Affordable Cyberattack Defence Strategies

David McNamara, the person behind CommSec, has devoted nearly 11 years to his enterprise, putting his heart and soul into cybersecurity. CommSec dedicates itself solely to cybersecurity, serving a broad spectrum of clientele drawn from various sectors including finance, logistics, healthcare, pharmaceuticals, and government agencies. Clients typically have at least 300 users, as CommSec provides services encompassing around-the-clock monitoring.

Focus is currently on the upcoming EU directive NIS2, a regulation likened to how GDPR reshaped data privacy. It promises to immensely alter the landscape of cybersecurity across Europe. The climbing threat of cybercrime in the EU, marked by an alarming 2.2 billion exposed records through a total of 556 data infiltrations in 2023, set the ball rolling for the initiation of NIS2.

The forthcoming legislation presents a drastic upgrade from the NIS directive instituted in 2016. It has expanded its coverage from merely 125 to over 4,000 organisations, transferring the responsibility for cybersecurity from IT divisions straight to the boardroom. NIS2 bolsters defences against cyberattacks and virtual disruptions.

However, McNamara points out there’s a critical downside: low levels of awareness among management boards. This unawareness could result in a compliance scramble when the directive comes into effect this October, potentially triggering severe penalties against both corporate bodies and their senior management teams.

Consequently, businesses will be mandated to investigate their supply chains and promptly report any security breaches to Ireland’s National Cybersecurity Centre. McNamara added that penalties for not disclosing breaches will be steep, similar to those imposed by GDPR, with accountabilities being traced back to individuals who may be prohibited from discharging their managerial tasks. The robust nature of these laws will be stringent.

He wraps up by saying that the boosted regulatory mandate will inspire companies to regard cybersecurity on a par with how health and safety matters are handled inherently at the board level.

When consulting on cybersecurity matters with businesses, McNamara advocates a realistic approach: “Data safeguarding is paramount, but the level of protection should correspond to the nature of data in question. While larger entities may appear to be more attractive targets, smaller businesses also represent integral components of the supply chain.
“That’s why we promote affordable, simple protective measures, such as multi-factor authentication, consistent scrutiny of the infrastructure, and widespread use of encryption.”
Puneet Kukreja, EY Ireland’s leader in cybersecurity, takes a strategic approach to cyber defence. His strategies encompass prioritising patching – identifying and deploying software updates to address technical vulnerabilities – according to the potential threat exposure; emphasising resilience; transitioning from rule-based detection to behavioural-based detection; maintaining fundamental cyber hygiene; and acquiring a deep understanding of supply chains.
“Vulnerability scanning is an essential element of cybersecurity, which includes defining the range and objectives, selecting scanning tools, tool configuration, performing the scan, progress monitoring, prioritising and interpreting results, and undertaking remediation and mitigation,” he states.
Kukreja proposes that cybersecurity demands a stratified approach, customised to an organisation’s specific requirements and budget. Potential products and services may range from firewalls, end-user security awareness training, endpoint detection and response software, spam filtering, and multi-factor authentication, to security program development, security architecture analysis, monitoring services, vulnerability assessment, penetration testing, and compliance auditing.
At Huntress, Nick O’Donovan, the head of sales for Europe, Middle East, and Africa, asserts that firms should treat cybersecurity scanning similarly to household security, being vigilant for any ‘unlocked doors or windows’, and considering the “human element”.
“Internal endpoints in a company present one such area of vulnerability,” divulges O’ Donovan. This hurdle can be overcome by utilising technologies such as EDR (endpoint detection and response), which analyse and triage systems.
“Identities present another vulnerability where fraudsters might breach a company’s email system. Continually scanning the system and real-time threat monitoring prevents unauthorised access to email, which in turn prevents data loss, email tampering, and potential fraud.”
Education

The significance of training employees on cybersecurity awareness is immeasurable, given they form the primary defence layer within an organisation. It is essential for the workforce to comprehend the perils associated with unidentified hyperlinks and malevolent emails, as well as recognise phishing attempts. Simple precautionary measures such as scrutinising email headers, identifying misspelt words, and directly confirming contact details from websites can be highly advantageous.

However, organisations should implement comprehensive security awareness training that uses engaging videos and training sessions, which help employees stay updated on the newest threats, advises O’Donovan.

The shift to remote working, undoubtedly, has altered the scenario for numerous organisations. Whereas employees and infrastructure were previously securely housed within physical buildings, protected by a variety of security mechanisms, the transition to home-working presents substantial security obstacles. This change has substantially been expedited due to the Covid-19 pandemic, with individuals seeking information, potentially leading them to click on harmful links inadvertently.

Rob Behnke, Halborn co-founder and CEO, emphasises that ensuring organisational security necessitates a comprehensive approach. Ignoring any factors, rather than considering holistic security measures, like scanning for code vulnerabilities, training employees, and securing all devices in use, could lead to new security threats, including internal risks and insider threats. Behnke warns about attempts by nation-state players to breach large corporations and extract information, advocating preventive defence strategies starting even before the hiring process begins.

Peter Strahan, director of Lantech, purports that effective cybersecurity necessitates a combination of technology, human interactions, and systematic procedures. He cautions organisations against the tunnel-vision focus on a single tool, such as vulnerability scanning, assuming this would suffice for overall security. Instead, Strahan advises organisations to employ a comprehensive cybersecurity strategy rather than prioritising tool acquisition.

Strahan mentions an example of the inherent limitations of solely relying on tools, pointing out the upsurge in session token theft attacks as a threat that organisations must prepare for. He points out the shifting nature of threats from the traditional malware attacks on users and equipment to the complex, malware-free attacks becoming the primary threat vector in recent times.

“Malicious players are increasingly utilising the same tools employed by IT support teams for their daily tasks to carry out their illicit activities. By adopting this approach, they remain undetected for extended periods, thereby gaining further access to the corporate infrastructure as well as confidential data.

Someone committing session token hijacking obtains the digital identities (tokens) that platforms such as Microsoft 365 employ to maintain a user’s log-in status. Once the individual has access to these tokens, they can access the user’s account without requiring the password.

This change in strategy has rendered conventional threat detection tools obsolete and ineffective. Yet, numerous companies continue to rely on these outdated protection platforms, erroneously believing that they offer adequate security,” Strahan points out.

Given the rising threat of session token theft, companies have started taking the threat of identity theft more seriously, making managed detection and response an essential part of the cyberdefence toolkit. Regrettably, many organisations still solely rely on traditional antivirus tools and other inefficient controls that are increasingly putting their business, employees, and customers at risk.

“Adopting an efficient cybersecurity strategy, coupled with a rigorous management system will ensure companies remain abreast of the evolving trends in cybercrime, and are able to constantly reassess the safeguards in place to reduce risk,” says Strahan.

Condividi