Author – Pete Woodward, CEO at Securious.
An exciting new era in cyber security
Visibility is now an option – here’s why it matters
As threats such as ransomware continue to grow, Securious CEO Pete Woodward explains why visibility of what’s going on across your network is now not just possible, but a fundamental part of staying secure.
One of the biggest risks organisations face is not having visibility of the attacks their networks are facing from external sources.
Cyber attacks don’t tend to just happen instantly. Criminals don’t crack your system one minute and hold your information to ransom the next. Instead, once inside, they typically have a good look around, checking for any additional weaknesses they can exploit, often staying active inside a network for weeks, months or even years.
And if you can’t see what’s going on inside your system, you might never know they are there (let alone be alerted to the fact you’re under attack). But with full visibility, you would see activity that was unusual, unexpected and of concern to alert you to the presence of hackers before they managed to disrupt your operations. Whether a malicious member of staff is downloading customer databases onto a USB stick after hours, or a criminal is trying to log in to the CEO’s email account from the other side of the world in the early hours of the morning, there are many reasons why having ongoing visibility of your network and devices is essential for effective cyber security.
After all, how can you expect to fix these things if you can’t see them happening in the first place?
A quick (true) story as an example
A new client approached us, wanting to achieve Cyber Essentials Plus, a government-backed accreditation that helps businesses ensure and prove that their cyber security is in good shape.
The accreditation requires a qualified third party (in this case Securious) to conduct an audit to verify the client’s answers to questions about their compliance – but on this occasion, the client’s answers weren’t all accurate.
They had answered ‘yes’ when asked whether all their devices were running supported operating systems. But when we ran a vulnerability scan, we realised that wasn’t the case – which immediately constituted an automatic failure of the entire audit. In fact, the scan identified some major areas of weakness that left them wide open to attack…
And that’s when we saw it.
They weren’t just wide open to attack – they were mid-attack. Ransomware had been installed across all the devices, including the servers.
All it would take for the ransomware to trigger would be for one device to reboot. This was a terrifying position to be in because it would encrypt all their files unless a ransom was paid.
We immediately halted the audit, removed our scanners, and informed the business of their critically precarious position.
They called in an incident response team, who ran ransomware removal software and fortunately, they escaped unscathed.
But it was a close call. Fortunately, the organisation didn’t suffer huge losses because we managed to catch it in time. But they’re one of the lucky ones – what were the chances that they’d have an audit at the exact moment the ransomware was lying dormant, ready to be triggered and deployed?
And that’s the problem with ‘static’ cyber security
Cyber criminals don’t care about accreditations or pentest reports. They aren’t interested in how many sessions of awareness training your team has sat through. They care about vulnerabilities that, in their hands, can become opportunities.
This means that it’s all well and good achieving cyber security certificates and accreditations. They serve a purpose for sure, especially in helping prove to external parties that you take security seriously.
However, they only ever consider a single point in time and a small number of factors. They never provide assurance that you won’t be hit by a cyber attack – they just give reassurance that, at a particular time, you achieved a certain level of preparedness.
It’s like having a certificate that your doors and windows have approved locks on them, but no CCTV to check that they aren’t being left open.
And that’s a problem for businesses genuinely looking to prevent cyber attacks, rather than simply prove they have put basic measures in place to meet compliance or accreditation requirements.
They’re trying to implement solutions without an accurate understanding of what their issues are in the first place. On top of this, there’s so much information available with so many different dashboards that it’s virtually impossible to separate what matters from the noise.
This is why more and more businesses are looking for solutions that provide them with full visibility of their environments, monitoring their network and systems around the clock and alerting them to any suspicious activity as it happens.
The latest generation of cyber security products offer help
The good news is that a whole new generation of cyber security products is coming onto the market to help fix these issues.
SIEM solutions (like our own Monikal product) bring together logs from across a network and devices and make it easy to see what’s happening and what’s out of the ordinary. These have been available to governments and enterprises for some time, but are now becoming affordable for SMEs too.
Artificial intelligence is being used by companies such as our partners Darktrace to tackle threats that haven’t ever been seen before. This means they can, for example, stop ransomware from getting into people’s email inboxes even before the type of attack has been recognised and blocked by traditional systems.
And threats don’t just pose a risk to your network – your organisation is also at risk from digital threats appearing on the deep and dark web. For example, there may be confidential data being sold, fraudulent claims being made and so on. Innovative services like SAGA from Munit.io(another Securious partner) make it easy and affordable to monitor what’s being said so you can take action if required.
Cyber security is moving into a new era thanks to technological advances and this means companies, regardless of their size, can have unprecedented levels of visibility against live threats to their network and devices.
It’s an exciting time but sadly the criminals don’t stand still either. However, you can bet the companies that fail to take advantage of the new generation of solutions will be the most vulnerable.
If you’d like to learn more and make sure you stay ahead of the pack, send an email to us at email@example.com or check out our latest products and services (including Monikal, Darktrace and SAGA) on our managed detection and response page at securious.co.uk/mdr