Written by Kathryn McKenna, Editor at Sync NI
When a cyber attack occurs, immediate and well-prepared actions are crucial in order to limit the risks.
Prior to this, protection and prevention are essential in order to ensure all of the necessary steps have been taken to prevent an attack from occurring in the first place. This may seem obvious but far too often the basics of cybersecurity are overlooked leading to a breach. Should an attack occur, being prepared and understanding our roles, responsibilities and the exact actions we need to take, will help mitigate the risks and, importantly, the potential impact.
This is the advice according to Richard Ford, Chief Technical Officer at Integrity360, whose career has spanned almost 20 years working in the IT sector, with the vast majority spent in cybersecurity. This includes the last twelve years of which Richard has spent with Integrity360 overseeing the growth and development of the global security firm’s technical capabilities.
Richard spoke exclusively to Sync NI following his appearance with Brian Martin at the recent Integrity360 Security First conference at the ICC, Belfast. Richard and Brian led an immersive exploration surrounding the theme of ‘Solving the human cyber equation,’ which involved a discussion of forward-looking insights inspired by the latest industry trends, as well as exploring the critical factors shaping today’s security environment.
“Companies need to think about, how do we prepare ourselves before an incident happens? That is probably the most important step,” Richard explains. “Companies who have taken this vital first step are aware of the subsequent actions they need to take if an attack occurs and who is responsible for each of those actions. Speed is of the essence.
“In our experience, the organisations that aren't prepared, are the ones who make the mistakes and feel the widest impact.” When an incident does hit, the first line of defence is often your users so making sure your users are aware so they can report it, then remediation actions can begin as soon as possible. The next step should be to engage an incident response team. “If you're in a big organisation, you might have your own internal team but most haven't, so this means accessing an external one. This should be sourced ahead of time so you are not in a panic and the IR team can hit the ground running,” Richard explains.
In terms of actions, it is vital that the systems which are compromised are disconnected – but not turned off entirely. “This unfortunately would lose all of the in-life memory, which means we can't do the forensics to understand exactly what the threat actor has done. So we're on the back foot at that point,” Richard explains.
Richard also cautions against allowing the attacker to know that you are aware of them before you are ready to disrupt, contain and eradicate the threat, as this can incentivise the attacker to act more quickly in order to achieve their sinister objectives before they are removed from the environment.
Changing world of cyber
Having worked within the cyber industry for almost 19 years, Richard acknowledges the fast-paced sector has “hugely” changed within this time, particularly with the proliferation of systems as companies move to the Cloud. “We were all previously nicely hidden behind our on-prem perimeters - that was our first line of defence,” says Richard. “But the perimeter is completely gone now as everything is Cloud accessible 24/7 which can be exploited.”
Throughout this period, digitalisation has seen many systems move online, available as automated platforms. Another significant change has been the reporting and visibility of attacks - with large breaches taking place during this time and ransomware attacks aiming to extort significant amounts of money.
“Ransomware is now a business, and that’s exactly how organised cyber criminals operate. A great example of this is North Korean where it is purported cybercrime nets up to 50% of their foreign-currency earnings. This, combined with the changing tactics and techniques that are being used have all added to a vastly different landscape than we had 15+ years ago. Cyber threats are now everyone’s problem – no longer is it just the security team’s problem - now everyone in a company has to be part of the security solution.
“In order to achieve this security, businesses must ensure that the controls they are putting in place are completely frictionless so that security is acting as an enabler, not a disabler or blocker.”
The future of AI
In terms of the future, AI is going to continue to play a huge role moving forward as we look to the remainder of 2025 and beyond.
“AI is embedded within everything and maturing rapidly, which will change how we approach things. It should make us more secure, and able to do more with less. Unfortunately, the attackers are using AI for their own good as well - so the arms race continues.”
In terms of further trends, Richard reveals he expects to see quantum computing suddenly becoming a major issue when it does land as a commodity piece of technology in the future. “The impact on encryption and what we thought was safe, will no longer be safe,” Richard predicts. “It is on the horizon that attackers will be interested in stealing and storing encrypted data. This was no use to them whatsoever previously,
as encryption would have rendered it useless, but will be in the future if quantum computing can decrypt what have taken a super-computer hundreds of thousands of years in hours or days. This is particularly true when it comes to nation state actors, who may have the resources and motivation to accelerate the use of quantum.”
Finally, moving forward Richard anticipates further consolidation of the security market, with what were once niche products and technologies being merged into larger ones. “I expect this trend to continue, so that means we'll have less technology platforms – but they will be doing more, and hopefully with less.”
Security First event
Events such as the recent Integrity360 Security First conference in Belfast are critical when it comes to helping the end user and keeping them informed.
With such events by the Integrity360 team held across Europe and Africa, one of the things they are transparent about when putting the agenda together and selecting partners, expert speakers and presenters, is that the information has to be insightful. The key objective is that attendees should leave with new knowledge that is useful for their day to day role and operations.
“Getting people to come together, to be able to learn from experts and peers, is extremely important. During these events I have interviewed some CIOs and CISOs about their experiences, and a lot of the information shared includes what has not worked for them. I believe you learn from mistakes, but it's always better to learn from somebody else's - so the more that we're happy to share, the better, because then we can all learn together.”
In addition to providing insights, the ability to network with peers is also vital. “If the bad actors are collaborating together, it makes sense that those working in cyber security can get together to solve a common problem and intelligence share together. This results in a frictionless way for information to be shared, pooling our intelligence for the better of everybody – and that is what Security First is about.”
For more information on Integrity360 in Northern Ireland visit: syncni.com/company/Integrity360 for Interviews, Views and more.