Cyber Security Insights for Resilient Digital Defence

How to prepare for increasing cyber attacks on critical infrastructure

By Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea Today, everyone is well aware of the widespread and serious nature of cyber threats. Cyber criminals have infiltrated almost every sector, from banking to healthcare to government departments. And as the years go by, we see increasingly sophisticated and harmful attacks happening. However, while personal data and financial privacy remain top concerns in the public’s mind, there are other targets in the crosshairs of cyber criminals that pose an even greater threat to society – critical infrastructure.  How is critical infrastructure being impacted by modern cyber threats? Critical infrastructure attacks are becoming a major concern for the safety of people worldwide. A 2022 report from Waterfall Security states that major sectors like energy, utilities, and transportation experienced over 150 cyber attacks last year, representing an alarming rise of almost 150% from the year before.  Cyber criminals, using methods like ransomware and DDoS attacks, are focusing on essential systems that maintain the well-being and security of communities. As more public services organisations and government agencies digitise their operations, the risks of these types of attacks are only going to continue to rise. Fighting back: How organisations are protecting critical infrastructure Awareness and action are two primary factors contributing to critical infrastructure organisations fighting back against modern cyber threats. Below are some key actions that need to be taken by organisations to reduce the risks of major operational disruptions due to cyber attacks: Adopting a proactive approach to cyber security Not having proactive security measures in place is a major risk within critical infrastructure systems. This not only includes taking the time to audit and test systems for potential weaknesses, but also putting more priority into budgeting and allocating resources to cyber security.  Focusing on network segmentation Because of the amount of data and interconnected systems that make up critical infrastructure operations, there are wide attack surfaces for cyber criminals to exploit. To significantly limit the impact of potential attacks, organisations need to focus on network segmentation and strong access controls between both IT and OT (Operational Technology).  By dividing networks into smaller pieces and implementing security measures, such as Privileged Access Management (PAM) and Defence in Depth protocols, it becomes much more difficult for attackers to move laterally across systems and networks. Establishing a cyber security culture Without a culture of security awareness, organisations aren't able to effectively identify and combat the constant threats. This requires a much more holistic approach, going beyond just implementing security technologies and instead establishing a culture of security throughout the entire organisation. Employees who are trained are more likely to report suspicious activity and contain an attack before it turns into a catastrophe.   Because critical infrastructure systems often involve a large number of employees and third-party contractors, it is essential to educate and train everyone on security best practices including the use of Remote Desktop Protocol (RDP) and strong password hygiene such as using a password manager or PAM (Privileged Access Management) solution. Creating a comprehensive incident response plan With the crosshairs consistently on organisations with industrial operations, it's important to think of cyber attacks as a matter of "when" instead of an "if”. This means having a comprehensive incident response plan in place to effectively counter and respond to attacks.  This plan should include steps such as identifying the breach, containing and minimising damage, restoring systems, and learning from the incident to improve future response. Keep our critical infrastructure secure No matter where a cyber security threat comes from, organisations must have a comprehensive strategy in place to protect their infrastructure. Prioritising network segmentation, strong access controls, establishing a culture centered on cyber security, and having a clear incident response strategy can help organisations minimise or avoid altogether these crippling attacks.

NMi Group acquires TrustCB

NMi Group has announced the transformative acquisition of TrustCB in the cyber security domain. This strategic move solidifies NMi Group as the premier provider of certification services for the evolving landscape of digitally integrated and smart devices. A key emphasis of the acquisition is TrustCB’s expertise in translating common criteria standards via SESIP to the Internet of Things (IoT) domain. This strategic move further fortifies NMi Group's dedication to "measure tomorrow" by synergising precision in measurements with increasingly requested robust cyber security standards. In legal metrology and common criteria, coexistence is imperative to guarantee a holistic approach to the functionality, accuracy, and security of devices such as smart meters, smart grids, and other smart industrial devices. Manufacturers and operators navigating these digital landscapes must adhere to both legal and cyber security regulations, ensuring compliance with standards for accuracy and security. Expressing enthusiasm about the strategic move, Yvo Jansen, NMi Group CEO, states, "Acquiring TrustCB fortifies our commitment to excellence in smart industrial devices. By integrating accuracy in measurements with robust cyber security standards, we ensure regulatory compliance and enhance the overall reliability of our solutions." Echoing this sentiment, Wouter Slegers, TrustCB CEO, adds, "Joining forces with NMi Group is a strategic move safeguarding the TrustCB common criteria and dedicated scheme certification business even further. In practical ways, nothing changes; TrustCB stays the trusted, responsive partner as a certification body. This synergy amplifies our commitment to precision and security in smart industrial devices, advancing the global standard for regulatory compliance and elevating the trustworthiness of our certified solutions."

Logpoint and SecurValue to secure organisations in Southern Europe

Logpoint has announced a partnership with SecurValue, providing cyber security services to help customers detect and respond to cyber threats. Armed with its SIEM+SOAR solution, SecurValue can offer robust threat detection and response, real-time data analysis, early detection of data breaches, and easy implementation of compliance requirements. “We’re happy to partner with SecurValue to help organisations strengthen security posture and cyber resilience. They share our vision for conducting long-term business in Southern Europe,” says Christian Pijoulat, Regional Director SEMEA at Logpoint. “SecurValue has a tailored approach to their customers, based on skilled cyber security professionals and trusted technologies, and we’re proud that Logpoint’s solution is now a part of that.” The Southern European market is preparing for the local implementations of the Network Information Security (NIS)2 directive from the European Union to increase cyber resilience across the EU. The directive will expand the existing regulations within data and cyber security, introducing stricter requirements for a broad range of sectors. Non-compliance and failure to report incidents will result in significant fines and sanctions. “We’re excited to add Logpoint to our portfolio to offer our customers improved security capabilities, streamlined operations, and enhanced compliance adherence,” says Fabio Cagna Vallino, Cyber Security BU Director at SecurValue. “CEOs across the region are becoming aware that cyber threats are a top concern and that investments in cyber security are essential to minimise cyber risk. Especially small and medium-sized organisations are struggling with the lack of cyber security professionals trained to handle threats effectively, which leaves them at a major risk of exposure.” SecurValue will offer the Logpoint SIEM+SOAR solution, which analyses security incidents and automates the investigation of threats, improving cyber intelligence, reducing cyber security risk, and accelerating threat detection, investigation, and response. SecurVlaue will also use Logpoint Director, a platform that helps MSSPs and MDRs update, manage, and monitor large and multi-tenant deployments.

Aspire expands its footprint with the acquisition of Cloud Cover IT

Aspire Technology Solutions, a cyber security and modern workplace managed service provider, has announced the acquisition of Cloud Cover IT, a managed service provider based in Glasgow. This is an important strategic acquisition for Aspire, aligning with its vision for expansion into new UK regions and expanding its portfolio of cutting-edge technology solutions.  As part of this investment, Cloud Cover IT will become a part of the Aspire group, and its software development and business applications division will be rebranded as 'Flyte.' The company will be well-positioned to make ongoing investments, better serving its growing customer base by extending its business applications offerings. Cloud Cover IT has been delivering IT support and digital transformation solutions for over 11 years. It prides itself on providing excellent service to its customers. As part of the Aspire group, it has access to the full range of Aspire products, solutions and expertise, offering greater benefits to its customers. Chris Fraser, CEO and Founder of Aspire says, “Our acquisition of Cloud Cover IT marks a new and exciting chapter for both companies. This move will strengthen our presence in Scotland, positioning us in a thriving market. The Cloud Cover team will become an integral part of the Aspire group, and together, we believe we can grow significantly in this key strategic market. I'm excited to see the opportunities accelerate as we offer customers, present and future, the innovative solutions that they need in a changing world. Exciting times lie ahead.” Lance Gauld, Founder and MD at Cloud Cover IT, comments on the synergy between the two companies, “Multiple factors drew us to Aspire; they are an outstanding company. The alignment between our organisations and how we complement each other is evident. We share similar values in our approach towards our people, customers, and objectives. This partnership is not merely a merger with a large IT company; it is a collaboration with a leading UK technology provider that understands us. As part of the Aspire group, we can grow our footprint further and broaden our offerings with access to more expertise, resources and an extensive portfolio of solutions to help our customers drive their businesses forward.” With a 17-year legacy in the technology sector, Aspire has experienced significant growth, serving over 1,700 customers and nurturing a dedicated team of around 250 experts. It has a notable footprint across the UK, including offices in Gateshead, London, Leeds and Teesside. Aspire has earned a reputation for delivering leading solutions across cyber security, cloud, managed services, connectivity and unified communications.

Implementing an effective cyber security strategy in data centres

A robust, scalable and efficient cyber security solution is of critical importance to Colt Data Centre Services (Colt DCS). When looking for a partner to bolster its threat detection and response capabilities, Colt DCS turned to Armor to provide a uniform cyber security platform across all its multinational sites, implementing Armor’s XDR + SOC solution, as well as its VAPT programme to continually identify potential flaws. Background Operating 16 data centres in seven cities across Europe and Asia Pacific, Colt DCS has been designing, building and operating hyperscale and large enterprise data centres for more than 25 years. Like all hyperscale data centre solution providers, Colt DCS’ business model is dependent on customer confidence and being able to convince potential customers that their confidential data, and the data of their own customers, is in the safest of hands. The vast amounts of sensitive and valuable information stored, processed and transmitted by Colt DCS for some of the world’s largest organisations make it a potentially attractive target for cyber attacks. Therefore, effecting a robust and highly assured cyber security platform is essential to its operations and ongoing success. Challenge As part of its commitment to delivering a sustainable hyperscale future for its clients, Colt DCS undertook a thorough evaluation of its cyber security posture. The business found itself reliant on a multitude of disparate solutions, making threat monitoring and response less efficient. This fragmentation also meant that its IT teams did not have a single view of the threat landscape and associated vulnerabilities, instead having to sift through data from various vendors, which reduced response efficiency. Guy Gibson, IT Infrastructure Manager at Colt DCS, says, “What we realised is that we were often ‘reactive’ to threats. We had access to a huge amount of data, but no single view. It felt disjointed and that our current approach lacked structure and control.” Greater vulnerability assessment and penetration testing (VAPT) was also an area it identified for improvement, requiring continuous monitoring and testing of the environment in order to expose potential faults and security weaknesses. Guy Gibson explains, “At the heart of what we were trying to achieve was more efficient threat detection and response, seeking a single source of truth solution that would provide us with greater global threat intelligence, control, testing and guidance, whilst also facilitating large scale growth when required. “We needed to work with someone who really understood the threat detection landscape and who could provide a solution that offered zero downtime to facilitate business continuity. The solution would also have to be compliant to data storage regulations across every country we are located in, and crucially, allow us to retain ownership and control of all data. In essence we needed security delivered in an unobtrusive way.” The cyber security team at Colt DCS was also looking for the reassurance of 24/7, 365 days a year platform security, as well as a trusted supplier and subject matter expert who could provide guidance, training and knowledge to its teams, helping them to grow. “We wanted to learn and improve, so trust, communication and seamless integration between the new provider and our Incident Management Team (IMT) was also a must,” Guy continues, “focusing on detecting and resolving Priority 2 (P2) incidents or higher with a well-defined process for incident resolution.” The solution With all challenges and concerns identified, Colt DCS initiated a search for a cyber security partner who could provide an effective solution across its multinational sites. Armor immediately impressed with its delivery capabilities, technical expertise and the comprehensive solution it proposed to simplify the detection and remediation of cyber security-based threats. Guy explains, “We were highly impressed with the solution proposed by Armor. Other vendors/platforms were considered, but Armor came out top in terms of the technical solution, delivery and the flexible capabilities it offered.” Armor project managed the implementation of Microsoft Sentinel, Azure’s cloud-native security information and event management (SIEM) system, as part of its Extended Threat Detection and Response (XDR) function to correlate logs and telemetry data from all sources, providing a complete view for threat identification. A 24/7 Security Operation Centre (SOC) added an additional layer of cyber security expertise to Colt DCS’ defence, enabling swift threat response and guiding remediation efforts effectively.  As part of the XDR+SOC deployment, Armor configured each of the following custom and native log sources: Azure AD: Provides insights into audit and sign-in logs Azure Activity: Provides an overview of subscription level events Azure WAF: Provides Web Application Firewall logs Azure Firewall: Provides network security and application rule logs Azure SQL Database: Provides audit and diagnostic logs Azure Storage Account: Provides audited and diagnostic logs Microsoft 365 Defender: Monitors and logs logons, file, process and registry events Microsoft Defender for Endpoint: Provides security alerts on network endpoints such as laptops, tablets, routers etc. Additionally included in the solution were Armor’s advanced: Analytics Rule Library – including correlation alerting and threat-hunting rules Security dashboards and widgets Configuration of Open Source and Commercial Threat Intelligence Feeds An ongoing VAPT programme was also deployed to identify any potential security flaws and enhance its DPS’ overall security position. As a second stage to this project, Colt DCS is now ingesting a new telemetry as part of its XDR solution – Microsoft’s Defender for IOT.  This will enhance its security further by protecting and monitoring internet-connected devices and endpoints within the data centre infrastructure to prevent cyber threats and vulnerabilities. Guy explains, “The implementation of the solutions was well-managed and required minimal input from our internal teams. Not only was it straightforward, but the benefits were felt almost instantly. The solution from Armor has allowed us to have a better oversight of our global operations and assess the cyber landscape more efficiently. “I haven’t received a single complaint from my team. Everyone sees Armor as a force for good. Armor’s solution has allowed us to shift our mindset internally, we are more proactive and focused. We can spend more time on access control rather than trying to process and understand vast quantities of data, which had become the norm. “There have been numerous threats and vulnerabilities picked up since the implementation of Armor’s system. Issues that I think could have posed a real risk had our teams not been able to detect and remediate them. One example was the detection of a compromised email account which had the potential to be used for malicious means if not resolved swiftly. With this new solution we were able to be informed accordingly and take immediate remediation steps.” Shortly after the implementation of the Armor solution, Colt DCS expanded capacity across ten of its sites. Guy adds, “Having implemented the XDR solution ahead of this expansion undeniably meant that this process was much swifter. It was far less concerning to all involved than it would’ve been using our previous approach. “Overall, the entire solution has helped us to achieve every single objective we set out to achieve on this journey, making the assessment of the cyber landscape a lot simpler for our team, threat detection and response quicker and more efficient, whilst continually facilitating our expansion.” The wins Unified cyber security provision Greater threat visibility Minimised false positives and reduced alert fatigue Simplified and faster incident response Reduction in people hours to detect and manage threats Elimination of threats before they cause damage Improved global oversight across Colt DCS’ locations Implemented with zero downtime and full business continuity experienced Enhanced access control Compliant with data storage regulations across every location Retained ownership and control of all data Accessible guidance, training and knowledge support

Research reveals that 95% of security leaders are calling for AI cyber regulations

Research from RiverSafe has revealed that 95% of businesses are urgently advocating for AI cyber regulations, ahead of November’s AI Safety Summit. The report, titled 'AI Unleashed: Navigating Cyber Risks Report', conducted by Censuswide, revealed the attitudes of 250 cyber security leaders towards the impact of AI on cyber security. Three in four businesses (76% of surveyed businesses) revealed that the implementation of AI within their operations has been halted due to the substantial cyber risks associated with this technology. Security concerns have also prompted 22% of organisations to prohibit their staff from using AI chatbots, highlighting the deep-rooted apprehension regarding AI's potential vulnerabilities. To manage risks, two-thirds (64%) of respondents have increased their cyber budgets this year, demonstrating a commitment to bolstering their cyber security defences. Suid Adeyanju, CEO at RiverSafe, says, "While AI has many benefits for businesses, it is clear that cyber security leaders are facing the brunt of the risks. AI-enabled attacks can increase the complexity of security breaches, exposing organisations to data incidents, and we still have not explored the full extent of the risks that AI can pose. Rushing into AI adoption without first prioritising security is a perilous path, so striking a delicate balance between technological advancement and robust cyber security is paramount." Two thirds of businesses (63%) expect a rise in data loss incidents, while one in five (18%) respondents admitted that their businesses had suffered a serious cyber breach this year, emphasising the urgency of robust cyber security measures. A link to the full report can be found here.

FDM Group and ISACA to boost cyber training programme

FDM Group has announced a partnership with ISACA, a global professional association, to boost its cyber training credentials. ISACA has over 170,000 members and is recognised for its expertise in information security, governance, assurance, risk, privacy and quality. Under the new agreement, FDM employees will benefit from its cyber training, with access to ISACA-approved resources, including online learning tools. The deal will allow FDM to enhance its in-house cyber security credentials, offering the latest technical expertise to its clients. The company has plans to ramp up its cyber security training courses, aiming to equip hundreds of new consultants every year as part of its technical operations programme. Andy Brown, Chief Commercial Officer, FDM Group, says, “Getting access to the latest cyber security expertise is a top priority for every business, and our partnership with ISACA will enable FDM to bring the very highest standards of service and skills to the market. We are very pleased to be working alongside such a prestigious organisation to equip the next generation with world-leading security expertise.” Jeff Angle, Senior Director, Academic and Workforce Development, ISACA, says, “FDM Group is widely recognised as a leading global provider of highly skilled IT experts. We are very excited to be teaming up with such an extensive workforce, sharing knowledge, best practice and industry expertise to further enhance their offering in such a crucial area.”

Neterra launches Startup Accelerator program

Neterra has initiated Startup Accelerator program with the aim of nurturing and supporting start-ups. Under this program, it is providing complimentary or substantially reduced services encompassing cloud, colocation, connectivity and cyber security. The neterra.cloud offering is built on cutting-edge Intel(R) Xeon(R) Platinum processors, offering unlimited data traffic and scalable enterprise-class storage solutions. This package also includes free backup, disaster recovery solutions, and DDoS protection for the initial six months. In a bid to further assist innovative start-ups, it grants access to colocation services in its Tier III+ data centres, including EU based Sofia Data Center 1 (SDC 1), Sofia Data Center 2 (SDC 2), SDC Stolnik, and SDC Ruse, coupled with their high-quality carrier-grade connectivity and global internet exchange through the NetIX platform. For the first six months, Neterra covers the expenses, while start-ups are responsible for their electricity costs. Following this initial period, the global telecom extends discounted colocation services starting at starting at 12 euros/1U rack unit/month. Additionally, Neterra is extending consultancy services to program beneficiaries, offering expertise in network architecture, hardware and software recommendations, configuration, best practices, and managed services for cloud, application servers, hosting providers, and more. The current start-up support program is a continuation of its longstanding commitment to assisting start-ups, a tradition that has been upheld since the company's inception nearly three decades ago. Back then, it played a pivotal role in helping numerous internet providers launch and prosper.  In more recent times, Neterra has demonstrated its dedication to supporting start-ups, as exemplified by its involvement with ucha.se, an online learning platform. Founder of ucha.se, Darin Madzharov, crossed paths with Neven Dilkov, Founder of Neterra, through a mentoring program aimed at nurturing and guiding young talents. In the early stages of development, it extended its support by offering complimentary services during the initial months.

Servecentric generates €6.6m in revenues from international markets

Servecentric has announced that it has generated revenues of €6.6 million from international markets over the last two years. This includes new deals and renewals from customers across Europe, the US and India. This Servecentric growth – which represents a 25% increase compared to the previous two-year period – is being driven by increasing demand for data centre colocation services, underpinned by adoption of Software-as-a-Service (SaaS) applications and cyber security services. The company is also seeing increased demand for cloud repatriation solutions, as more organisations choose to migrate workloads from the public cloud back to privately owned infrastructure. With uptick among customers in the SaaS, cyber security, and Artificial Intelligence (AI) services sectors, Servecentric is anticipating further business growth across Europe, the US and India in 2024 and has plans to enter new markets in Asia during this time. The company continues to build out its cloud offering, having added Platform-as-a-Service (PaaS) to its portfolio. This enables it to support developers with out-of-the-box cloud development platforms. In addition, the organisation has enhanced its support for Intel Software Guard Extensions (SGX) to facilitate confidential computing and safeguard data. Brian Roe, CEO, Servecentric, says, “We have enjoyed significant growth across international markets over the last two years, even as the global IT market began to retrench and consolidate following the pandemic. We have seen particular demand for our colocation services, as enterprises are adopting hybrid approaches to infrastructure and colocation offers the choice, resilience, and high levels of connectivity required. “However, we’re also seeing an increasing trend of customers opting to move services from the cloud, and migrate company workloads back to self-owned infrastructure. Following the race to digitise, companies are now examining their IT strategies and realising that the cloud is not a one-size-fits-all solution and may not necessarily be the best fit for their requirements. “We’re looking forward to continuing to develop our suite of data centre services and build on our valued relationships with customers in Ireland and internationally – enabling them to capitalise on the capabilities of cloud and colocation with custom-built solutions that meet their specific business needs.”

Logpoint and METCLOUD to tackle cyber security challenges

Logpoint has announced a partnership with METCLOUD in the UK to address fundamental cyber security challenges for organisations, as the threat landscape worsens and cyber security expertise becomes increasingly scarce. METCLOUD will offer Logpoint Converged SIEM, including SIEM, SOAR, UEBA, AgentX, and Business Critical Security (BCS) technologies, to empower customers to efficiently manage, identify and remediate cyber threats across the business landscape.  “Logpoint’s solutions give us a greater breadth of capabilities around predictive and preventative analytics, and management and insights across the technology landscape. Logpoint has a unique offering with BCS for SAP, enabling us to address the significant SAP ERP market,” says Ian Vickers, CEO at METCLOUD. “SAP customers account for 87% of total global commerce, which is an enticing target for cyber criminals. Furthermore, the rapid adoption of AI/ML, IOT, OT, VR, digital twins, robotics and automation makes for a more connected world and as such significantly increases the risks of cyber attacks.” METCLOUD is providing Logpoint Converged SIEM and support services via its private and hybrid cloud offering. Logpoint’s cyber security platform protects the entire business by providing comprehensive threat detection, investigation and response across clients, servers, network systems, cloud workloads and business-critical applications​. In addition, METCLOUD has developed its own AI and data analytics services that integrate with Logpoint converged SIEM to further accelerate the speed of threat detection and remediation. “We’re excited about the synergies that the partnership between METCLOUD and Logpoint brings to market. The ability for mid-market organisations to consume SIEM-as-a-Service with SOAR capabilities included is valuable because it speeds up threat detection and remediation and this sector tends to lack the expertise, resources and experience required,” says Jesper Zerlang, CEO at Logpoint. “For larger organisations that are likely to have well established SOC capabilities in-house, Logpoint BCS for SAP is a unique, enhanced security offering that adds more capabilities to existing teams.” Logpoint has a range of customers in the UK, spanning the public sector and industries like finance, manufacturing, defence, and retail. By converging SIEM, SOAR, UEBA, endpoint security, and BCS technologies into a cyber security operations platform. The platform is available on-prem, in private cloud, and as SaaS.