By Nuno Cândido Cloud 6 Security associate director at Noesis
E.D.: According to Verizon's new Data Breaches Report (DBIR), ransomware has seen a 13% increase in 2021. Is this the biggest cybersecurity problem that businesses must worry about?
N.C.: Yes, this is, in fact, one of the biggest challenges that organizations face today, regardless of their profile, sector of activity, or size. The technological evolution and sophistication of attacks are more significant. Cybersecurity is a problem that affects us all, not only at the company level but also at an individual level. We must analyze the risks we are exposed to and define roadmaps to mitigate them. Cybersecurity is no longer just a topic for IT departments, it is a central issue that should be on any CEO's agenda.
E.D.: This increase was as large in the last year as combined in the previous five years. How do you explain this ransomware "explosion"?
N.C.: The ransomware "explosion" was essential because the last two years have redefined how companies live, govern and conduct their business. The technological leap has been such that the incorporation of new technical capabilities and the development of cloud strategies, supported by flexible IaaS and PaaS models and the race to consume SaaS applications, have increased. The Covid-19 pandemic and the consequent adoption of teleworking have added even more difficulty to companies' information security. With businesses becoming increasingly digitized, millions of employees working from their home offices, and millions more consumers purchasing products from their mobile phones, protecting confidential data has become critical. Digital evolution has made people's daily lives more accessible and more efficient in organizations, it is true, but it has also put companies' cybersecurity systems to the test. Digital acceleration has been "fertile ground" for an exponential increase in cyber-attacks and ransomware attacks. Therefore, teams must have all the tools at their disposal.
E.D.: Since the beginning of the war in Ukraine, cyber-attacks in general, and ransomware, have been increasing. Are Portuguese companies aware of this exponential increase in risk?
N.C.: Generally speaking, I would say yes. Cyber-security issues are increasingly on the agenda and at the top of companies' concerns. All companies, regardless of their sector of activity, must be prepared and organizations must develop a cyber defense culture on the premise that one day they will be attacked. This starts with the CEO and ends with the employees, who on a day-to-day basis, ensure the operation. The focus should be on co-operative work between the organization, employees, cyber security solution manufacturers and IT consultancies specialized in this service. It is necessary to ensure the security capabilities of the technology, holistic about the specificity of the IT architectures, that allows minimizing the risk and mitigating the impact of a cyber-attack.
E.D.: What aspects make this type of activity so appealing to cyber criminals?
N.C.: In addition to existing vulnerabilities in hardware and software, cybercriminals have also been exploiting vulnerabilities around company employees. So, investing in a Security Architecture is vital. Phenomena such as website cloning or ransomware are recurrent forms of attempted intrusion and undue capture of access credentials and personal/payment data, among other critical data. The transmission of personal data without prior supervision is the first step to becoming a victim of this attack.
E.D.: Is it common for companies to pay ransoms to recover their data?
N.C.: We do not have data that can measure this, as attacked companies often do not disclose this for fear that the information could cause reputational damage. In the same way, it is even less frequent that they assume the ransom payment if they have done so. In any case, with the entry of these issues into the media schedule and in the organizations' priorities, there is a growing awareness that paying a ransom is not the best approach in an attack. The payment of ransoms legitimizes, perpetuates, and, in a way, encourages these criminal actions.
E.D.: What other ways are there to recover from this attack?
N.C.: As far as technology is concerned, organizations are investing in the application of backup & restore procedures, Endpoint Detection & Response (EDR) solutions, Mobile Device Management (MDM) solutions, and the implementation of Multi-Factor Authentication (MFA). There needs to be a paradigm shift in prevention - looking for abnormal behavior rather than focusing on malicious behavior. And this paradigm shift is closer than we may think. Artificial intelligence algorithms are one of the fundamental pillars for the automation of cybersecurity and a response to the limits of human capacity. Artificial intelligence is a strong ally in the service of cybersecurity and an essential investment today.
E.D.: What can companies do to prevent these types of attacks?
N.C.: As far as security is concerned, what we advocate our clients is the need to focus on Security Architecture through a holistic approach that includes "intelligent" technological capabilities and contains standards, guidelines, processes, and practices that ensure mechanisms to safeguard security policies and privacy of information and access.
This vision can be very briefly presented in the Security & Privacy by Design framework:
- Cloud-oriented solutions and services: that support the growing use of Multicloud environments, capable of controlling accesses at points where the security policy must be applied, from on-premise to the different deployment models. Intelligent Monitoring solutions capable of detecting all types of threats: internal, cyber-attacks, filtering, data manipulation and supply chain threats.
- Compliance and Auditing mechanisms are appropriate for each deployment model. The security of applications and the data that passes between them cannot remain under the individual responsibility of each Service Provider.
- Data Governance: with the increase in mobility, the growing adoption of SaaS applications, and the shadow IT, the ability to govern the use of applications in the cloud is essential to ensure compliance with E2E security policies.
- Digital Identity: Identity and Access Management (IAM) solutions must have levels of sophistication that allow federating authentication in multi-environments and managing provisioning in an integrated and secure manner.
- Cybersecurity Managed Services: services that operate 24x7 with highly qualified and experienced talent, versed in cutting-edge technologies and proactive principles of threat prevention and neutralization.
- Next-Gen Cybersecurity: more complex cloud environments and increasingly sophisticated intrusion schemes require more demanding, automated, and sophisticated paradigms and solutions incorporating AI and self-learning algorithms.
E.D.: Is the human error still the most significant entry point into systems for hackers?
N.C.: Phishing is a very present threat, increasingly sophisticated and worrying, and an illustrative example of the vulnerability of the human factor. It is therefore vital that all organizations, regardless of their size or sector of activity, are increasingly aware of and prepared for this type of phenomenon. Also, at an individual level, employees must pay extra attention when replying to e-mails or accessing information.
E.D.: Is employee training enough to solve the problem?
N.C.: Not enough, but it is a crucial component. Expel's annual report concludes that most ransomware attacks in 2021 were self-installed. In that report, the researchers identified that eight out of ten ransomware attacks occurred through human error after victims opened a file with malicious code. Therefore, organizations must be increasingly vigilant and prepare their human resources. The employees are a part of this. In the report, as mentioned above, the researchers identified that eight out of ten ransomware attacks occurred due to human error after the victims opened a file with malicious code. Therefore, all organizations must be increasingly aware and prepare their human resources. Employees are an essential part of the cyber defense process. Thus, training assumes a crucial role. Organizations can and should conduct regular ransomware simulations with their employees. These kinds of initiatives and tests allow not only for assessing the level of preparedness and attention of employees to possible attacks but also for everyone to be as prepared as possible to deal with real threats.
On the other hand, it is also essential to create regular internal communications and awareness actions that explain the different types of malware to the teams and make them aware of the issue. Investing in the ongoing training of crews is critical; preparing them to act appropriately in an attack is vital. What organisations are (or should be) doing is to put security on their agenda and focus on increasing the resilience of their infrastructures, continuously measuring the level of maturity of their technological components and creating internal programmes to create a true culture of cybersecurity, in a continuous and long-term logic. But training employees is not enough. It is necessary to keep up with technological development and the growing sophistication of cyber attacks. In this chapter, artificial intelligence appears as a strong ally at the service of cybersecurity and a fundamental investment to increase security in organizations and empower the I.T. teams themselves, removing much of the effort of analysis and allowing them to focus on what is essential, the business and the objectives of the organization.
E.D.: In what situations does investment in technology become critical to protecting systems?
N.C.: Fundamentally, organizations invest in technological sophistication and training their teams to defend their most critical systems. In this sense, some steps help organizations and, consequently, their employees to reduce risk. Looking at the indicators in the Global Risks Report 2022, technology risks are critical short- to medium-term threats, where factors such as digital inequality and cybersecurity breaches have increased exponentially.
It is crucial that cybersecurity is increasingly central to organizations and that investment in this area is practical and part of any business strategy.
Is protection technology keeping up with advances in attack technology? When malicious attacks are becoming increasingly sophisticated, creative, and recurrent, business systems must be up to the challenge, empowering I.T. teams to detect and act upon potential threats. And there is no better way to do this than through A.I. and machine learning. Organizations need to invest in more sophisticated security solutions, advanced monitoring, observability and automation that are more efficient at detecting threats and resolving and defeating them. With AI at the service of cyber security, much of the analysis effort can be taken away from human resources, allowing organizations to protect themselves and prevent possible attacks more efficiently.
E.D.: In what situations does investment in technology become essential to protect systems?
N.C.: Fundamentally, organizations invest in technological sophistication and training their teams to defend their most critical systems. In this sense, some steps help organizations and, consequently, their employees to reduce risk. Looking at the indicators in the Global Risks Report 2022, technology risks are critical short- to medium-term threats, where factors such as digital inequality and cybersecurity breaches have increased exponentially.
Looking to the future, it is essential that cybersecurity is increasingly central to organizations and that investment in this area is adequate and part of any business strategy.
Is protection technology keeping up with advances in attack technology? When malicious attacks are becoming increasingly sophisticated, creative, and recurrent, business systems must be up to the challenge, empowering I.T. teams to detect and act upon potential threats. And there is no better way to do this than through A.I. and machine learning. Organizations need to invest in more sophisticated security solutions, advanced monitoring, observability and automation that are more efficient at detecting threats and resolving and defeating them. With AI at the service of cybersecurity, much of the effort of analyzing human resources can be taken away, allowing organizations to protect themselves and prevent possible attacks more efficiently.
Published (in Portuguese)in Executive Digest
