Chris Thomas, Senior Security Advisor, APJ, ExtraHop

Cybersecurity debt, investments, and trends with ExtraHop

Chris Thomas, senior security advisor at ExtraHop for APJ, answers questions that EITN has about what ExtraHop does, as well as trends and cybersecurity awareness.

EITN: Can ExtraHop explain what they do, in 200 words or less?

Chris: ExtraHop is a cybersecurity partner aimed at helping enterprises reveal and unmask attacks that are hidden within their networks through Network Detection and Response (NDR). We understand that trust is the foundation of every relationship, and for today’s stakeholders, a security breach can quickly erode strong connections that have been built up over the years. Ensuring trust starts with the truth, which can be hard to achieve if organisations do not know what is taking place in their network.

At ExtraHop, we give organisations the truth about threats – how they got in, how long they’ve lingered in your environment, the scope of their damage, and how to stop them at top speed.

We offer our customers  comprehensive situational awareness and 360-degree visibility into on-premises, multi-cloud, and distributed networks. This is paired with our machine learning, forensics, and decryption capabilities that delve deep into past, present, and future cyberthreats for smarter prevention. We also provide organisations with the most advanced tools to supercharge their defense with the aim of helping organisations see more, know more, and stop more cyberattacks.

EITN: How have recent developments in technology redefined practices of cyber hygiene, if it has at all?

Chris: The results of our 2023 Cyber Confidence Index show that organisations are still relying on legacy solutions, which are more often than not ineffective at handling cyberattacks. In Malaysia, Singapore, and Indonesia, 75 percent of companies surveyed say that outdated security practices have contributed to at least half of cyberattacks.

Old network protocols like SMBv1, NTLM, and LLMNR contain critical vulnerabilities that are frequently exploited. In particular, SMBv1 is notorious for being used as an entry point for ransomware like Wannacry and NotPetya to spread to other unpatched systems. NTLM and LLMNR protocols are also prime targets as they contain passwords that attackers can use to conduct lateral movements. According to our report, most organisations in Malaysia, Singapore, and Indonesia reported running on one or more of these protocols at 98 percent.

Another issue is the increase in unmanaged devices that are connected to the public Internet and are capable of being remotely controlled. Without proper security, these devices can act as gateways for attackers to slip in and disrupt applications and services. In the previously mentioned countries, 38 percent of organisations were found to be using unmanaged critical devices. Furthermore, 57 percent said that their devices were capable of being accessed remotely, and 48 percent said that they were exposed to the Internet.

Ensuring proper cyber hygiene and reducing cybersecurity debt requires organisations to monitor systems to ensure they are running on current and secured configurations. With an NDR solution, organisations can identify outdated protocols and take immediate steps to update them.

EITN: How can businesses balance the need for cybersecurity investments with other operational and financial priorities?

Chris: Paying ransoms to restore services is a highly risky move that often serves to encourage perpetrators.

In Malaysia, Singapore, and Indonesia, 83 percent of organisations that were targeted by ransomware had submitted to attackers’ demands at least once. Giving in to ransoms often embolden attackers as they know they can get businesses to pay up. Furthermore, there have been instances where attackers withheld the keys or tools to restore all systems, meaning that organisations lost access to critical functions or applications. Therefore, businesses need to ensure that their ransomware protections are working as intended to prevent recurring financial losses.

IT teams should also prioritize the issue of cybersecurity by bringing these discussions to the boardroom. The challenge, however, comes as both teams see the issue of cybersecurity through different lenses. Therefore, IT teams need to frame discussions in a manner that converges both viewpoints. For example, executives are more likely to be convinced when talking about the business benefits of integrating cybersecurity solutions, such as the consistent performance or improved productivity necessary to build and sustain customer trust. If a breach occurs, trust, the foundation of every relationship, can easily be eroded if customers do not have the ability to see what threats are in their network and stop them in their place.

EITN: How can cybersecurity debt be managed over the long term, and what role do ongoing education and training play in mitigating the risks of cybersecurity debt?

Next-gen NDR tools enable organisations to maintain robust security by creating a 360-degree transparency to the network’s hybrid attack surface. Compared to inefficient manual audits, these solutions are designed for behavior-based detection, cloud-based machine learning, hybrid forensics and the capability to detect encrypted attacks through decryption. They also ensure that programs are running on current configurations, which is necessary to plug security gaps within the network.

However, NDR tools alone are not some silver bullet to cybersecurity debt, as a lack of skilled experts and talents can open the doors to more attacks. This is especially so as cybercriminals are not letting up in their efforts to disrupt operations or steal sensitive files from organisations. This raises the need for education and training to equip workers with the technical and non-technical skills necessary to detect and respond to current and future threats. The ability to ask the right questions and having the fluency in programming and communication alike are crucial to roles of incident response, analytics, and auditing that can empower organisations to keep pace with new attack developments and stay compliant with local and global regulations.

5. What are some emerging trends in cybersecurity that businesses should be aware of, and how can they prepare for these future risks?

Chris: One of the new ways cyberattackers will target organisations is through AI platforms like ChatGPT. Through this technology, it is possible for those with basic computer knowledge to create their own attack types. For instance, ChatGPT’s ability to imitate human speech and writing patterns enables the creation of official-sounding emails that can trick readers into thinking that the sender is from a government agency or company. AI platforms also have the potential to create more elusive variants of malware as well as identify software and web vulnerabilities.

We also expect other threats, like supply chain attacks and state-sanctioned hacking, to be on the rise. The use of downstream open-source and third-party managed software to support business operations has the unintended effect of creating entry points for attackers to breach the network. Simultaneously, groups like Conti and Vice Society have escalated their attacks against government agencies and public entities across the globe. This has prompted other nations like Singapore to avoid becoming victims of collateral damage by strengthening their cyber defense. For instance, the healthcare industry in particular has grown tremendously as a target for cyber crime in light of rapid digitalization and the increasing sophistication of threat actors’ modus operandi. However, the industry remains aware of this growth as a target, with Asia-Pacific’s healthcare cybersecurity market expected to have the fastest CAGR of 23.47% according to The Brainy Insights.

Thankfully, there is a growing awareness of the role that the integration of machine learning (ML) algorithms plays. This technology enables security teams to detect attacks quickly before they make their move and adopt smarter responses through context-driven insights. For instance, our Reveal(x) platform uses ML-powered capabilities to identify legitimate or suspicious traffic patterns and user behavior. When choosing the best security solution, businesses need to consider which data sources the ML systems will leverage and whether they can support employees’ abilities to succeed in their work.