI organisations should have the right capabilities that would also speed up defences across all network stacks (be that IaaS, SaaS, PaaS, or Datacentre). The only way to achieve this is via prioritisation of incidents leveraging AI and automation. This will bolster the limited capacity of the security operations centre giving it the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach. To better improve CNI cyber defences, there are the top three best practice tips: - Reduce the risk of cloud
services being exploited using an AI-driven threat detection and response solution. - Monitor access of the deployment and the configuration of it. - Review and remove admin-level roles that are no longer used and/or needed. We can expect to see threats to CNI over the next few years across a number of scenarios – for instance, healthcare systems remain vulnerable particularly as the global fight against COVID-19 continues and continued demand for remote working will increase attack surfaces. Each CNI site or situation is unique and visibility and agility are the building blocks of effective incident response. CNI security teams must adopt an assumed-compromised mindset and focus on early automated detections with context to make fast and informed decisions.
Chris Fisher is the Head of Security Engineering for Vectra.ai in the Asia Pacific and Japan Markets