How did Covid-19 affect Cork’s new security operations centre?

9 Jul 2020

From left: Rob Norton and Paul Casey, Paradyn. Image: © John Allen

IT network solutions firm Paradyn recently announced the accelerated launch of its €250,000 security operations centre in Cork.

There is no doubt that Covid-19 has uprooted how businesses operate in a number of different ways, from mass remote working to accelerated digital transformation.

Additionally, an increase in phishing scams and cyberattacks has been reported due to the pandemic, partially because cybercriminals traditionally use massive events such as this to opportunistically strike, but also because of the sudden and global movement to remote working.

Almost overnight, entire IT infrastructures were brought away from physical offices, which had firewalls and protected networks, and into employees’ homes, leaving additional security gaps for many businesses.

But has Covid-19 caused such upheaval within the cybersecurity sector that it has shifted industry trends and requires entirely new facilities to be built?

The trend of proactive security

At the end of June, IT network solutions company Paradyn announced it had accelerated the launch of its new €250,000 network and security operations centre in Cork by two months. While bringing forward the plans was due to the security fallout from Covid-19, Paradyn’s chief operations officer Paul Casey said the security centre itself was already well in train due to the natural direction of the security landscape.

“We’ve always been security focused as an organisation because we specialise in networking and security,” he said. “Over the last number of years, we’ve seen an increase in the security incidents that are going on nationally and internationally.”

Casey said the evolution of cybersecurity has forced a shift in the industry from a reactive approach to a proactive approach. What was once simple antivirus software on your PC, capable of catching the odd attack, has now become next-generation firewalls that need to catch much more complicated threats within streams of information.

“Where things have gone now, I think the big focus from a security practice point of view is moving towards more proactive security. Up until the last 12, 18 or 24 months, most security was managed in a reactive mode,” he said. “The whole new approach for proactive security was the main driving force behind us establishing the security operations centre that we put in place.”

Casey said that Paradyn has an existing security team, which they have built for the new centre but hopes to grow the team further in the next 12 to 18 months.

Planning a security operations centre

While Covid-19 saw the need to speed up the centre’s launch, it was far from the reason the centre was created in the first place, given the level of planning that had to go into it.

“In the background we’ve been working on this for the last 12 months, putting it together, looking at best practice implementation for an operations centre to specifically look after security.”

Within the plans, the team had to look at everything from the software to the analytics. “The whole point of all this is you’re ingesting a huge amount of information from all different types of devices on customer networks. You’re looking at switches, firewalls, servers and endpoints and whether [customers] have some sort of intrusion detection system onsite, and you’re bringing all of this into a central application and then you’re doing a correlation on that,” said Casey.

When Covid-19 hit, the plans for the operations centre were “there or thereabouts” according to Casey, and he said the team noticed with the customers they were already working with in terms of security, there had been “a significant uptick” in cyberthreats and incidents.

“What we had to do then was finalise processes and procedure. We had a lot of the infrastructure, we had done a lot of the hard work identifying how we were going to be doing, but obviously we had to do a bit of extra work on how the current threat had changed in the last two or three months and put that in place.”

He added that cybercriminals have capitalised on the fact that employees have moved from the security of an office, potentially with an in-house IT team and powerful network firewalls, to a remote working situation and IT infrastructure that is more exposed.

“Some organisations are really well set up for it, but a lot of organisations have had to put in additional resources and move to this in quite a rapid manner,” he said. “There’s a lot of opportunities for exploitation when things are rushed.”

The broader cybersecurity landscape

While Paradyn’s new security operations centre was already in the pipeline, Covid-19 did have an effect, by bringing the launch forward and adding additional considerations for the security team.

But has the current pandemic determined the direction the cybersecurity industry is currently taking? Casey doesn’t believe so.

“I think that we were going in that direction anyway,” he said. “Last year there was a lot of ransomware […] so when you’re talking about threats such as that, you really do need to be proactive,” he said. “It’s all about mitigating and preventing ahead of time these kinds of threats.”

‘Proactive is where the industry trend is going’

While the increase in cyberattacks during Covid-19 has been widely reported, Casey’s point about the rise in cyberthreats cannot be ignored. Last year saw a huge amount of ransomware and phishing attacks, which has no doubt had an impact on infosec trends. In September 2019 for example, the Hiscox Cyber Readiness report found that more than 60pc of firms had experienced one or more cyberattacks in the previous year.

Casey also pointed out that as these cyberthreats have evolved, they’ve become less visible to users, making them even more dangerous. “Over time, if you leave a ransomware attack running for an hour, you’re going to have X amount of damage, but if they start doing it on a Friday night and they’ve got all weekend until Monday […] there’s a lot more damage that can be done to an organisation,” he said.

“I think overall, for a serious security offering, proactive is where the industry trend is going, but I think obviously the coronavirus and the [current] situation has just highlighted it yet again.”

However, one thing Casey does note has changed because of Covid-19 is the nature of organisations and how the workforce operates, which has forced a change within the cybersecurity. “How are you securing that endpoint when it’s no longer on a trusted site? How are you making sure they’re getting securely back onto your network?”

He said that while the industry itself was heading towards a more proactive approach, it is the individual companies that have to think about these questions to ensure they maintain security.

Jenny Darmody is the editor of Silicon Republic