[INTERVIEW] Cyber resilience is the ultimate game changer. It’s time for organisations to level up!

Nabil Nistar, Heimdal®: “If organisations have not upped their endpoint protection and patching capabilities, it should be on top of their list. When it comes to Ransomware protection, aggressive monitoring and watching out for anomalous behaviours is not an overkill.”

We spoke to Nabil Nistar, Heimdal's product specialist, in an exclusive interview to understand his thoughts on the state of cyber security. We covered shifts in the market, real examples of what's happening, and explored how Heimdal products can protect businesses from such threats mentioned, ensuring cyber resilience.

Read the full interview below...

Each year around this time, it seems like a fresh wave of malicious security threats emerges, severely impacting businesses. What has changed this year?

The change is that it has gotten worse. Sure, we haven’t finished talking about the Colonial Pipeline breach or the supply chain ransomware attack faced by a very prominent IT MSP in 2021. The ramifications of these are still going on.

While we wait for that 2022 big-ticket tropical item to hit the news, the pattern and trends are quite obvious. Threats are getting increasingly sophisticated and threat actors have skilled up their game. Bad actors are increasingly adopting advanced AI-powered offensive techniques to outpace human intelligence – possibly more so than defensive cybersecurity technology.

The sophistication along with the speed and scale of attacks we are seeing poses an imminent risk to enterprises, vital services, critical infrastructures, and even small and medium businesses that supply to government and public sector. Rather than a big splash, the new wave of attacks will be self-learning, evolving, and operating sneakily. This may seem far-fetched but the toolkits to launch malicious AI exists and it is only a matter of time. The industry and security teams have to be prepared.

Switching gears, over the last few years, we have witnessed mass adoption of productivity, security, and collaboration suites, namely organisations moving to Microsoft 365 and Google Workspace (rising in popularity). The monoculture created by Microsoft has bad actors on both spectrums - basement script kiddies to the advanced nation-state actors focus their efforts on breaking in and getting maximum ROI.

This year, Microsoft was targeted by a hacking collective called Lapsus$. Luckily, Microsoft managed to act swiftly and minimise the compromise. But the important takeaway is for organisations to take a layered approach to security that complements the native security of their productivity and collaboration suites.

What are the biggest challenges organisations face when it comes to cybersecurity?

Regrettably, cybercrime pays but this year we are also witnessing more and more politically charged attacks. So bad in fact, Red Cross was a victim with more than half a million records compromised!

Charities aside, Healthcare, Financial Services, and Manufacturing industries remain among the top targeted verticals. The prevalence of ransomware is concerning and should be addressed as a matter of urgency.  The NHS in the UK is facing a crisis with electronic records being held ransom in exchange for Bitcoin. Are these politically charged to disrupt or fund wars? It is hard to say but disruption of health services means patient and urgent care suffers. This is on top of an already overburdened organisation, not yet recovered from the pandemic-related trials.

The biggest challenges are a disruption to business operations, erasure or hostage of critical data/digital assets, and reputational damages. Meanwhile, the cost of data breaches is surging. According to Ponemon Institute, the data breach average cost increased 2.6% from USD 4.24 million in 2021 to USD 4.35 million in 2022. The average cost has climbed 12.7% from USD 3.86 million in the 2020 report (source – Cost of Data Breach Report 2022, Ponemon Institute).

Sensitive information, personal records, financial/HR records, intellectual property (IP)… every piece of digital information created is vulnerable and an opportunity for threat actors. And some of these nation-state-sponsored attacks are so well funded and organised too.

More needs to be done by organisations.

What are the main types of security breaches that you see? Is it as simple as phishing emails? Or is it deeper than that?

Ransomware needs no introduction at this point. It is safe to say that this threat has mutated. A few years back we heard about Ransomware as a Service (RaaS) which is similar to the SaaS models where a non-technical person can procure, buy and launch ransomware attacks for a fee complete with 24/7 support and step-by-step guides!

This has normalised Ransomware and it is within the reach of anybody with malicious intent. As with any marketplace, the services will get competitive and more players (service providers) will emerge in this space.

If organisations have not upped their endpoint protection and patching capabilities, it should be on top of their list. When it comes to Ransomware protection, aggressive monitoring and watching out for anomalous behaviours is not an overkill.

Phishing is still prevalent. The majority of the attacks are spam/opportunistic based, which is usually just a hindrance. But it is those 1-3% of the sophisticated and tailored types of phishing that causes the most damage.

Business Email Compromise (aka CEO fraud) is so personalised and geo-targeted that many are still falling as victims and unknowingly spilling credentials, and sensitive information or paying funds. Just how do they know that the CEO is in the Bahamas and needs you to urgently look at the attached report? Or need finance to complete a payment urgently?

Even a harmless phishing attempt may include hidden trackers revealing your IP and geo-location. A bit of social engineering and reconnaissance is enough to create a tailored phishing attack. This will continue and get more complex over time. More user awareness training and a layered email security approach should be part of every organisation’s strategy. Relying on just native Microsoft or Google email security is simply not enough.

Cloud-hosted Malware is on the rise. Cloud environments are more resilient than their counterparts, however, there is an increasing threat of attackers injecting malware codes into virtual machines, files, or systems. If an unsuspecting user downloads a malicious file on their device, the attacker can access, infect and encrypt data. Think of the possibilities if malware is injected into Microsoft OneDrive or Google Drive that most companies rely on. A good defence strategy for cloud-based malware includes strong Endpoint protection and a robust identity and access management policy.

According to new research, AI/automation, Zero Trust, and XDR enable a more cohesive defence of the enterprise attack surface and save money in the long run. Would you agree?

Yes. An interesting find from Ponemon Research, states that organisations that leverage AI/Automation, Zero Trust, and a mature Incident Response plan on average save $2 million or more compared to an organisation without the tools or capabilities.

XDR technologies have helped save an average of 29 days in breach response time!

This (and more) is what Heimdal® brings to the table. Our XDR spans an organisation’s entire IT estate to provide real-time and proactive security from detection to remediation. And we do that by leveraging our deeply integrated AI-driven technology in combination with our highly skilled and trained security experts. Essentially, we then become the eyes and ears of an organisation.

Zero Trust as a concept has a good buy-in from the CISOs but in reality, many organisations have failed to adopt it successfully.

Why?

• Reactive by design (traditional security)
• Trusting by default (legacy IT systems)
• Reliance on single point-solutions
• Distributed workforces
• Decentralised IT ecosystems
• Digital Transformation implemented wrong

The Zero Trust mindset is that a breach is ‘inevitable’ or likely to occur. Therefore, limit access across the IT estate to only what is needed. Practically, it requires a lot of planning, as otherwise, it can be quite disruptive to business operations.

This is another area where Heimdal® shines, our Privileged Access Management (PAM) helps security leaders adopt Zero Trust, by allowing the right access to the right people at the right time without any disruptions. It also helps data protection and audit trails to name a few other benefits.

Lastly, as another example, when it comes to our threat detection side of things, Heimdal®’s AI-driven “Character-Based” Neural networks intelligence, can predict tomorrow’s threats today, with a 96% accuracy.

Let's talk about data visualisation and visual analysis technologies. What are the most important business benefits seek to gain from deploying data visualisation?

Visualisation is extremely important. Security practitioners and leaders alike need visualisation to make sense of metrics, monitoring, logs, anomaly detection, forensics, malware analysis, and more.

The volume of big data combined with machine learning and data engineering outputs requires better tooling for analysts to make sense of things without clutter or clunky interfaces. Data are also ingested from many sources, for example, networks, emails, and endpoints to name a few. Ultimately, rather than sifting through multiple logs, using data visualisation means the important Indicators of Compromise (IoCs) are always visible to security teams.

Without giving too much away, at Heimdal® we intend to announce a revolutionary new toolkit that will empower security teams and leaders to detect, hunt, and remediate cyberthreats swiftly, all through the power of visualisation and within a single command and control platform. Stay tuned for more on this!

How is Heimdal® able to successfully compete in what many regards as an overcrowded market?

Indeed, the cyber ‘industryscape’ is crowded. There is no lack of solutions and in fact, there are vendors specialising in every area of cybersecurity imaginable. But the emergence of more point products has resulted in creating complexity across organisations.

I remember reading an article as well as speaking to industry peers, that some enterprises are averaging more than 45-50 different tools. Unless you can afford an army of security personnel, adopting multiple tools may harm security response and can get overwhelming.

Some of the issues are:

- ‘Alert fatigue’ from the noise created by various security tooling
- Disparate tools not talking to each other and sharing meaningful intel
- Lack of resources and skilled analysts to manage siloed tools
- Threat hunting and mitigation is an arduous task
- Reporting becomes a nightmare – too many systems to toggle in and out of
- Security Orchestration and Automation Response (SOAR) integrations come at a premium

The complexity created by a point or siloed products creates a window of opportunity for threats to crawl in and laterally spread. And if you add the use of legacy systems and how distributed the workforce/IT is nowadays. The result is, that security teams are forever in reactive mode and constantly putting out fires. API integrations exist to connect technologies and vendors but they can be expensive and time-consuming to set up and run for organisations that are under pressure.

We have taken a different approach at Heimdal® with our unified, intelligent and integrated threat platform. Our AI-powered security components or modules have been carefully designed to work as one, creating a layered or defence-in-depth approach to give organisations the strongest possible security and allowing organisations to replace up to 7-point products with our fully unified solution.

Our solutions are also complimentary to organisations that are Microsoft-dependent by enhancing Microsoft’s native security and creating that all-important secondary lock across the board from blocking malicious traffic to securing devices, endpoints, users, and applications. Thus, also securing the investments made in Microsoft by organisations.

With over 11k+ customers globally, multiple awards, and appraised by the likes of the FBI, working with EUROPOL/USDOJ – Heimdal® continues to be a leading force in the industry and the preferred security partner for customers.