On February 9th 2023, a milestone partnership was celebrated between Vectra and KPMG, and they had a lot to share. The discussion centered around the value of Effective Security Observability (ESO) — powered by Vectra’s Attack Signal Intelligence™ see it in this blog, while KPMG and Vectra hosted a joined webinar.
ESO has clear objectives for organizations: improve visibility into their security posture, reduce risk of incidents becoming crises and reassure the protection of their critical data.
The webinar was timely as it was triggered by a recent DDOS cyberattack on critical infrastructure in Europe This attack was most likely originating from a pro-Russian hackers’ group, Killnet, which had targeted multiple enterprises and companies in Europe, including hospitals in the Netherlands. To shed more light on the subject, Jordi van den Breekel, Red Team & TIBER lead at KPMG Netherlands, joined the panel moderated by Henrik Smit, Director Cyber Security at KPMG.
The conversation explored the risks cyber threats pose to critical infrastructure and organizations. A recent uptick in cyber-attacks in the past few week, the topic could not be more relevant. One of the threats discussed was Ransomware, which emerged as the winner in one of the audience polls as the audience's biggest fears. The discussion revealed that critical infrastructure encompasses more than just hospitals, including government, banking, and energy services, and even food and other sectors that are part of the supply chain.
This is what we discovered during our polling with the audience:
What cyber threat worry you most?
The earlier conclusion — that the impact of a DDOS attack is very visible, yet not causing permanent and irreversible damage — was clearly confirmed by the audience, scoring only about 6%. During the follow-up discussion, the panelists clarified that the overall winner was APT (Advanced Persistent Threat). APTs often culminate in a ransomware attack, which is frequently accompanied by a data leak. Often, we see phishing and DDoS as a starting point of ransomware campaigns to either distract or to gain access to a victim’s system.
The next poll focused on participants working with and in critical infrastructure — we wondered about how real the cyberthreat is for this group.
Attacks on critical infrastructure are on the rise. Do you recognize that in the context of your own organization?
When we drill into the responses of those working in critical infrastructure, it’s clear that 100% of those organizations acknowledge our statement. I even reflected on the possibility that some of the others might be part of the extended critical infrastructure discussion as well. An example could be an impact in the supply chain of our food industry, that might have a serious impact as well.
From here, we wanted to know about the importance of digitization in our audience’s organizations. The relevance of this question comes with the possible impact of a cyberattack on such an organization’s continuity.
How much has digitization become the corner stone of your production processes?
The results were not surprising. Digitization is important and although we can’t make a watertight conclusion, we firmly believe that this matters for both critical and non-critical infrastructure.
KPMG and Vectra can confirm the importance of digitization, as observed in their customer install base. As such, the response to the previous poll immediately justified the next one, where we were looking for how much ‘the business’ is involved in defining the security strategy. Context for this question also is that today, IT and cybersecurity are (and should be) relevant topics to the board as well. CISOs should be heard.
How closely involved is the business in defining a security strategy?
The outcome of this question triggered different opinions. On the one hand, it’s great to see that ‘not at all’ did not register a response. However, 1 out of 3 feel that there’s no real involvement and 1 out of 5 probably are not sure. Yet, cybersecurity is no longer an afterthought, and with so much digitization, this should matter to the board as well. Not only the defense strategy, but also the breach strategy should be discussed. What if ransomware — which is perceived as a big risk as we learned earlier — is successful? Is the business willing to pay? If yes, how much and who will get a mandate to negotiate?
In case a cyberattack happened, the impact could be significant. The first reflection of course is availability, continuity, and brand to name a few. But have you thought about the impact to employees? We were wondering how much this is already considered.
Does your company take the mental impact of a cyber-attack for the employee into consideration?
The outcome of this poll is worrisome! We should aim to make improvements in this area.
As we dive deeper into the issue, it becomes apparent that there are two critical areas that require our immediate attention. Firstly, employees often fall prey to phishing emails and malicious documents unintentionally, and security staff should not be held solely responsible for such incidents. Secondly, after an attack, security teams are often stretched to their limits, working long hours and bearing the brunt of the blame and a sense of failure. This issue is just as severe as alert fatigue and related burnouts, if not more.
Having identified these challenges, it is now time to explore possible solutions and draw some conclusions. As we have already discussed Effective Security Observability (ESO) in detail, we can jump straight into the conclusions. As ESO already is clearly described in the blog I referenced earlier, I can jump into the conclusions at once:
Since both Vectra AI and KPMG are familiar with these challenges, the conclusions that were presented are in-line with best practices both organizations always present:
- Use multi-factor authentication (MFA) for all accounts but be aware that it's not foolproof and can still be bypassed. To avoid MFA fatigue, stay vigilant and regularly review and update your security practices.
- Ensure that your security tools, such as endpoint detection and response (EDR) and network detection and response (NDR), are properly integrated and cover the right use cases. Regularly test and evaluate their effectiveness as a whole: People, Processes and Technology.
- Avoid creating silos of unnecessary noise by only forwarding high-fidelity attack signals to the Security Operations Center (SOC). This will help your team focus on the most critical threats.
- Use technology to support your security staff and help them stay mentally well. Implement tools together with processes enable your team to work more efficiently and effectively, and regularly check in with them to ensure they are not experiencing burnout or other negative effects.
To wrap up, my conclusion of the format is that it was pleasant to do and seemed to keep the audience alert and interactive. The fact that the outcome of the conversation and the analysis of the results were entirely steered by the audience, made it quite unique.
Experiments = Success? Check!
To learn more, please visit: