As the General Manager for Security at The Instillery, Jason Wild is a senior leader for information security and IT strategy for our customers. We sat down with Jason to get a gauge for the current state of the New Zealand threat landscape, the importance of endpoint protection, and what the future holds.
Q: Arguably one of the most talked-about trends in 2019, cybersecurity looks set to sit atop the trend pyramid again in 2020. How would you describe the current state of the New Zealand threat landscape?
JW: I think, firstly, it’s not getting any easier to manage. The phishing and social engineering techniques that have been prevalent for a while are still the most common starting point for an attack, but where they are differing is in the level of sophistication. Attackers are now using a host of different platforms to harvest credentials - including reputable public cloud platforms - which is making it increasingly difficult to identify a scam or malicious software from something more legitimate.
Q: In recent times, we’ve seen the discussion manifest into one highlighting the importance of a holistic approach to cybersecurity; endpoint security is sometimes the forgotten piece of the puzzle, but how important is it?
JW: It’s incredibly important, and it’s only going to become more important as time develops, particularly as companies adopt cloud technologies and their workforces become more mobile. What’s encouraging is that manufacturers are recognising this - if you consider 4-5 years ago, the encryption capabilities on your smartphone or tablet had to be turned on manually, where now those along with other basic protection policies like biometrics and telemetry are standard across smartphones, laptops, tablets and increasingly, desktops. I think one of the most important things any organisation can strive to understand is how their workforce is working - so how do staff actually interact with their devices? In the digital workplace you’ve got multiple elements that need to be considered; wrapping security around your perimeter is no longer enough – you need to consider security at the cloud, app, network, OS and device levels. Visibility is vital.
Q: You touched on the security products associated with operating systems there, and with Windows 7 support now a thing of the past, what are the associated risks with businesses that choose to continue running that legacy OS?
JW: Well I think it’s definitely an issue, but it does need to be said that just because Windows 7 support has reached end of life, it doesn’t automatically mean you’re going to get breached tomorrow. However, the risk of being breached does go up as attackers focus on these out of support operating systems. Over time you are going to become less and less secure, and as the number of missed updates grows, exploits will continue to be found but not patched. I think it’s important for organisations to understand that once something goes out of support, there will always be a focus from the attacker’s perspective to find exploits in that system. So, if there are organisations out there still running Windows 7, now is the time to move off it, now is the time to develop a roadmap to migrate.
Q: How would you describe NZ organisations’ overall level of maturity when it comes to cybersecurity?
JW: Currently, it’s quite low. Has it improved? I definitely think people’s awareness and acceptance of its importance is increasing, there’s definitely more talk around the things that need to be done from a security standpoint. In saying that, the desire to invest is still missing. If you were to look at the market as a whole, you tend to see 3 types of organisations:
- Bottom – Organisations that are either ignorant or unaware of the issue.
- Middle – Organisations that recognise there is an issue but are unwilling/unable to invest.
- Top – The most mature organisations that understand the issue and invest accordingly.
From an IT industry perspective, it’s a huge challenge in trying to get organisations to understand the importance of investing in cybersecurity protection. From The Instillery’s standpoint – it’s about explaining it correctly to the customer, almost as an insurance policy – “What do you do? And how sensitive is your data? What would be the risk to you and your clients if something was to happen to that data? Is it business continuity? Financial risk? Reputational risk? And what would it cost you to recover?” – It’s these types of questions that organisations need to understand and assess.
Q: With all these challenges at the forefront of our thinking, how do The Instillery help NZ organisations attack these security challenges?
JW: Well when considering endpoint protection, The Instillery use a security framework based on the NIST (National Institute of Standards and Technology) 5 principles of security:
We provide services across all five, but our core service centres around the middle of those principles, focusing on what’s happening in your environment in real-time – how it’s functioning and performing. It’s very much about having visibility into all aspects of the system and being able to detect and respond to risky behaviour or abnormalities. We provide Endpoint Detection and Response (EDR) services through our Threat Management Service, which we advocate as a blanket solution for all endpoints on top of your traditional anti-virus software. The technology leverages machine learning and AI, enabling it to continuously learn and grow with the sophistication of the threats supplementing our technical expertise. We also partner with the world’s leading endpoint vendors like HP, who’s Elite PCs and Elite Dragonfly with Intel® Core™ processors help in protecting your organisation against these highly sophisticated threats. The saying that you’re only as strong as your weakest link speaks true to business cybersecurity. We also offer phishing awareness workshops, where we educate your employees on the tell-tale signs of a scam, and how to detect and avoid them.
Q: To conclude, where do you see the threat landscape and threat mitigation methods moving in the next 12-18 months?
JW: On the social engineering front, phishing will continue to be the prevalent form of attack. The sophistication is going to increase and a well-orchestrated scam will become even more difficult to spot. To this point, we’ll not only see machine learning used from a defensive standpoint, but we’re going to start seeing attackers leveraging it for more complex threats as well. To combat this, you’re going to see an increase in automated defences, EDR solutions, and the emphasis on detection and response will become more integrated in overall security strategies. To speak with Jason, or learn more about The Instillery’s Threat Management Service, get in touch with us.