Infrastructure News: October 2021 - January 2022

Page 38

October 2021 - January 2022

SECURITY

New Zealand’s Computer Emergency Response Team (CERT) found that cyber incidents caused a financial loss of $16.9 million in 2020, with 7809 incident reports in total. This number continues to increase year after year. Recognising the risks and finding a solution The speed and agility that comes with the rapid deployment of cloud within organisations has enabled faster delivery of applications and numerous other benefits. However, these advantages need to be balanced against security risks that arise from cloud deployments, which can often be complex. Vectra’s PaaS & IaaS Security Survey Report reveals that risk exponentially increases as more people are granted access to a cloud environment. Although companies surveyed are investing heavily in security operations, the challenges of securing the cloud are expected to continue for the foreseeable future due to sheer size, scale, and continuous change. While the vectors of all these incidents have remained the same, the speed at which the attackers can now pivot through an organisation’s network and the coverage they are able to achieve as a result has greatly increased. This highlights that current prevention tools are no longer enough to mitigate risk. What we are seeing now is that increasing cyber security threats when combined with a rapidly evolving cloud environment is creating a perfect storm that is highlighting significant skills gaps. Constantly evolving critical national infrastructure threats means a round38 safetynews.co.nz

the-clock effort and highly specialised skills to bolster enterprise cybersecurity. Typically, most organisations have lean IT teams and lack the cybersecurity expertise required to preempt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource. Securing the cloud with confidence is nearly impossible due to its ever-changing nature. To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible. Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness. Securing critical national infrastructure with effective incident response Critical national infrastructure (CNI) organisations must be ready and able to defend against a wide range of threats that attempt to steal from, disrupt, damage, or deny their operations. When it comes to assets

and infrastructure that are essential for the functioning of a society or economy, it’s no longer enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks. Attackers are increasingly targeting Operational Technology and Industrial Control Systems in ransomware attacks. That’s where vendors with true cybersecurity expertise drive value, helping organisations not only to draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps. Slowing down the attackers is only part of the challenge. CNI organisations should have the right capabilities that would also speed up defences across all network stacks (be that IaaS, SaaS, PaaS, or Datacentre). The only way to achieve this is via prioritisation of incidents leveraging AI and automation. This will bolster the limited capacity of the security operations centre giving it the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach. To better improve CNI cyber defences, there are the top three best practice tips: - Reduce the risk of cloud

services being exploited using an AI-driven threat detection and response solution. - Monitor access of the deployment and the configuration of it. - Review and remove admin-level roles that are no longer used and/or needed. We can expect to see threats to CNI over the next few years across a number of scenarios – for instance, healthcare systems remain vulnerable particularly as the global fight against COVID-19 continues and continued demand for remote working will increase attack surfaces. Each CNI site or situation is unique and visibility and agility are the building blocks of effective incident response. CNI security teams must adopt an assumed-compromised mindset and focus on early automated detections with context to make fast and informed decisions.

Chris Fisher is the Head of Security Engineering for Vectra.ai in the Asia Pacific and Japan Markets


Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Wrong name, right product why build-to-rent is struggling

4min
pages 82-84

China builds apartment block in a day

1min
page 79

Kiwi Property kick starts build-to-rent in New Zealand

2min
pages 80-81

New Zealand's housing crisis a breach of human rights

9min
pages 72-75

3D-printed housing

6min
pages 76-78

Tax changes threaten rental market

4min
pages 70-71

Priming your business for post-lockdown recovery

4min
pages 48-49

Site Safe Awards finalists announced

1min
page 65

Where is housing most affordable in New Zealand?

6min
pages 68-69

Facilities management with personal service

1min
pages 66-67

Homebrew 1080 poison hospitalises worker

2min
page 56

Surviving as a modern business

4min
pages 52-53

Is standardised training the way forward?

2min
page 57

Chemical safety relies on meaningful cooperation

3min
pages 54-55

Tips and myths around dogs

2min
pages 46-47

Toxic fumigant banned

3min
pages 34-35

Bastion NZ launch Industrial glove range

1min
pages 36-37

Industry leader in soft fall protection on construction sites

2min
page 41

Safety app a crucial element in building site safety

2min
page 45

Radio technology keeps workers safe and compliant

1min
page 44

Remote working putting organisations at risk

2min
page 38

Unlearning misguided muscle training

6min
pages 42-43

Critical infrastructure vulnerable to hackers

5min
pages 39-40

Has your fuel gone off?

5min
pages 32-33

The fight for common sense and a reasoned debate

3min
pages 26-29

The New Zealand Upgrade Programme cost blowout

10min
pages 22-25

Immigration policies hindering construction sector

6min
pages 14-16

In search of the perfect surface - contractor invents new earth compactor

2min
pages 12-13

Transmission Gully - what went wrong?

11min
pages 18-21

Multi-purpose, safer, faster telehandlers increase productivity

3min
pages 8-9

Australian construction industry cries out for reform

4min
pages 10-11

AC Filter - an engineered solution protecting worker health

3min
pages 5-7

Latest lockdown puts ongoing strain on construction

6min
pages 3-4

How scalable data centres help Mainfreight’s vision

2min
page 17
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.