NTT Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

NTT

Cybersecurity in 2022: A view from the experts

1024 682 Stuart O'Brien

There is no doubt that this year has been a year of disruption, change and opportunity within the cybersecurity industry. With 2022 on the horizon, find out what the experts have to say about the top trends impacting the industry now and what to look out for in the future…

Carlos Morales, VP Solutions, Neustar Security Solutions:

“Cybercrime has become a lucrative and mature market. We have witnessed the proliferation of extortion tactics and the huge disruption they can cause to both public and private interests. Meanwhile, criminal groups have openly collaborated with peers – aligning their strategies, picking targets, and agreeing on safe-havens. This sophistication, combined with a booming market, means that what were once individual criminal ‘groups’ and malicious actors are now fully-fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets.

“As a result, we will see stronger strains of existing well-known malware and refined attack strategies emerge, while targets become ever more ambitious. What’s (or rather, who’s) next? Public infrastructure and large, private businesses that provide vital services (like cloud providers or data centres) will likely remain at the top of the target list – with the risk of the potential knock-on effects making paying-up an enticing offer. Organisations really need to implement an ‘always on’ approach to network security to ensure fast and automated responses to attacks and they need to partner with security providers that continually evolve their defence capabilities.  These new best practices offer far, far more cost-effective in the long run and provide peace of mind for organisations.”

Jim Hietala, Vice President of Business Development and Security, The Open Group

“2021 saw the emergence of Zero Trust security architecture as the forward-looking security architecture, and as a consequence, we also saw vendors using and abusing Zero Trust in their messaging. In 2022, we expect to see Zero Trust move from concept to practical implementation, with the availability of more vendor-neutral industry standards and best practices, including reference models and architectures that will help end users to build viable, multi-vendor security architectures based on Zero Trust principles. Open standards will be key to this development.”

Stephan Jou, CTO Security Analytics, Interset at CyberRes, a Micro Focus Line of Business

“All indications are that AI technologies will be increasingly prevalent in cybersecurity. This includes everything from the increasing adoption of technologies like UEBA by enterprises, surveys that show investment in AI by SOC teams, and the adoption of ML and other AI methods by SIEM, IAM and other systems.

“However, the types of AI that will be adopted in 2022 will be focused on specific, battle-tested techniques such as statistical learning, anomaly detection, and (in a more limited capacity) NLP. Certain areas of AI research, such as large language models (like GPT-3), will not be heavily adopted in 2022 for cybersecurity. This is because there is not yet a good use case match within cybersecurity for those technologies, and also because the computationally expensive and non-transparent nature of these approaches do not lend themselves well to the SOC needs at present.”

Kai Waehner, Field CTO and Global Technology Advisor, Confluent

“Cyber threats are not new. However, our more and more connected world increases the risks. Successful ransomware attacks across the globe enforce enterprises to take action by implementing situational awareness and threat intelligence in real-time at scale to act proactively against cyberattacks.”

Fabien Rech, EMEA Vice President, McAfee Enterprise

“Our reliance on API-based services is rising, as they quickly become the foundations of most modern applications. This is only set to rise further in 2022, as global use of the internet, 5G, and connected devices continues to boom – this year alone, we saw a 57% increase in online activity.

“Often business-critical data and capabilities lie behind these APIs, and cybercriminals have been quick to take note of this and exploit the increase in API usage. However, attacks targeting APIs go undetected in many cases, as they are generally considered trusted paths and lack the same level of governance and security controls.

“It’s therefore critical that enterprises make API security a priority next year. Organisations must ensure they have visibility of all application usage across their systems, with the ability to look at consumed APIs. Adopting a Zero Trust mindset will support this. It allows enterprises to maintain control over access to the network and all its instances, including applications and APIs, and restrict them if necessary.

“Shoring up on API security is particularly crucial amidst the current supply chain crisis, as APIs are often used as an entry vector for wider supply chain attacks due to their interconnected nature. Next year, supply chains will continue to be a prime target for hackers, and so enterprises should look one step ahead and use threat intelligence solutions to predict and prevent API attacks before they take place.”

Rory Duncan, Security Go To Market Leader UK at NTT

“This year, as we’ve started to recover from the pandemic, demonstrating effective cyber-resilience has become more crucial than ever. This will continue to be a priority for organisations as we move into 2022, as the shift towards permanent hybrid working models for many enterprises will put continued pressure on their ability to detect threats. It’s essential that businesses leaders prioritise security, especially as the trusted perimeter expands to encompass remote users.

“As businesses consider their 2022 hybrid workplace strategies, they need to revisit and re-evaluate security from the ground up and assess where they may have unwittingly created gaps in their security armour. 80.7% of IT leaders have said it’s more difficult to spot IT security or business risk when employees are working remotely, so ensuring visibility by developing a multi-pronged approach to re-imagining enterprise security will be fundamental in 2022.

“The ability to respond quickly and effectively across the distributed IT environment will be paramount next year. The number of cyber-attacks in the headlines is only rising and it’s no longer a case of “if” but “when” an attack will occur. Ultimately, your business will be more exposed if it doesn’t have the right security measures and response capability in place.”

Pritesh Parekh, VP of Engineering and Chief Trust & Security Officer at Delphix

“With intense scrutiny on how businesses prepare for and respond to breaches next year, it’s clear that security and compliance concerns will be the key determinant for any interactions with third parties – whether customers, partners, or vendors. Following the pandemic, digital guides every third party interaction – potentially exposing data as soon it moves outside of the business’s digital walls. Endpoints have become beyond critical when it comes to securing data, but you can’t always control your endpoints if they exist within another organization, right? The answer is, you must, meaning that technology vendors who don’t rise to the occasion and implement the same standards as their enterprise customers will lose business, big time.”

Keith Glancey, Director of Technology Western Europe, Infoblox

“Cybercrime is getting organised. Gone are the days of lone hackers operating from back bedrooms. Cybercriminals are banding together to form businesses, using the dark web to recruit new “talent” and advertise “jobs” they’re looking to fulfil. With bigger businesses behind attacks, the stakes are significantly higher for organisations under fire. It’s not just businesses, either – we’re seeing an increasing number of nation state-led attacks from major players like Russia, China and the US. Their target? Personal data.”

“This systematic approach to cybercrime is a continuation of a broader trend towards “as-a-service” business models. Cybercrime-as-a-Service (CaaS) brings together malware developers, hackers, and other threat actors selling out or loaning their hacking tools and services to people on the dark web. Ultimately, CaaS makes these tools and services accessible to anyone who wants to launch a cyberattack, even those without the technical knowledge to do so.”

UK’s manufacturing sector facing COVID-19 cyber threats

960 640 Stuart O'Brien

Manufacturing is now the most attacked sector representing almost a third of all cyber attacks in the UK & Ireland, while Technology was the most attacked sector globally.

That’s according to the 2020 Global Threat Intelligence Report (GTIR) from NTT, which says that despite efforts to layer up defences, many organisations are unable to stay ahead of attackers, while others are struggling to do the basics like patching old vulnerabilities. 

NTT asserts that manufacturing increasingly faces financially motivated data breaches, global supply chain risks and risks from unpatched vulnerabilities. The UK was the only country (apart from Hong Kong) this year where Manufacturing topped the list of most attacked sectors, representing 29% of all attacks, with Technology (19%) second and Business and Professional Services (17%) third. Government and Finance made up the other two sectors in the top five. 

Reconnaissance attacks accounted for half of all hostile activity in the UK and Ireland, with web application the next most common form of attack (22%). Reconnaissance activity (60%) was also the most common attack type against manufacturers followed by web application attacks (36%).

Rory Duncan, Security Go-to-Market Leader, NTT, said: “UK manufacturing has become a major target for attackers in recent years as a result of the increased risks brought about from the convergence of IT and Operational Technology (OT). The biggest worry is that security has lagged behind in this sector, potentially exposing systems and processes to attack. Poor OT security is a legacy issue; many systems were designed with efficiency, throughput and regulatory compliance in mind rather than security. In the past, OT also relied on a form of ‘security through obscurity’. The protocols, formats and interfaces in these systems were often complex and proprietary and different from those in IT systems, so it was difficult for attackers to mount a successful attack. As more and more systems come online, hackers are innovating and see these systems as ripe for attack.

“Now more than ever, it’s critical for all organisations, regardless of sector or region, to pay attention to the security that enables their business; making sure they are cyber-resilient and secure-by-design, which means embedding privacy and security into the fabric of their enterprise architecture and organisational culture. The current global pandemic and the flow of trusted and untrusted information used to mask the activities of cyber criminals has shown us that they will take advantage of any situation. Organisations must be ready to respond to these and other threats in a constantly evolving landscape.”

The 2020 Global Threat Intelligence Report calls last year the ‘year of enforcement’ with the number of Governance, Risk and Compliance (GRC) initiatives growing, creating a challenging global regulatory landscape. Several acts and laws now influence how organisations handle data and privacy, including the General Data Protection Regulation (GDPR), which has set a high standard for the rest of the world. The report provides organisations with recommendations to help navigate compliance complexity, including identifying acceptable risk levels, building cyber-resilience capabilities and implementing solutions that are secure-by-design.

The 2020 GTIR – the eigth annual report – analyses and summarises trends based on log, event, attack, incident and vulnerability data from trillions of logs and billions of attacks. To learn more about how this year’s GTIR offers organisations a robust framework to address today’s cyber threat landscape, and to learn more about the emerging trends across different industries and regions, including the Americas, APAC and EMEA, follow the link to download the NTT Ltd. 2020 GTIR

Global Highlights: 2020 Global Threat Intelligence Report:

  • Most common attack types accounted for 88% of attacks: Application-specific (33%), web application (22%), reconnaissance (14%), DoS/DDoS (14%) and network manipulation (5%) attacks.
  • Weaponisation of IoT: Botnets like Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities. Mirai and IoTroop are also known for spreading through IoT attacks, then propagating through scanning and subsequent infection from identified hosts.
  • Old vulnerabilities remain an active target: Attackers leveraged those that are several years old, but have not been patched by organisations, such as HeartBleed, which helped make OpenSSL the second most targeted software with 19% of attacks globally. A total of 258 new vulnerabilities were identified in Apache frameworks and software over the past two years, making Apache the third most targeted in 2019, accounting for over 15% of all attacks observed.
  • Attacks on Content Management Systems (CMS) accounted for about 20% of all attacks: Targeting popular CMS platforms like WordPress, Joomla!, Drupal, and noneCMS, cyber criminals used them as a route into businesses to steal valuable data and launch additional attacks. Additionally, more than 28% targeted technologies (like ColdFusion and Apache Struts) support websites.

Third of C-Suite execs would pay hacker’s ransom demands rather than invest in more security

960 640 Stuart O'Brien

One third of global business decision makers report that their organisation would try to cut costs by considering paying a ransom demand from a hacker rather than invest in information security.

In the UK, this figure drops to a fifth (21 per cent) of respondents. The findings from the 2018 Risk:Value Report, commissioned by security specialist NTT, show that another 30 per cent in the UK are not sure if they would pay or not, suggesting that only around half are prepared to invest in security to proactively protect the business.

Examining business attitudes to risk and the value of information security, NTT Security’s annual Risk:Value Report surveys C-level executives and other decision makers from non-IT functions in 12 countries across Europe, the US and APAC and from multiple industry sectors.

The findings are particularly concerning, given the growth in ransomware, as identified in NTT Security’s Global Threat Intelligence Report (GTIR) published in April. According to the GTIR, ransomware attacks surged by 350 per cent in 2017, accounting for 29 per cent of all attacks in EMEA and seven per cent of malware attacks worldwide.

Levels of confidence about being vulnerable to attack also seem unrealistic, according to the report. 41 per cent of respondents in the UK claim that their organisation has not been affected by a data breach, compared to 47 per cent globally. More realistically, of those in the UK, 10 per cent expect to suffer a breach, but nearly a third (31 per cent) do not expect to suffer a breach at all. More worrying is the 22 per cent of UK respondents who are not sure if they have suffered a breach or not.

Given that just four per cent of respondents in the UK see poor information security as the single greatest risk to the business, this is unsurprising. Notably, 14 per cent regard Brexit as the single greatest business risk, although competitors taking market share (24 per cent) and budget cuts (18 per cent) top the table.

When considering the impact of a breach, UK respondents are most concerned about what a data breach will do to their image, with almost three-quarters (73 per cent) concerned about loss of customer confidence and damage to reputation (69 per cent). This is the highest figures for any country.

The estimated loss in terms of revenue is 9.72 per cent (compared to 10.29 per cent globally, up from 2017’s 9.95 per cent). Executives in Europe are more optimistic, expecting lower revenue losses than those in the US or APAC.

The estimated cost of recovery globally, on average, has increased to USD1.52m, up from USD1.35m in 2017, although UK estimates are lower at USD1.33m this year. Globally, respondents anticipate it would take 57 days to recover from a breach, down from 74 days in 2017. However, in the UK, decision makers are more optimistic believing it would take just 47 days to recover, one of the lowest estimates for any country.

Kai Grunwitz, Senior VP EMEA, NTT Security, said: “We’re seeing almost unprecedented levels of confidence among our respondents to this year’s report, with almost half claiming they have never experienced a data breach. Some might call it naivety and perhaps suggests that many decision makers within organisations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view.

“This is reinforced by that worrying statistic that more than a third globally would rather pay a ransom demand than invest in their cybersecurity, especially given the big hike in ransomware detections and headline-grabbing incidents like WannaCry. While it’s encouraging that many organisations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”

According to Risk:Value, there is no clear consensus on who is responsible for day to day security, with 19 per cent of UK respondents saying the CIO is responsible, compared to 21 per cent for the CEO, 18 per cent for the CISO and 17 per cent for the IT director. Global figures are very similar.

One area of concern, however, is whether there are regular boardroom discussions about security, with 84 per cent of UK respondents agreeing that preventing a security attack should be a regular item on the Board’s agenda. Yet only around half (53 per cent) admit it is and a quarter don’t know.

UK respondents estimate that the operations department spent noticeably more of its budget on security (17.02 per cent) than the IT department did (12.94 per cent). This compares to the global figures of 17.84 per cent (operations) and 14.32 per cent (IT), on average.

Each year the NTT Security Risk:Value report shows that companies are still failing when it comes to communicating information security policies. An impressive 77 per cent in the UK (compared to 57 per cent globally) claim to have a policy in place, while 10 per cent (26 per cent globally) are working on one. While 85 per cent of UK respondents with a policy in place say this is actively communicated internally, less than a third (30 per cent) admit that employees are fully aware of it.

In terms of incident response planning, the UK is the most well prepared with 63 per cent of respondents saying their organisation has already implemented a response plan, well above the global figure of 49 per cent, while 18 per cent are in the process. Just 1 per cent in the UK say they have no plans to implement an incident response plan.

“The UK is leading the pack when it comes to planning for a security breach or for non-compliance of information/data security regulations,” added Kai Grunwitz. “Given that the GDPR has just come into force, this is encouraging. However, while the majority claim their information security and response plans are well communicated internally, it seems it’s only a minority who are ‘fully aware’ of them. This continues to be an area that businesses are failing on time and time again and needs to be addressed as a priority.”

For further information on NTT Security’s 2018 Risk:Value report and to download a copy, visit: https://www.nttsecurity.com/en-uk/risk-value-2018

NTT-ThreatQuotient

NTT Security and ThreatQuotient partner to deliver Threat Intelligence Services

960 640 Stuart O'Brien

NTT Security has announced a partnership with ThreatQuotient to broaden its threat intelligence capabilities.

ThreatQuotient’s threat intelligence platform (TIP), ThreatQ, will serve as the cornerstone of NTT Security’s new threat intelligence services offering.

The platform’s flexible architecture for aggregating and correlating threat data will enhance NTT Security capabilities for bringing detailed, relevant threat intelligence to NTT Group clients through managed security services.

NTT Security and NTT Group’s operating companies Dimension Data, NTT Communications and NTT DATA, as well as their clients, provide visibility into the methods of malicious actors on the internet.

Analysts from NTT Security’s Global Threat Intelligence Centres (GTIC) will be using ThreatQ to process this data and turn it into actionable threat intelligence that can benefit its consulting and managed services clients.

ThreatQ will also fully integrate into NTT Security’s Global Managed Security Services Platform (GMSSP). This will enable NTT Security to collect data about attacks on client systems and disseminate the resulting threat intelligence to the Advanced Analytics Engine and expert SOC analysts, plus also respond to and proactively stop these attacks in real time.

Many of NTT Group’s enterprise clients also have their own in-house threat intelligence capabilities generating data they are willing to share and collaborate with partners. By integrating internal client data with NTT Security’s intelligence within ThreatQ, NTT Security claims it will have more context to better protect the managed systems.

NTT Security will also be using the ThreatQ platform to enhance its consulting services.

ThreatQ uses the standard STIX/TAXII1 protocols for communicating threat data to other security devices, which will allow NTT Group’s clients to consume threat intelligence generated by the GTIC. This capability can be used to provide data to a client’s own in-house threat intelligence teams via its own TIP or send it directly to security infrastructure, including Security Information and Event Management (SIEM) platforms, ticketing systems, network security devices and endpoints.

“NTT Security’s global managed security services and channel program is exactly the type of model that we strive to be part of as we work to reach more organizations that need deeper support to get a threat intelligence program off the ground, or get more value out of existing strategies,” said Matt McCormick, SVP Business and Corporate Development, ThreatQuotient.

Steven Bullitt, Global VP Threat Intelligence and Incident Response at NTT Security, commented: “Our partnership with ThreatQuotient is designed to help NTT Group clients proactively protect themselves based on the real-world threats they face every day. ThreatQ’s built-in integration with many of the leading threat intelligence sources as well as NTT’s own detecting and collecting threat intelligence will also enable us and these clients to get the data we need. Meanwhile, the flexible deployment options for ThreatQ will also help clients who want to build out their own capabilities.”