Cyberattackers ‘won’t go easy’ just because firms are in a state of flux

14 Oct 2020

Neil Redmond. Image: Huawei Ireland

Huawei Ireland’s Neil Redmond talks about the importance of cybersecurity teams and which industries are the most vulnerable to attacks right now.

As part of Cybersecurity Awareness Month, we spoke to Neil Redmond, Huawei Ireland’s cybersecurity officer, about his role and how the cybersecurity landscape has changed in recent months.

Redmond joined Huawei Ireland from Deloitte, where he worked as a senior manager on the risk advisory team specialising in cybersecurity. At Huawei, he is responsible for leading the Irish operation in collecting and prioritising cybersecurity requirements from internal and external stakeholders.

“The role involves creating open dialogue with these stakeholders to ensure that Huawei products meet cybersecurity requirements but to also ensure that Huawei clients have their security concerns addressed in a timely manner and understand the advances and strategic focus that Huawei places on cybersecurity.”

While Redmond is the only cybersecurity officer for Huawei Ireland, he says there is a team of more than 2,000 in the company’s global cybersecurity department, including “some of the world’s most well-respected cybersecurity experts”.

‘A short-term cut in the cybersecurity budget can lead to longer-term consequences’

How do you think the cybersecurity landscape has changed?

Undoubtedly the greatest impact on humanity in the past 30 years, you could argue, has been the arrival of Covid-19. The way people work and live has fundamentally changed in the past seven months. What was the new normal has fast become the normal way of working and this has led to a changed cybersecurity landscape.

As the majority of the workforce is now working remotely, we are witnessing unprecedented demands on remote infrastructure, such as VPNs, IAM [identity access management] tools, the use of the cloud for collaborative working, online conferences and increasing use of telecommunications to keep us all connected. Whereas perhaps only 10pc of bandwidth was required for VPN usage in January, we are now witnessing close to 100pc utilisation on a daily basis currently.

With many workers using their own laptops, mobile devices and home routers, the challenge is to ensure that company policies regarding DLP [data loss prevention], end-point protection and patching are enforced. The biggest change is now having a culture within an organisation where everyone recognises that it is a personal responsibility to be cybersecure and aware.

What industries do you believe are the most vulnerable to cyberattacks right now?

Cyberattacks normally strike an industry when it is at its most vulnerable. At this point in time, the healthcare industry is in the eye of the storm. Suppliers of PPE, hospitals attempting to deal with infected patients and pharmaceutical firms trying to develop a vaccine are the current targets for cyberattacks.

The aim of such attacks is financial, to extort money from ransomware. The theft of IP from pharmaceutical companies is a significant issue in the race to find a vaccine for Covid-19. As such, these companies are at their most vulnerable now, as they potentially hold the key to allowing the world to return to some semblance of normality.

What does the telecoms industry specifically need to think about when it comes to cybersecurity?

The increasing reliance and usage of telecoms and the further roll-out of 5G services indicates that trust is the key factor for the industry. By that I mean the equipment that is used has to be secure for personal data and robust enough to ensure continuity of service.

The industry has to be able to demonstrate to its customers and regulators that it is doing all it can to meet both these needs. Because of this, I see certification such as IS0 27001 for IT security and IS0 28000 for supply chain becoming increasingly important.

With the arrival of the EU’s 5G toolbox in 2021, the focus for the industry will be on addressing telco and user concerns regarding privacy and reliability of the networks from the perspective of critical national infrastructure.

Covid-19 has shone a massive light on security from a remote working perspective, but are there other areas that should also be getting more attention?

Remote working is a new aspect for many people, but the firms they work for still employ pre-Covid-19 technology and this is, in many cases, located in the same buildings as last March. The servers, routers and switches that were in use pre-March 2020 are probably the same equipment today.

While in February, this equipment was in the same building as most employees and the security team, now most people can’t physically access the office. This means that upgrades, patching cycles and replacing obsolete or out-of-support equipment may have been put off in the hope that things would have returned to normal.

Therefore, the basics need to be addressed and managed as they would in pre-Covid days. Arguably it’s even more important in these times to ensure that the basics are covered, as these provide the foundation for a robust cybersecurity platform and response.

What are your thoughts on how to address the challenge of decreasing cybersecurity budgets?

If budgets are tight across the organisation, I would always emphasise that cybersecurity is an enabler of a business and not a cost. For example, the Central Bank of Ireland puts great emphasis on financial institutions implementing robust and auditable cybersecurity risk management procedures and processes. Just because firms are in a state of flux, it doesn’t mean that the attackers will go easy at this time.

Today, a short-term cut in the cybersecurity budget can lead to longer-term consequences. If you have an undiscovered indicator of compromise today, who knows what damage that will yield in a few weeks’ or months’ time.

As we are all aware, the pace of cyberattacks has escalated since beginning of the lockdowns in Europe and in Ireland. I would argue that, now more than ever, firms should be increasing their cybersecurity budgets as staff are working remotely. There is a reliance on third-party cloud applications and the ever-present threat of an inadvertent data breach with remote working.

Jenny Darmody is the editor of Silicon Republic