Steve Law Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

Steve Law

Cybersecurity is not a one-stop-shop

960 640 Guest Post

By Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot

Boris Johnson announced the Government’s roadmap to lift Coronavirus restrictions for both businesses and the general public earlier in February, and since then, this has provided a glimmer of hope for many across the country. However, since the start of the pandemic, the way business is conducted has changed permanently, with many workforces wanting to continue to work remotely as lockdowns and restrictions ease over time.

So, as companies relax and rules are eased, life is expected to return to a form of ‘new normal.’ But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working. 

If anything, security should be more reinforced now than ever before to ensure all aspects of a business are secure. But this isn’t the case. Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot, detail the importance of embedding a trilogy security approach into organisations, and this is where a strong CSP/MSP relationship can be invaluable. 

The Risk Grows

Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 changes the working landscape. As indoor spaces begin to open in the next few months, employees will want to venture out to new spaces to work, such as coffee shops and internet cafes – but working on open networks and personal devices creates unlocked gateways for cyberattacks to take place. Since this hybrid and remote way of working looks like it’s here to stay, businesses must ensure they have the right infrastructure in place to combat any cyber threats. 

For instance, research by the National Cyber Security Centre shows that there has been a rise in COVID-19 related cyber attacks over the past year, with more than one in four UK hacks being related to the pandemic. This trend is not likely to ease up any time soon either. And, going forward, hackers could take advantage of excited travellers waiting to book their next holiday once the travel ban is lifted, deploying fake travel websites, for example. 

Aside from the bad actors in this wider scenario, part of the problem here is that many IT teams are not making use of a holistic and layered approach to security and data recovery; which can lead to damaging consequences as data is stolen from organisations. Such issues continue to resonate strongly across businesses of all sizes, who will, therefore, turn to their MSPs for a solution. 

The Importance of a Layered Approach 

Cybersecurity is not a one-stop-shop. A full trilogy of solutions is required to ensure maximum effect. This includes a layered combination of DNS networking, secure endpoint connections, and an educated and empowered human workforce. 

The need for DNS security cannot be ignored, especially with the rise of remote workforces, in order to monitor and manage internet access policies, as well as reduce malware. DNS is frequently targeted by

bad actors, and so DNS-layer protection is now increasingly regarded as an essential security control – providing an added layer of protection between a user and the internet by blocking malicious websites and filtering out unwanted material. 

Similarly, endpoint protection solutions prevent file-based malware, detect and block malicious internal and external activity, and respond to security alerts in real-time. Webroot® Business Endpoint Protection, for example, harnesses the power of cloud computing and real-time machine learning to monitor and adapt individual endpoint defences to the unique threats that users face.

However, these innovative tools and solutions cannot be implemented without educating users and embedding a cyber security-aware culture throughout the workforce. Humans are often the weakest link in cybersecurity, with 90% of data breaches occurring due to human error. So, by offering the right training and resources, businesses can help their employees increase their cyber resilience and position themselves strongly on the front line of defence. This combination is crucial to ensure the right digital solutions are in place – as well as increasing workforces’ understanding of the critical role they play in keeping the organisation safe. In turn, these security needs provide various monetisation opportunities for the channel as more businesses require the right blend of technology and education to enable employees to be secure.

The Channel’s Role 

Businesses, particularly SMBs, will look to MSPs to protect their businesses and help them achieve cyber resilience. This creates a unique and valuable opportunity for MSPs to guide customers through their cybersecurity journeys, providing them with the right tools and data protection solutions to get the most out of their employees’ home working environments in the most secure ways. Just as importantly, MSPs need to take responsibility for educating their own teams and clients. This includes delivering additional training modules around online safety through ongoing security awareness training, as well as endpoint protection and anything else that is required to enhance cyber resilience.

Moreover, cyber resilience solutions and packages can be custom-built and personalised to fit the needs of the customer, including endpoint protection, ongoing end-user training, threat intelligence, and backup and recovery. With the right tools in place to grow and automate various services – complemented by technical, organisational and personal support – channel partners will then have the keys to success to develop new revenue streams too.

Conclusion 

Hackers are more innovative than ever before, and in order to combat increasing threats, businesses need to stay one step ahead. Companies must continue to account for the new realities of remote work and distracted workforces, and they must reinforce to employees that cyber resilience isn’t just the job of IT teams – it’s a responsibility that everyone shares. By taking a multi-layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered. Within this evolving cybersecurity landscape, it’s essential for SMBs to find an MSP partner that offers a varied portfolio of security offerings and training, as well as the knowledge and support, to keep their business data, workforces and network secure.

Transitioning to Secure Remote Working During and Beyond COVID-19

960 640 Stuart O'Brien

By Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure

Organisations of all sizes that typically work in office environments have been thrown into the deep end due to the Covid-19 outbreak. Social distancing measures and restricting unnecessary travel has meant that a majority of companies had to unexpectedly revert to remote working. Many of these businesses quickly realised that they weren’t ready for this digital transformation, with recent research suggesting that UK firms are among the world’s least prepared for home-working.

With 25% of businesses having no crisis plan in place and 55% of employees having little to no experience of working from home, organisations have had to revise their working practices to be able to conduct their work digitally and remain effective. Technology plays a key role in enabling remote work, but many organisations did not have this planned in advance, and subsequently, are at a disadvantage due to their current inadequate technology solutions and infrastructure in place. This can lead to significantly increased security risks and concerns, as Steve Law, CTO, Giacom and Sébastien Gest, VadeSecure, explain.

Workplace Challenges

Workforces may not have access to the necessary devices from their homes such as work laptops, the correct video conference solutions or collaboration tools in place to perform their role. As a result, employees who are working from home will have to do so from their own devices. This ‘Bring Your Own Device’ (BYOD) phenomenon creates a security concern as not all personal electronic devices will have the correct level of security installed on them – the software may not be up to date, they may have an older version of Windows installed or no antivirus software available.

This creates an issue for both the consumer and the professional, as the same credentials are often used across multiple accounts at the same time. Hackers’ creativity is limitless and is becoming more sophisticated over time. Vade Secure has seen a shift in cyber criminals’ strategies, changing from attacking individuals with ransomware to instead using these individuals as a backdoor to gain access to corporate networks, and there is no better opportunity to do this than via individuals using their personal devices from home. However, by implementing the correct software and security solutions across all employees’ devices, these risks can be mitigated. 

Evolving threats 

The number of cyberattacks has continued to increase over time, with up to 88% of UK companies being targets of breaches in the last 12 months. However, hackers are taking advantage of the current coronavirus situation by sending phishing emails purporting to be PPE suppliers or medication. Recent statistics have found that since January 2020, there have been over 4,000 coronavirus-related domains registered globally, with 3% found to be malicious and 5% suspicious. These results heighten the importance of ensuring your workforce are securely remote working.

Over the last three months, as the coronavirus outbreak has unfolded, Vade Secure has seen a surge in spear-phishing and malware activities. Examples of this which have been found include capitalising on psychological aspects of the victims, including Covid-19 charity campaigns, fake mask and sanitiser suppliers, as well as stock and medications for purchases which don’t exist.

With 91% of cyber attacks using emails as their first vector, it’s more important than ever to ensure that your employees have a secure email network in place. No organisation is immune to the threat and companies which don’t have the right security software in place need to act now before it’s too late. By adding these security elements, companies can benefit from detecting and blocking features and using Artificial Intelligence to secure their networks and become notified when a non-legitimate email appears.

Securing the weakest link  

Often, the weakest link of an organisation is the employee, as 88% of UK data breaches are caused by human error. Employees are not security experts and can fall foul to phishing scams if they don’t have the right level of education or awareness. When working from home, your workforce is under more pressure to work both faster and harder, which can lead to mistakes being made. Staff members don’t have the time to check every email before they open them, but this one click can make all the difference.

Instead, by educating employees and making them more vigilant, they will be able to spot scams and cyber attacks before the damage is done. Combined with the right security software that uses techniques such as alert ‘pop-ups’ to prompt users to check emails before clicking on links, for example, the workforce will become more aware of the signs to look out for. By enabling users to make an informed decision about the nature and legitimacy of their email before acting on it, organisations can now mitigate against this high-risk area.

Conclusion

In order for organisations to limit the number of insider data and security breaches,  particularly when working remotely, it’s crucial for employees to understand the role they play in keeping the company’s information secure. By preparing in advance and having a secure contingency plan in place which provides employees with the necessary devices and security, companies will be in a stronger position to defend their systems against hackers. In addition to this, supporting employees with training will allow workforces to understand the evolving risks they face, and how to keep their information and systems secure.