Two years ago we launched our own SOC - Security Operations Center. Now we want to present news and share tips on how to best manage security in an uncertain and changing world. Among other things, Thomas Öberg, senior security consultant at AddPro, recommends that security thinking should be seen as an ongoing process.
Just when we were all dreaming of being able to sit back for a while - and enjoy a bright year - it all started again. As these lines are written in the spring of 2022, threats have increased on various fronts; not least in IT. For those who haven't taken security seriously, it's high time to think about what the future holds.
"I think the recent past has been a wake up call for many organisations. They now understand that they have to invest in security; however, the risk is that after a while they go back to square one and forget about the issue again. Microsoft's latest report shows that 81% of all authentications do not use multi-factor authentication, MFA. So let's at least agree that everyone starts using it in 2022! Atleast when we work outside the office...", says Thomas Öberg.
No one with SOC has been breached!
For those using a Security Operations Center, however, things are looking good overall. No organisation using our SOC has experienced a breach or extortion.
"Of course there have been attacks and attempts by cyber criminals, but no one has been seriously affected. We work proactively and clean up threats before they happen. Sometimes a vulnerability appears on the internet that the bandits exploit and we react very quickly," says Thomas.
But what would have happened if the companies that have a SOC had not had it? It's hard to make a calculation about something you don't want to happen. Thomas tells us about a global company with thousands of employees where the CEO, against the wishes of the IT department, decided to opt out of the SOC because he didn't see a clear ROI.
"After a few weeks they had a massive intrusion... It wasn't fun for anyone! Anyone hesitating to use SOC needs to know the cost of downtime and what it would mean to the company if information is stolen and falls into the wrong hands. A manufacturing company, for example, could lose several million a day if it stands still; a SOC costs a fraction of that...".
A SOC can be compared to an insurance policy that is constantly and actively working to protect the policyholder. Like an airbag in your car where you don't see or notice it until the accident happens - and then you're glad it's there.
Continuous development of your SOC
AddPro's SOC offering is uniquely tailored to your organisation's circumstances and risk profile and is constantly evolving. Since its launch, many new features have been added. These include:
- Vulnerability Scanning. We already monitor servers and clients, but the printer, the camera on the ceiling, IoT devices - who's watching them? After all, a wifi point or a toad used to book meetings is also connected to the network. This is now scanned as part of our SOC
- Integrated SMS service. A lot of communication with customers is via email or Teams, but what if you have to do a lock down? Then you can't access the email and Teams channels. In that situation, we now have the ability to send SMS to all employees in the company on one board, like a Hesa Fredrik but digitally.
Or if an account or computer is behaving strangely because it has been hijacked or is in an unusual location. Then we can set an automation where an SMS is sent notifying us of what we have noticed. In the past, we had to ask the customer if person X was in Greece, so it took time to get a response.
- Better reporting. According to users' wishes, reporting is constantly being improved. For example, how many people are running a vulnerable version of Adobe Reader on their computer? They get an overview of which vulnerabilities exist and how to fix them. The following month, there may be new vulnerabilities and systems in the IT environment, in which case there will be a new action plan for that month.
- Annual report. From this year, everyone with an SOC will receive a non-technical annual report for the previous year; a summary of what happened. What have we learned this year? What should we improve for next year? What do we think the threat picture will be?
New time, new path
The situation is now acute in large parts of Europe and the world - that is, also in Sweden. Many organisations involved in mission-critical activities such as electricity, water, sewage and communications have been visited by the SÄPO, which has reacted to the lack of IT security.
For it is not only these organisations that are affected. There is an indirect effect as well. For example, if you are a supplier to someone who is important to Swedish society, you need to be more careful even if your own business is not critical to society.... the entire supply chain needs to be more careful.
No one knows exactly what is happening everywhere right now, but cyber security is important and attacks, mainly from Russia, have increased violently with the invasion, Thomas is sure.
"What we're noticing in our constant monitoring is that some people are being subjected to fewer of the usual minor attacks we've been used to. Now the targeting seems to be on particular companies more focused," he says.
A recent example is the Swedish company that was attacked and breached. The company, which manufactures surveillance cameras, was itself not the main target, but the places that use the cameras; for example, the Armed Forces.
"One can only guess at the damage that could be done if the Russians get hold of the images taken by the cameras... A kind of digital Spetznaz that they could use to harm Sweden indirectly."
Read more about Cybersecurity Monitoring & Control
Cyber Security Monitoring & Control is the ability to effectively monitor, detect and combat potential threats to your business.