You’d know if your organisation was hit by a cyber breach – wouldn’t you? And once you had realised that bad actors have infiltrated your systems, you’d know what to do and how to respond… wouldn’t you?
If you answered yes, you’re unusual. Fact is, it can take hundreds of days to realise that something is not right. Cybersecurity organisation, BlackBerry, notes in its research that organisations took an average of 206 days to identify a data breach and another 73 days to contain it, a nearly 5% increase on the previous year.
BlackBerry is known for its innovation in cybersecurity products, which encompass a range from endpoint technology to managed detection and response. Additionally, BlackBerry offers a suite of services, including incident response and human-led threat hunting. The company’s acquisition of CylanceENDPOINT™ has been a gamechanger. CylanceENDPOINT™ AI-driven solutions deliver some of the highest efficacy ratings in the market while using 95% less CPU consumption compared to other solutions. CylanceENDPOINT™ AI-driven endpoint security delivers the efficacy, efficiency, and automation needed for a superior security posture without the burden of heavy human resourcing.
“CylanceENDPOINT™ was a pioneer of incorporating artificial intelligence into threat detection and response with its product CylanceENDPOINT™, BlackBerry’s endpoint solution – the benefit was to ensure the attack would be thwarted before they make a foothold in a customer’s digital environment – known more commonly known as threat prevention,” says Nick Brown, BlackBerry’s director of international professional services.
Brown points out that with the rise of hybrid working, the opportunities for a breach to occur has increased. Hybrid workers now find themselves using myriad systems, including cloud, and various devices in conjunction with their work devices and networks to complete their work. This increase in attack surface correlates to successful cyber-attacks, drastically increasing the likelihood that incident response will be called upon.
“Having preventative measures in place is good but even the best lines of defence can be breached. We are there for customers who find themselves in uncertain, unplanned circumstances,” says Brown.
“With a dedicated team of professionals who operate 24/7 around the globe – BlackBerry’s incidence response consultants deliver emergency services for both existing and new customers in their time of need.”
Cybersecurity with a human touch
Brown notes BlackBerry’s historical link with devices and says the company takes the same “personal” heritage into its cybersecurity service. That personal, human, side of a cyberattack is something that Brown builds upon. He stresses the fact that the violation of a secure network is a crime, adding that the IR team’s approach keeps this fact at the heart of the measures they take and highlights how BlackBerry consultants are emotionally aware and supportive during the stresses of an incident.
“It’s malicious and it’s a criminal offence,” he says. “We put ourselves in the customer’s shoes. They either have symptoms of an Indicator of Compromise (IOC) or symptoms of an Indicator of Attack (IOA) and what you want is to be able to call the right person and get the right advice. You don’t want to feel like you are being exploited, because you already have been exploited and are likely to have been a victim of crime.
“Having been in their roles a long time, our teams are experienced, they know the impact and the pressure individuals who contact us are under. If it’s not them personally, the leadership of an organisation will want to know what’s happened, how it’s happened, and what mitigations have been put in place to blunt the attack, which can be demanding.”
Pressure from above is understandable as the onus is on organisations to ensure their data protection is robust and, as Brown points out, failure to do so could result in a financial penalty.
Incident response for all
Cybersecurity failures can be incredibly harmful to an organisation, its employees and customers. When the worst happens, businesses need to know they have a tried and tested plan and are ready to respond. One of the best ways to achieve this is via a ‘run book’ of an incident, which details what steps must be taken.
“We see some pretty unpleasant scenarios unfold,” says Brown. “Malware in the form of ransomware is one of the most persistent threats you need to protect your business from. However, in a less sophisticated attack, whereby an individual has clicked on an email and entered their credentials, even with the best technical solutions, such as CylanceENDPOINT™, this type of scenario can unfold. This is why we say it’s a case of ‘when’, not ‘if’, in terms of it pays to be prepared for a cyber incident”
With the latter in mind – coupled with the legal requirements around cybersecurity – organisations must prepare for the worst rather than merely hope for the best. BlackBerry recommends cyber risk committees prioritise being on the forefront. The company’s red team of ethical hackers pose as an attacker trying to mount cyberattacks, exposing vulnerabilities as they do so. In contrast, BlackBerry’s award-winning managed detection and response, CylanceGUARD, prevents attacks in their tracks.
Whether red or blue teams are used depends on customer needs. At times, the two work together as a ‘purple’ team to discover and shore up any weak points.
Brown says, “For customers who are unsure where to turn or what advice to take, our gap analysis services are able to quantify that risk and put mitigations in place, because ultimately BlackBerry’s mission is to enable cyber resilience for individuals and organisations.”