Summary: Fail to prepare, prepare to fail - that is how every business should handle any cybersecurity threat. At a customer event hosted by Vodafone Business, speakers shared how to utilise security services and tools they already have, as well as how best to handle certain cybersecurity situations.
Key takeaways
1. Preparation is everything, and proactive planning and risk management go hand in hand. Proactive planning is crucial in cybersecurity. Andrzej Kawalec, Head of Cybersecurity Portfolio at Vodafone Business, highlighted the importance of understanding and mitigating risks before a crisis occurs, using historical analogies to stress that complacency can lead to severe consequences. This proactive approach involves continuous assessment and updating of security measures to stay ahead of potential threats.
2. Zero Trust and daily validation are extremely important. Dr. Yuri Bobbert, Chief Security and Strategy Officer for ON2IT, spoke powerfully about the significance of adopting a Zero Trust framework and regularly validating security measures. This involves rigorous daily checks and automation of repetitive security tasks to ensure quick response times to cyber incursions. He stressed that simply having certifications is not enough; organizations need to deeply understand their specific situations and continuously improve their cybersecurity hygiene.
3. Effective utilisation of existing security tools. Martin Carry, Systems Engineering Manager for Palo Alto Networks, pointed out that many companies are not fully utilising the cybersecurity tools they already have access to. By enabling and properly configuring all available features, organizations can significantly enhance their defence mechanisms. He also discussed the shift in cybercrime tactics towards faster, more aggressive "smash-and-grab" attacks, highlighting the need for rapid response and comprehensive threat intelligence to protect against these evolving threats.
In cybersecurity, planning is everything, so don’t wait until you’re in the middle of a chaotic and dangerous situation before trying to figure out the best way to survive. This was the central theme expressed across four key sessions from both Vodafone executives and invited partners at the Vodafone Business Cybersecurity Customer event held in Sandyford, Dublin, on May 23, 2024.
This core theme was central to the engaging presentation given by Andrzej Kawalec, Head of Cybersecurity Portfolio at Vodafone Business. To get things started, he brought the audience through a compelling account of the assassination attempt made on US President Ronald Reagan on March 30, 1981, when lone gunman John Hinkley Jr shot the president as he returned to his car after an engagement.
Vigilance against complacency
Kawalec pointed out that despite it being less than 20 years since a previous President, John F. Kennedy, had been gunned down in Dallas, complacency had crept in to the FBI’s safety policies and public cordon distances had been reduced at Reagan’s request. He wanted to meet voters in person at events and rallies.
“After this, they completely changed all of their operating procedures. They increased the public cordon size and started putting in metal detectors and scanners. But this wasn’t a new situation for the FBI, and it showed that they hadn't fully understood the risk facing the president,” he said.
“Hinkley was actually known to the FBI, and had been stopped from getting on a plane with a firearm and been thrown out of a George Bush political rally just two weeks before this. The security services hadn’t put those things together in assessing the risk, and I think there are analogies there to our work in cybersecurity.”
Kawalec has over 20 years of experience advising governments, the World Economic Forum and NATO on risk and security, and he made the point that complete safety is unattainable in cybersecurity but effective risk management and support can help mitigate risks massively.
Overconfidence is rife in Irish business
He argued that many businesses lack security plans despite telling researchers they are confident they could handle an attack. Historical events can provide lessons in risk management and crisis response, even if the rapid pace of change that exists in the cybersecurity world feeds into a higher-risk environment for everyone.
John McCleverty, Regional Director for the UK and Ireland with Vodafone partner Rubrik Inc, continued this theme with a ransomware ‘war game’ that saw all attendees at the event turn their seats around, form groups and read from prepared scripts to role-play a cybersecurity incident in a fictionalised retail company.
The exercise saw people challenged with the difficult question of how to manage the situation, balancing out the competing agendas of keeping the business running while minimising exposure to potential further damage.
“The purpose of the exercise is to act out the various problems that occur in real life after an attack has occurred, looking at the challenges of restoring data from backups, and implementing a recovery plan that doesn’t revolve around disaster recovery,” said McCleverty.
“For example, immutable storage is often suggested as a robust solution to data recovery, but increasingly we’re seeing that this is not enough, because it can happen that the data stored on immutable storage has been compromised before it got there.”
Zero Trust matters
Implementing Zero Trust and improving cybersecurity resilience was the topic that Dr Yuri Bobbert, Chief Security and Strategy Officer for Vodafone partner ON2IT presented next, focusing on the importance of validating and checking security measures daily in order to have quick response times to cyber incursions.
“The CISO role is quite boring most of the time, because to do that job well you need to do a lot of repetitive security ‘hygiene’ type activities, using basic principles that are highly necessary but quite boring to execute. Until something happens, and then you have a lot of stress,” he said.
“This is why having excellent automation where it really helps matters. Cyber threats are increasing and there are growing implications for companies that are targeted. We see this in the NIS2 regulations that bring penalties, and also in the increasing awareness of the damage incurred in the public consciousness of those seen to be badly impacted by a cybersecurity breach.”
Dr Bobbert went on to explain that just being certified isn’t enough to deflect damage in the event of an incursion.
“There is a case of a guy in Germany who got a concrete life jacket certified with ISO certification, because all the checks were passed. It’s a humorous example, but it shows that nothing is ever guaranteed. This is why it’s crucial that you know your specific situation deeply and, for example, what your mean time to identify and contain a breach is?”
The solution to many if not most issues presented by the challenges of protecting a network is to deeply embrace the Zero Trust approach.
The threat landscape constantly evolves
Martin Carry, Systems Engineering Manager for Palo Alto Networks, continued this theme, discussing cybercrime trends, the increase in smash-and-grab attacks and also, the surprising fact that many companies aren’t getting the full use out of the products they already pay for.
“We often find that people have access to lots of features that could really help them, but they don’t have them all turned on and enabled. This is a problem as we’re seeing the reaction times necessary to successfully stave off an attack being shaved down,” he said.
“The old-fashioned idea that someone is going to breach your system and then lurk inside for months is now no longer current. Our threat intelligence team and our incident response team tell us that they’re seeing a lot more smash-and-grab type attacks where people are getting in, taking data and getting out, all within 24 hours.”
Carry reminded the audience of the real world value of cybercrime, making the figure it’s currently valued at, $8 trillion, comparable to the third-largest economy in the world. He then went on to highlight the characteristics of some of the key ransomware applications and groups posing a threat, including LockBit 3.0, CL0P and BlackCat/ALPHV.
“The number one goal for many criminal threat actors is getting paid. They are interested in multiplying their payday and pursuing information that could be valuable to third parties. In some cases, threat actors in advanced persistent threats (APT) groups use ransomware as a distraction from a larger and more impactful compromise,” he said.
“Ransomware has also been used as a way of disguising intellectual property theft or cyber espionage.”
This Vodafone Business Cybersecurity Customer event underscored the critical importance of proactive planning and comprehensive risk management in cybersecurity. Through presentations and practical exercises, experts highlighted the need for constant vigilance, the adoption of zero trust principles, and the effective use of existing security tools.
The event provided valuable insights into managing cyber threats, improving resilience, and understanding the evolving landscape of cybercrime.
To help attendees to continue the conversation within their organisations about the opportunities and challenges that the ever-changing cybersecurity landscape presents, Vodafone Business offered a free of charge, no obligation, security assessment to every company that attended the event, which will evaluate and report on the security posture of their organisations.
Attendees were advised to connect the right person in their organisations with their Vodafone Business Account Manager for more information.
Want to discover more?
Get in touch
Find out what we can do to help your business reach its full potential.
