Webinar recap: rethinking your cyber security strategy for 2022

The latest Ekco webinar saw three security experts discuss how IT Leaders should approach their cyber security strategy in 2022 and beyond.

The panel discussion was hosted by Ekco’s Mike Hooper, who was joined by Luke Potter, Chief Operating Officer at CovertSwarm, Xiuyuan Yu, Security Consultant at Ward Solutions, and Hylton Stewart, Information Security Manager at Ekco.

Watch the full recording of the session here or read on for our key takeaways–covering everything from the top security challenges IT leaders face today, to what the next big attack might look like.

The session started by discussing the rise in attacks that are caused by the ongoing conflict in Ukraine, which we wrote about last week.

Over the past two years, since remote working became the norm during national lockdowns, organisations have built up a significant amount of technical debt. Now, as we return to some form of normality, Hylton suggests that it’s time to look at what vulnerabilities were created during this period: “In the current climate, with the increased risk of cyber attack, it’s only now that this technical debt is coming to the fore. Where is your data? Where are your endpoints? There is no network perimeter anymore. It’s no longer just the office with a firewall that you can secure – now it’s everywhere.”

“It’s one of your employees on their mobile phones, in a coffee shop or working on their laptop by the side of a river. That’s now your perimeter and visibility into this is a huge issue for the security profession.”

And regardless of where your people work or your security controls, people will always be your weakest link, as Luke explains: “The best thing you can do is breed a culture of don’t follow links in emails… Show people actual attacks. Tell a story so they can see why this matters, so that it’s not some fictitious thing.”

A security challenge that all of our experts touched on was the changing attack surface, caused by remote working, and why this requires a new approach to security. “Even a few years ago,” Luke said, “the rate of change was glacial. But today, anyone on this call will have probably made three or four changes to their environment. Attackers know this. Pen testing once a year was fine when nothing ever moved along. But when things are changing, you’ve got this massive gap. You’ve got to look at [security] as a continuous process.”

Visibility into your attack surface, which may have changed drastically over the past couple of years, is crucial. When a new vulnerability hits the headlines, if you already understand your attack surface, you are saving yourself time and effort, Luke explains: “there’s often a scramble when [a new threat] comes out. Do we have this? Are we vulnerable? Are we not? Because organisations don’t know what their attack surface is, they start from the outside because that’s where the threat is.”

Xiu added that threat hunting offers a way for IT teams to understand their attack surface by proactively searching to detecting and isolating advanced threats that may go undetected by traditional security solutions: “This helps security teams understand the infrastructure and network that they are protecting. The more they know, and the more visibility into their systems they have, the more likely they are to find the indicators of compromise.”

Finally, Hylton added that improved execution of security fundamentals is driven through the increased visibility that the panel keep coming back to: “It’s not a very popular opinion, but the reason we always talk about ransomware, user awareness training, patching etcetera, is because the execution could be improved. By looking at things from the outside, you can understand your exposure and then focus on that to drive your execution. That way, we won’t be talking about the same base requirements in a year or two’s time.”

Now we understand what the threats are and why visibility into your attack surface is crucial, how do you communicate this in a meaningful way to secure support from stakeholders, as Luke explains, “If you can go in and say ‘we were breached last week’ talking in a scenario-based way rather than generally preaching about security, the conversation will fundamentally change. It resonates with people. They won’t care about the 10,000 vulnerabilities you’ve got this month. They’ll say, ‘how many will you have next month?’ whereas you want them to say ‘how can I help?’”.

Similar to Luke’s advice on communicating the risk of links in emails, his advice for board-level conversations and stakeholders centres around real-world examples that can shock and educate your audience on why security matters.

Given the continued move to cloud-first practices, multi-cloud environments are becoming more and more common. As always, new ways of working bring new risks, and the panel had some great insights into how you can protect your environment.

“the first thing security officers want to find out is what the business aims to achieve with this multi-cloud environment,” explained Xiu, “Before deciding what controls and protections we’re going to implement, it’s essential to have an idea of the threats and attacks that we could be facing once the cloud is in place. Then we can propose a security strategy targeting those threats.”

When it comes to operating across clouds, risk is introduced when two different cloud platforms are treated as the same, as Hylton explains: “Often, companies try and copy the same controls across two cloud providers or workloads. If you’re running VMs in Azure but serverless in AWS, you won’t find the same controls.”

“You also need to be aware that multi-cloud increases your supply chain exposure, it increases your attack surface and it reduces visibility a bit. It all comes back to the same issues.”

Luke added several considerations for multi-cloud, which are summarised below. For more detail, listen to the webinar recording here.

• Do your due diligence: Even the biggest cloud providers have had outages that affect entire availability zones for hours. Make sure you carry out financial due diligence on your upstream providers so you understand the risks a new cloud provider introduces.
• The importance of disaster recovery (DR) planning: Putting a DR plan in place that allows you to spin up in another location in four hours, for example, is much better than trying to quickly rebuild your now-offline environment on an entirely different cloud platform.
• If your cloud platform went down, how would you communicate? Whether through Signal, WhatsApp or SMS, make sure you have a way to re-establish comms in the event of an outage.

At Ekco, our next-generation security services will supercharge your IT. From defence to threat detection and incident response, we cover all bases, so that you can focus on the future.  Get in touch today for a quick, no-obligation chat with our security specialists. We’re always happy to help.