2nd February 2022

Cyber Risk and Role Reward: Preparing for the Security Challenges of Tomorrow

Gary Hosken
Principal Manager CERT

Over the last five years, companies have become more knowledgeable of their networks and increased their visibility, as cyber risk evolves.

We all remember Cloud Hopper from 2016-17, the widespread hacking campaign suspected to be orchestrated by Chinese cyber spies, and which impacted multiple companies in a range of industries. That was a watershed moment when the lesson was learned regarding trust and Managed Service Providers.

Nation-state attackers and those learning their way around the internet are evolving as they gain more access via Github, YouTube videos and better education. As technology evolves and matures, so too do attackers and their techniques; new playbooks are being written every day. Staying abreast of the latest cyberattack trends is critical.

Phishing and targeted phishing remain a soft entry route for attackers. Ransomware is similar; in theory, it’s a relatively easy tactic for the threat actors to deploy in the hope of getting lucky. Remember: a threat actor only has to be lucky once. In cybersecurity, we work to be lucky all the time.

How can businesses mitigate cyber risk?

One way of mitigating these cyber risks is through data enrichment and automation.

Cybersecurity companies are becoming more agile and allowing their tools to become more flexible via automation of processes and workflows. This is further enriching the data that’s now in front of the cyber analyst with more context, therefore helping to reduce the Mean Time to Resolve (the average time it takes to fully resolve a threat) and the Mean Time to Contain (the average time it takes to detect and limit a threat). 

In terms of ensuring adequate protection against these threats, it’s based on technology.

A poorly managed tech refresh programme will potentially leave legacy equipment connected to your network, but then a rapidly deployed modern network may be impacted by not including the necessary security tools to protect the network. Each project needs a cyber risk assessment and an evolutionary plan to ensure risk coverage.

Staff training is critical

Non-cybersecurity employees receiving training and joining in on security conversations is key to delivering the first line of security. I would rather have an employee raise an alert when they see something suspicious to be investigated than for it to be ignored and find it is the first sign of a serious attack, for example.

Engineers and data centre sys admins know their equipment very well and when they see spikes in performance or other anomalies they are often very good at starting an investigation, which leads to an agile containment of something that could easily have had more dire consequences. They are sometimes the eyes and ears of cybersecurity, in ways that security tools are still learning to match.

How is Vodafone dealing with cyber risk?

Vodafone has a number of projects working on reducing cyber risk internally and for customers. Prior to the pandemic, we launched Secure Net – a service that can be utilised via the Very Me app, which makes the end customer more secure. We are also always reviewing our infrastructure and how we react to security threats in an agile manner.

One of the things I love about being part of Vodafone Cyber Defence is that no two days are the same.

In late 2020 in Italy, for example, there was a well-publicised case about how we worked to respond to an attack on ho.Mobile, a second Vodafone brand in Italy, providing reassurance to our customers and replacing their SIMs.

Last year during the first lockdown, one of our customers came under a ransomware attack. When I was asked to support the team on a Thursday evening and give some technical advice on how to contain and remediate for an hour or two, I requested to go one step further. With permission, I drove to the impacted data centre and worked on-site for two weeks, all while respecting COVID rules.

There, I could provide targeted assessments in real-time to the on-site engineer of what data per server we required, which then helped us reverse the malware. Fortunately, through the collaboration of other agencies throughout the government, we could then recompile a reversing tool to decrypt the impacted servers.

This project truly showed our ability to get things done together whilst working at risk and prioritising customers’ needs.