Industry talking to customers What's this? Investment and audit key for security in 2021 Published: February 18th, 2021 By: Glenn Weir Companies hoping for a pullback in cybersecurity threats as the impact of pandemic eases in 2021 will surely be disappointed, says cybersecurity specialist Terry Cutler. Terry CutlerIn a recent interview, the CEO of Cyology Labs said he expects this year will see a continuation — and likely a worsening — of the cybersecurity woes that led to thousands of breaches and the release of millions of pieces of personal data last year.“In 2020 digital transformation was forced on many companies that weren’t ready. Basic security was lax, passwords were leaking everywhere, and home security in particular wasn’t anywhere near to being up to scratch. Naturally scammers zeroed in on home users.”Cutler said 2020 was a “testing ground’ for hackers.” In 2021, things are set to explode. While there are no easy answers, no silver bullets, and no one solution will apply to all businesses, he pointed to investment and audit as two key areas of focus for businesses.Investing in technology That old saying about spending money to make money has some validity when it comes to cybersecurity, and Cutler said the gulf between what organizations are spending on cybersecurity and what they actually need to spend is enormous.“You might have antivirus, a firewall, and encryption, and think you’re safe, but you’re not,” he said. “In the age of the super hacker, these technologies won’t get it done. Hackers can easily bypass all of it now. They’ll get ‘in’ and stay there for many months. If and when discovery occurs, there is often no response plan to dislodge them and return to normal.”Cutler’s advice is clear: Invest. Download: Microsoft’s new Digital Defense Report A corporate leader’s knee-jerk “I’m not a bank” response to a request for security upgrades is unhealthy, and will leave a company out of step with competitors. A recent IDC report bears this out: Worldwide cybersecurity spending is expected to reach almost $175 billion in 2024 at a compound annual growth rate between 2020 and 2024 of just over eight per cent.In terms of what to invest in, Cutler said a good place to begin is with technology designed to lessen the likelihood of ransomware attack. “Look for ransomware to rise sharply in 2021,” he said. “Particularly troubling is polymorphic ransomware, which changes its features to evade detection, as well as these double extortion attacks.” Microsoft’s data has found that the pandemic is accelerating the need for organizations to invest and transform their cybersecurity measures to keep up.In terms of who to look to for help, Cutler says in this case it’s a matter of trusting those who have been around a long time, and who have a deep global imprint and impact.“Microsoft really has a strong advantage because their software is pretty much running the world. They really focus on EDR and scam protection, and with their reach worldwide they have what it takes to really slow all this down.”Investing in people But investing in technology is only part of it, said Cutler. There’s also people.“If you’re a 20-person shop, you probably can’t afford to pay huge money for a security expert. One person can’t know it all. Most companies aren’t structured like that. The person monitoring your network may not be the person doing your audits or your compliance.”Cutler’s advice: Partner up or outsource. Leverage the power of a team comprised of individuals with skillsets that complement each other.Audits not fun but critically important Cutler stressed above all else the importance of regular audits.“The idea of an audit is no fun, with people poking holes in your back yard,” he said. “But ignoring the need for it certainly isn’t going to make any potential problems vanish. And you can be sure you’ll end up on the hot seat if anything does go wrong.” Find out more: Microsoft Defender for Endpoint Over the years Cutler has seen many cases of businesses that could have avoided a lot of heartache, and a great deal of financial and reputational loss, simply by dedicating sufficient time and energy to inventory, backup and restore, and audits.“We got a call once from an organization that had been hit with ransomware. We arrived on site the next day, which was day one for us but day three for them. The poor IT guy had taken over from two or three other IT folks, and there had been no proper hand-off. No one knew anything about software or licence keys, or interconnections.”Cutler and his team had to put the system together from scratch.“We had 200 computers, network cables unplugged, data backups encrypted, stolen Active Directory keys. After a lot of trial and error, we managed to isolate the core problem to the IT admin’s computer, which we had been using to rebuild the network. Once we rectified that, we were able to begin a clean migration.”“As the company wasn’t interested in paying the $800,000 ransom, they had to resort to a taped backup. Problem was they didn’t know where all the tapes were. Once this was resolved by a data recovery specialist, there were more issues, one after another.”Cutler offers a few takeaways from stories like these.“Get a full software inventory, do offsite backups, and get an audit done. Many companies who say they’ve never had one, or haven’t had one for years, often end up in a bad place. You can avoid a lot of heartache by being proactive.”To learn more about Microsoft’s security solutions, please visit aka.ms/CISOCentral.