As cyberthreats evolve how do you adapt protection?
Vulnerability of businesses to cyberattacks is growing, so taking the necessary steps to protect your organisation requires a new approach
The ongoing threat of cyberattack is something that requires permanent focus. For busy organisations, it makes sense to engage external experts. Photograph: Getty Images
‘Building the plane while flying it’ is a Silicon Valley idiom that has probably felt a bit too real for Ireland’s hardworking IT teams in 2020. As the pandemic gathered pace, organisations were faced with an urgent need to transition securely to virtual, remote operations, equipping a dispersed workforce with the necessary technology to ensure it was business as usual.
Many organisations have found themselves more vulnerable to cyberthreats as a result, and not all of the weak spots will have been identified and fixed by now.
Getting your security sorted is more important than ever. What people may not realise is that advanced cyberattacks are often operated by humans and research shows that they have become stealthier and more devious. They can lurk inside a victim’s network for days, if not weeks, gathering and removing information, deleting backups and more, before launching the most visible and damaging part of the attack, which is often ransomware – malware that locks up your data and systems, demanding money to unlock it all again. It may also involve a threat to publish some of the most sensitive stolen data.
The impact of this can be devastating for a business, in terms of the cost of recovery, data protection, operations, as well as the loss of revenues and even reputation.
According to Brian Murray, enterprise account executive with Sophos, many businesses now understand that it’s not a case of ‘if’ they have a cybersecurity incident, it’s simply a case of ‘when’.
“There are only two types of businesses – those that haven’t been attacked and those that will be,” he says.
But while awareness might be growing – Murray gives the introduction of GDPR legislation credit for this – businesses may still not fully understand what it takes to fend off potential cyberattacks and the increasingly sophisticated nature of the cyberthreat landscape. This is of paramount importance at a time when IT teams and senior leadership are already facing so many unexpected challenges and demands on resources.
“People used to have an idea of a cybercriminal as someone alone in their bedroom trying to breach a network,” Murray says. “But now there are whole businesses of people working to attack your network, either as a single threat actor or offering their tools, techniques and malicious infrastructure as a service. One look at the dark web and you can see what’s on offer and for how much. This has made it easier for adversaries with relatively little skills to get in on the game.”
Murray points out that taking the necessary steps to protect an organisation from such cybersecurity attacks and breaches are decisions not just for IT managers, but for the business.
“At a board level people are starting to understand it’s an investment that must be made. To simply hope that it just won’t happen is not good enough, businesses have to understand that they are a target,” he explains. Investing in intelligent, integrated security software remains vital but may not always be enough on its own, he adds, saying businesses must realise that attacks are directed by humans and defending against them “needs humans too”.
“Humans can think on their feet and change direction quickly if an attack attempt isn’t working as it should. This demands a whole new skillset and one that is alert and available 24/7. Automated security technologies can defend against a great deal, but it is the human eyes and intelligence that can spot the anomalies and put them in context. The benign looking activity that is taking place somewhere it shouldn’t be, the network scanning going on that seems out of place, and more.”
While most mid to large-sized organisations have an IT team, few people have the expertise it requires to permanently monitor a network, Murray explains. “To be honest it’s not a job for one person, it’s not even a job for a small team. We understand that you have to be available all day, seven days a week.”
This is why threat detection and response services are in growing demand. The best teams will include both analysts and threat hunters, monitoring a client’s network round the clock, with the ultimate goal of stopping a cyberattack in its tracks before it ever takes hold.
“If you’re going in after a breach and the data is already gone, then you are behind the curve,” he points out. “Although even then all is not lost if you don’t give up. Threat hunters can look for the red flags that suggest the intruders are still in your network and possibly getting ready to do something else.”
Murray explains that organisations need to implement the kind of protection that combines artificial intelligence-powered security technologies with expert human knowledge “to give full insight into an adversary’s behaviour”, all underpinned by employee education.
“Hackers have become very aware and attuned to what security teams are looking for and which warning signs will give them away,” Murray says. “Once the attackers are in, they will often use stolen access credentials, legitimate tools or native operating system tools to sit on your network and move around to see what they can pick up, if they can read any information or if they can rewrite any files. Threat hunters and analysts look for the subtle signs of such activity,” he explains.
Sophos’ own Managed Threat Response (MTR) service is used by organisations that lack the resources to do the threat hunting and response in house, or those that welcome the broader experience and perspective that an external team dealing with attacks and the threat landscape on a daily basis can offer.
Once a potential threat is highlighted, Sophos works with the customer to agree the best way forward.
“The power is always with the customers. We do the work, but they own the decisions, so it means they are still completely in control of their organisation,” says Murray.
“Cyberattacks can decimate businesses and bring them to a standstill. Security has to be embedded into how organisations do business. Unfortunately, networks and systems are vulnerable, and you have to permanently be on alert and deal with these bad actors before it becomes mission critical. We believe that managed threat hunting and response will become standard cybersecurity best practice.”
For more information, visit sophos.com/en-us/products/managed-threat-response.aspx