4 Key Cybersecurity Trends from Our Security Study Road Show

“COVID really drove people to do more in the cloud, and security is one of those areas where people did a lot more than we expected in the cloud,” says Ivo Wiens, Practice Lead, Cybersecurity at CDW Canada. “Resilience has been one of those big conversations, and the cloud has been an enabler specifically for that.”

“We define resilience as the ability to not just weather the storm, but be able to come out of it stronger,” says Barry Yuan, Technical Solutions Architect at Cisco. “We discovered that over the past two years, businesses were facing so many different disruptions and uncertainties. We also recognized that resilience is not just security. There’s financial operations, supply chains, all those different aspects. But security is really the main factor, that without it, everything else would fall short.”

“You’re facing all these different unknowns and threats out there,” says Yuan. “How do you focus your energy on the five percent that really matter? That’s something we help the customer prioritize, based on our risk-based context analytics and continuous validation of exposure as well as compliance status.”

Orchestration is very important too, says Yuan. “It really helps the customer get stronger every day by orchestrating and automating their response so they can spring back from an event right away.”

“The way we treat data has significantly changed,” says KJ Burke, Principal Technology Strategist, Hybrid Cloud at CDW Canada. “It’s not just about having a version of your data, it’s about managing a different version of your data in a different medium. There’s a couple of things that are natural in the cloud that we’re now taking advantage of on premises, such as encrypting your data stores, which adds complexity and then you have to look at other tools to do that.”

“It used to be that a breach or a hack was going to take systems down,” says Burke. “But now it’s more about data exfiltration. Now you’re taking on additional activities to protect your data from that exfiltration attack. Some the risk comes from ourselves because we’re trying to prevent these types of activities.”

“The first question that a security team has with a breach is ‘Do you have good backups?’ So we have to go back to that as being a core competency of the IT operations team.”

Burke mentions that partners like Commvault and Cisco can help customers protect their data, no matter where it’s located. Allowing data portability into the cloud, with continued protection, can really prove useful when it comes to securing your data.

It used to be that “As long as you had good backup copies, you could pretty much get your data back,” says Michael Przybos from Commvault. “Now, with people exploiting data and looking for money, or they’re going to share your information – now it’s a matter of ‘What do we have on the front end to help assist and capture that before it happens?’”

“A backup product’s great to have. But the other part of it is what type of access do people have to the product? Do you have an air-gapped copy of that data somewhere, where it’s isolated and administrators can’t touch it, nobody can delete it – it’s completely off the charts?” asks Przybos.

“For 25 years we used honeypots, so when an attacker landed, it would use our technology, and we would alert the administrators. Now it’s a shift to being able to prevent an attack before it happens. We have everybody covered, with our core product and our SaaS solution, to really go after the attackers and trick them so they can’t get in.”

These days, organizations are more focused on outcomes than specifications. “It used to be, we’d get on the phone and talk about the technical specifications with the administrators and IT directors,” says Przybos. “Now, the first questions are ‘How can you secure my data? How can you secure the product so that nobody can go in there and delete anything?’”

“Ransomware is definitely the most imminent threat,” says Cisco’s Barry Yuan. There was one attack every 11 seconds in 2021, and more and more victims are actually paying the ransom.

Ransomware attackers “are doing what we call big-game hunting,” says Yuan. “They get a foot in the door and they start moving laterally to your critical systems and trying to get access to your sensitive information. Then they exfiltrate the information and use that to demand a ransom. In the past, if they just locked things down, you could try to recover from backups, but with this information that they’re holding against you, we’re talking not just double extortion, but there’s triple extortion as well” when sensitive client information comes into play.

Yuan says “To effectively stop ransomware, you have to start early – to stop it as early as possible. You’d be surprised how easy it is to leverage DNS as a first layer of defence. It will take effect right away to not just stop ransomware, but also data exfiltration, keyloggers and cryptomining. We can help easily block all those known targets. But this is definitely a challenge for organizations because there’s still some ways for the bad guys to get in” – like spam emails, for example.

“One of the challenges when discovering alerts within an organization is the amount of tools that there are in place,” says CDW’s Ivo Wiens. “As an industry, we’ve been selling little widgets for everything, and training staff to care for so many different platforms is really interesting.”

“A lot of customers think their data is secure, but they really don’t have the tools in place to understand that they are getting it secured,” says Michael Przybos. “Using the right technology is number one, and then making sure you have multiple copies of your data. When you use Commvault, we automatically take that data and send it somewhere else.”

“When you have someone else managing your environment, it takes the keys away from the kingdom,” Przybos adds. “So even if somebody gets into our software and tries to delete something on the storage side, they can’t, because we don’t give anybody access.”