Our eir Cyber Secure Roadshow kicked off on 21st March in Cork, where attendees heard from industry experts on the cybersecurity challenges organisations are facing, and how they can protect their business.
A common theme running through the morning’s presentations was just how much everything has changed. Organisations are now trying to protect their businesses in a dynamic environment where cyber threats are coming from all angles.
The perimeter has been eroded and there are now multiple openings for cyber criminals, from the network and cloud to applications and mobile devices. The expert speaker line up at the eir Cyber Secure event in Cork focused on specific attack vectors and routes into a business, outlining the dangers and challenges organisations are facing, and giving attendees insights into how they can better protect their business.
Tom Long of Cisco spoke about how in an ideal world the Time To Detect (TTD) an unknown threat would be zero hours. And while he said that isn’t the case now, security vendors are making strides to reduce the time it takes their solutions to identify and block unknown threats. Once detected, threats need to be contained, and this is where planning and preparation come into play. Design and segmentation can help to dramatically reduce an organisation’s exposure to risk, and intelligence and insight give businesses the tools to recover.
There were plenty of examples throughout the morning of the increased complexity and firepower cyber criminals have at their fingertips. Bruce Ginger of Arbor Networks spoke about the sharp spike in volumetric DDoS attacks; in 2017 the largest DDoS attack was 641Gbps, which would cripple any organisation. In February in Ireland there were 790 DDoS attacks (almost 8 every hour) and the largest of which was 22Gbps. The consequences of these DDoS attacks are rising, which makes it a C-level issue, said Bruce. Organisations are not facing lone attackers anymore, they are dealing with complex criminal organisations.
If any one speaker highlighted the complex landscape organisations are currently facing, it was Paul Conaty of CWSI. In one slide Paul demonstrated how far mobile has evolved from the simple days of the Blackberry. The consumerisation of IT, WLAN saturation, proliferation of devices, identify management challenges, wearables, are just some of the challenges within this environment. And with so many moving parts, mobile has become a minefield for organisations. There is no one solution for mobile security, the best approach is a multi-layered approach includes being aware of what users are doing or want to do with their mobile devices, continuous testing of applications (Paul indicated that most mobile attacks will happen at the application level), and educating users on data loss prevention tactics.
Martin Anwyll of Cofense highlighted the importance of educating employees and using them as human firewalls in the fight against phishing emails. We heard how 80% of cyber-attacks will originate at the end user, so Cofense’s approach is to empower the user to not only identify phishing emails but to report them, thereby playing a more active role in an organisation’s security strategy.
John Hetherton of BSI Group reaffirmed the need for continuous testing, of systems and end users. BSI Group’s focus is penetration testing, where they attempt to infiltrate an organisation to identify existing vulnerabilities. John recommended organisations should conduct penetration testing at least once every year, and not just testing the network, but all avenues into an organisation: external network, web applications, web services, internal infrastructure, wireless and mobile. This regular testing will give organisations better insight into the state of their security and will ensure their security strategy doesn’t stand still in the midst of this ever-evolving area.
Finally, no security event would be complete without a presentation focusing on the upcoming GDPR deadline. Brendan Fay of Ward Solutions outlined all the challenges organisations are facing in the run up to the legislation being enacted but he was also quick to point out that data governance is good for business.
There’s little doubt that the cyber security world is a multi-faceted one, with challenges around every corner. But all speakers reaffirmed the same message: prepare, protect and manage. Understand the challenges, put measures in place to protect against them and continue to monitor and tweak your strategy for effective management.
If you’re responsible for your organisation’s IT security, network security, mobile security or GDPR compliance, eir business is holding a Cyber Secure event in Dublin on Thursday 29th March. Click here to book your ticket.