The 5 cornerstones of effective cybersecurity

Cyberattacks can cause significant financial loss, legal problems and reputational damage. That’s why the importance of a solid and comprehensive security solution cannot be overstated. We talked to Patrick Gillis, head of B2B ICT Product Solutions, Business Development & Solution Design, and Tom Meekers, Solution Architect IT at Orange Belgium. They explain why such solutions consist of five stages: Identify, Protect, Detect, Respond and Recover.

 

Let’s get straight to the point: what types of cyberattack do businesses face most often?

Patrick: Undoubtedly phishing, ransomware and the exploitation of vulnerabilities in software that was not updated in time. These threats continue to grow. According to the Centre for Cybersecurity Belgium (CCB), the number of ransomware incidents saw a 75% hike in the past year. The organisation estimates the average cost of a cyberattack at €250,000.

The average detection time for a cyberattack dropped slightly, to 102 days, but that is still a long time: this means the average cybercriminal evades detection for a little over three months. That is why I strongly recommend that every organisation, including SMEs, check whether they are taking sufficient measures to reduce the risks. Fortunately, a lot of effective security solutions are available to fend off such attacks. With NIS2, a dedicated European legislative framework is now in place that even holds business owners responsible if they fail to take appropriate measures.

Where should organisations start? How can they know what measures they need to take to protect themselves against cyberattacks?

Tom: There’s no need to start from scratch. As long ago as 2014, the American National Institute of Standards and Technology (NIST) published its Cybersecurity Framework to mitigate cybersecurity risks in organisations. The European NIS2 Directive essentially translates this to a European legislative context. In addition, the CCB compiled a series of practical measures for Belgian organisations through its CyberFundamentals Framework. The goal is to protect data and reduce the risk of cyberattacks. This CyberFundamentals Framework builds on, among other things, the NIST Cybersecurity Framework, while incorporating the five cornerstones that must be included in every form of protection. These are: Identify, Protect, Detect, Respond and Recover. These cornerstones are also central to our security offering.

 

•  

On average, a cybercriminal can go about their business for three months before being detected and that’s way too long.

 

 

What does the first cornerstone, Identify, mean?

Patrick: Before you can protect something, you need to know what to protect. For many businesses, this is the hardest step. They often have no inventory of laptops, servers, network access points and processes. When companies call on us, we usually start with an IT assessment to identify which assets they have.

Tom: We also examine the risks: what are the risks to the company’s assets, and which are the biggest ones? We also look at the suppliers, because you have to determine the risks of the entire supply chain, which is also emphasised by NIS2. When this stage is complete, the company should know what devices and infrastructure it has and what needs to be protected.

 

So Protect is the second stage?

Tom: That’s correct. At this stage, IT solutions that help protect servers and users play a key role. Think of technologies such as multi-factor authentication, identity management, access control and password managers.

Patrick: The human factor is also important in this step: 82% of security breaches are the result of human error. Trusting users will click on hazardous links, choose overly simple passwords and fail to handle sensitive data with the proper care. That is why this stage also includes security awareness training, which teaches employees to recognise phishing attacks and be aware of their role in their organisation’s cybersecurity. In other words, protection is not just about technology but about people as well.

 

When do you move to the Detect cornerstone?

Patrick: It is inevitable that some attacks will breach the protection layer. That is where the Detect stage comes into play. This is often where things go wrong – think of the figure I mentioned earlier. The average detection time for a cyberattack is a whopping 102 days. That is far too long.

Tom: More than for the protection of a business, technology is essential here. There are so many cyberattacks round the clock, making it impossible to have staff stare at a dashboard 24/7 to detect an attack. That is why we advise businesses to implement endpoint detection and response, or EDR, tools. These tools continually monitor devices and warn us in case of suspicious activity. With extended detection and response, or XDR, we not only monitor activity on individual devices but we also correlate reports from different endpoints and security solutions to get a more complete picture of an attack.

 

•  

Cybersecurity should be embedded in the DNA of every business.

 

Detect is followed by Respond. How should businesses react to a cyberattack?

Tom: Detect and Respond are closely related. Many tools even harness Protect, Detect and Respond in a single solution. A response to an attack can be partly automated through software, but human intervention is always required. For instance, cybercriminals can carry out activities that strongly resemble those of a system administrator. While a tool can flag suspicious activity, an analyst from our Security Operations Centre still has to verify whether the system administrator or a cyberattack is responsible for the activity.

Patrick: When establishing a cybersecurity incident response plan for a customer, we always integrate the Protect, Detect and Respond stages. Many businesses have no such plan or don’t know how to implement it. Nevertheless, it is important to respond to incidents in a targeted and decisive manner. How do you communicate with customers? Which experts do you need to respond to the attack? These are all things you have to consider in advance.

 

Targeted businesses eventually end up in the Recover stage. What does this involve?

Tom: A cyberattack can inflict a lot of damage. Recovery is part of the incident response plan and companies need a disaster recovery plan that goes beyond pulling the plug. Recover is often regarded as pure damage control in the initial hours following an incident. While that is important, it is too narrow a vision. It can take months to restore all systems to fully operational status, repair the reputational damage and implement upgrades to prevent a potential future attack. For this, you must have a plan ready to go.

 

Do you have any advice for companies that want to protect themselves?

Patrick: What is striking is that major firms are not the only victims of cyberattacks. Cybercriminals will target any business, regardless of size. It’s also important that NIS2 places responsibility for a company’s cybersecurity with management. It is their job to take appropriate cybersecurity measures, ensure their staff have sufficient knowledge of cybersecurity and report incidents to the CCB.

Tom: Cybersecurity should be embedded in the DNA of every business. Protection must come from higher up, with a security policy and the corresponding budget. Nevertheless, all staff must also be convinced of its importance through training programmes. Cybersecurity is not just a task for the IT manager or CISO, but for every employee.