06 May Interview with Scott Thomas, Principal of Sécurité Cyber Security Advisors in Sydney, Australia regarding his thoughts on the current cyber risk environment.
Q: Scott, you have been in the cyber security and data protection industry as an independent advisor for more than 20 years and set up Sécurité (formerly McEvoy Thomas) in 1998 in Australia, can you describe the hot issues and areas you are working with your clients on presently?
A: The areas we are most focused on at the moment are around data security, identity and stopping threats.
There is a focus at the government level on tightening cyber security in councils for example and utilizing the Essential 8 framework from the ASD.
Q: Can you tell us what are the key solutions you would recommend in this area.
A: There are many ways to address the Essential 8, some are relatively simple, and others are more complex, some can be addressed through policy and others need technical controls.
The most basic and obvious would be to patch applications on the network, you would be surprised how many organisations still do not have a patching regime.
I think the next three that all organisations should look to deploy would be PAM and Application Whitelisting and Identity Management. When a hacker gets access to a network the first thing they will do is look for a way to go “East/West” on the network to look for valuable data, if they hijack a privileged account they will often have access to the whole network and will be very difficult to detect as they look like a legitimate user. If a piece of malware is unable to execute on the newtwork then it poses little threat and if you don’t know who the user is on the network then they may not be authorized to be there.
Q: Application Whitelisting is one of the key Essential 8 mitigants. Can you describe what this is and solutions you recommend?
A: Application Whitelisting is the ability to control what can execute on your network, if a piece of malware or ransomware makes it onto the network it won’t be able to execute so won’t be able to run and do what it is designed to do therefore making it benign.
Q: Privileged Account Management is another key essential 8 mitigant. What are you seeing in this area?
A: We are seeing that many organisations do not know how many privileged accounts that there are on their network and that privileged accounts are often managed manually by keeping a spreadsheet up to date with credentials. This method has the obvious floor that if a hacker can access the spreadsheet then they have free access to everything.
Savvy organisations are deploying PAM tools that integrate with directory services and will manage the passwords for any privileged account or service account, the tool will rotate the passwords based on password policy and will be used by an administrator to log into privileged or service accounts without the admin ever knowing what the password is, this means that when they leave the organisation they can be removed from the directory service and they lose access to all accounts.
Q: Access control and endpoint solutions are more important than ever with people working from home in the COVID19 environment. What are your clients looking for in this area?
A: They are looking to prevent malware, a great way to do this is to have application whitelisting only allowing a trusted file to execute.
Similarly it is important to ensure that only trusted users are allowed access to the network, by having a strong identity management and authentication process you ensure that only those that you want can get onto the network and can only access the resources that they need to be able to perform their job. This touches on User and Entity Behavioral Analysis, these solutions will base line a user’s normal behavior and flag any action that is outside the norm.
Q: What are good ways to really know your network vulnerabilities whether you use managed security providers or not? That is, how can CIOs and CISOs sleep at night?
A: A great way to validate your security posture is by doing penetration testing, traditionally this can be very costly and time consuming. Recently there have been tools developed to allow for automated penetration testing, these would remove the need for a human to run the testing who is only as good as his/her skills set and would allow for continuous scanning of the environment, not a point in time that is usually weeks after the tests took place as the human will need time to put their results into a report which is outdated before received by the CIO/CISO.
Q: Where do you see cyber security going in Australia over the next 12 months.
A: Australian organisations need to implement the recommendations of the Essential 8 as a base line, I don’t know of a single organization that can say they have implemented all of these recommendations.
Thanks for your time Scott. Contact Scott Thomas at Sécurité based in North Sydney for a no obligation discussion of the best of breed cyber security solutions for your risk profile and budget on 02 9957 6666 or firstname.lastname@example.org. Interviewer: Jack Drewe, Risk Advisor Sécurité