Cyber security: why we need threat detection and managed services

The security of systems and networks continues to be a source of concern for companies and not only because of growing international tensions and warnings of possible cyberwars. Over the past 12 months, many companies have suffered breaches of their networks and systems, experiencing operational crashes or data hijacking through the infamous ransomware, and being subjected to heavy ransom demands. In many cases, these were breaches that went undetected by security systems and administrators, leaving the systems at the mercy of criminals for the purposes of malware distribution, distributed denial of service (DDOS) attacks or data theft. Cases of embezzlement are often discovered when information becomes public knowledge or merchandise goes on sale on the dark web for other criminal actions, with detrimental consequences for the corporate image and possible damage for business partners and customers. Why is all this happening? Why is it that, despite modernisation and infrastructural investment in security, many attacks are still managing to get through the defences? What are the most critical points? Cybersecurity360 interviewed Marco Bavazzano, CEO of Axitea.

The risks arising from a false sense of security

One of the main reasons for exposure to cyber attacks is underestimation of the risk. Especially in small and medium-sized enterprises operating in production areas other than finance and critical services, a false belief reigns: that they do not need protection, they have no data of interest to cyber criminals and, in the event of an attack, they can defend themselves with simple backups. On the contrary, it is these realities that end up in the crosshairs of cyber criminals, both because they are easy targets and because they are the weak links in large supply chains where profitable attacks for criminal actions can be conducted. Seemingly worthless data can become dangerous weapons in the hands of criminals, for instance, to identify vulnerabilities in inter-company processes, carry out social engineering or other actions that can bring an illegal advantage. A further bogus sense of security may come from having already taken care to protect networks and systems, for instance, for LAN perimeter defence or anti-virus and anti-malware control. “Unfortunately, investment in individual vendor technologies is not sufficient to guarantee security ,” explains Bavazzano. Technology must be accompanied by operational processes and procedures that make the whole system resilient to attacks.” Buying individual components without a plan and strategy tailored to the specific infrastructure, process and people risks of the company is not a condition that inspires a sense of safety.

Why cybersecurity cannot do without threat detection

While there is a need to strengthen systems and networks to prevent attacks, it is vital to have the tools and capabilities needed to detect when one is under attack in time. This is a more common occurrence than one might think, which makes it important to have the skills to understand the networks involved, which systems have been compromised in order to nip the attack in the bud with the quickest and most appropriate countermeasures. This information can be used, at a later stage, to eliminate the weaknesses that allowed the attackers to enter. Hackers and cyber criminals need time to do the prospecting they need to penetrate into the heart of systems. And one of the problems is noticing the initial violations, before macroscopic effects such as functional blocks or other damage, intentionally created, follow. In most cases, especially when the aim is data theft, attackers take measures to conceal their presence, for instance, by erasing the traces left on the logs that record access. What do we need to do to defend ourselves? “We need to focus on our monitoring and detection capabilities, explains Bavazzano. Intrusions take place weeks or even months before the effects of an attack come to light, which is why it is important to have the means and processes in place to detect and react promptly to attempts that prepare for attacks.”

How to deal with the complexities of security with managed services

Security, which is fundamental for the resilience of modern digital business, is becoming increasingly complex, even for companies that invest the most in their IT infrastructure and have in-house teams trained specifically to its management. Defending systems and networks requires specialisation and continuous training, not only to improve our knowledge of the defence technologies and the sophisticated methods cyber criminals use to carry out attacks. The dynamism that allows companies to exploit market opportunities with new apps, business partnerships, people and process innovations is inevitably accompanied by an increase in security risks to be seamlessly identified and mitigated. If, despite its efforts, the company still ends up under cyber attack, then it must dedicate processes and resources to incident management. We need action plans that are always ready, tested and updated over time with useful actions to mitigate damage on different fronts: IT, administrative, operational and relational. In the case of breaches that have resulted in the exposure of privacy-sensitive data, the requirements of the GDPR and related regulations must be complied with, under penalty of exposure to heavy fines levied as a percentage of turnover. A useful approach for dealing with the complexity of security management is that of managed services. “This is an approach that is chosen by companies without the economic and organisational size to manage the various aspects of security themselves or that prefer to focus on their core business, explains Bavazzano. These entities have the advantage of choosing a security provider on the market that can offer tailor-made security services. This is done by creating procedures based on the company’s business model and the customer’s operational needs, and by capitalising on existing technology investments in order to prevent mismanagement from undermining capabilities and levels of protection.”

Source and full video interview: Cybersecurity360