How should organisations respond to modern cyber threats?

26 Sep 2019

Image: © Syda Productions/Stock.adobe.com

Niall Tuohy, security solutions product manager at Vodafone, discusses the evolving cybersecurity landscape and the measures that both large and small organisations can take to prevent cyberattacks.

A 2018 PwC report billed cybercrime as one of the most pressing threats to enterprise and found that Irish businesses have lost an average of €3.1m to the most disruptive financial crimes, almost twice the amount reported in 2016. More than 10pc lost in excess of €4m, and 20pc of respondents said they couldn’t fully quantify the extent of their losses.

As the world becomes more digital, the threat of cybercrime is looming larger than ever before, and threat actors are becoming only more sophisticated with time. So how do businesses even begin to tackle these threats effectively?

As the security solutions product manager at Vodafone, Niall Tuohy spends a lot of time considering exactly this.

‘Not all attackers spend time writing complex code in order to try and beat the technologies trying to stop them – it’s a lot easier to use the human element to achieve their goals’
– NIALL TUOHY

“Cyberattack trends vary across industries depending on what an attacker wishes to achieve and what they are targeting,” Tuohy explains.

“For example, state-sponsored attacks may be designed to cause the failure of military equipment or to acquire national security secrets, or they can result in the theft of valuable, sensitive data like medical records.

“Utility providers may be targeted to cause electrical blackouts and disruption, so the trends can vary as much as the industries they are targeting.”

One thing Tuohy feels is important to note is that although the some of technology is new, cybercriminals often exploit vulnerabilities that have existed for a long time – namely, the inevitability of human error.

Niall Tuohy. Image: Vodafone.

“Not all attackers spend time writing complex code in order to try and beat the technologies trying to stop them,” he explains. “It’s a lot easier to use the human element to achieve their goals.”

Tuohy feels it is important to note that the cost of suffering a cyberattack goes well beyond the merely financial – the reputational cost of suffering a breach can have a massive impact on levels of trust among a company’s customers. Not to mention that GDPR has added an additional element that places further pressure on enterprises to stringently guard people’s data.

“Companies should view their IT security spend as an investment and not a burden, and should take pride in the lengths they go to protect their customers’ data,” he continues.

Following this, it makes sense that managed security services is among the fastest-growing areas in the cybersecurity sector, and Vodafone’s own offering has been bolstered by its newly announced partnership with Palo Alto Networks.

One element of the new Vodafone partnership that Tuohy is most excited about is the Cortex product offering, which an open and integrated AI-based continuous security platform. “[It] constantly evolves to stop the most sophisticated threats,” he explains.

“A proactive, and not a reactive, managed service is what’s needed. Customers want much more than just event management ⁠— they want more automation, orchestration and response. They want to reduce false positives and alert fatigue.

“Palo Alto Networks is one of the world’s cybersecurity leaders, and it gives complete visibility and control for on-premises, branch, mobile and cloud security. It was an easy choice to make to partner with them.”

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com