Recent research by Orange Cyberdefense has revealed an increase in the number of cyberattacks that have taken place this year, fuelled by a new working environment which has seen many organisations adopt to remote workforces. Haifa Jlassi, Orange Cyberdefense Security Expert for META at Orange Business Services, highlights how Orange Cyberdefense helps to protect customers in this increased remote workforce environment, as well as the support offered if the worst should happen.
Can you describe the current threat landscape? What are the major threats that your customers are experiencing?
It’s been a very challenging year where organisations across the globe have had to adapt their working processes to accommodate remote workers in a very short time. This has meant allowing remote access to assets, as well as moving to the cloud. With that, there has been an increase in the attack surface and many organisations have been victims to cyberattacks.
Looking at the Orange Cyberdefense Navigator, you can find some very interesting statistics. Our cyber analysts across the globe analysed something like 1,000,700 events last year and found that 41% of those were confirmed incidents, proper attacks.
Across the regions, we saw an increase in social engineering – 5% in 2020 compared to 1% in 2019. If we look at malware incidents, we’re talking about something like 13%. These are both state-backed criminal hackers as well as small hackers.
They have identified opportunities by understanding that organisations are opening their assets to the public to make it easier for their workers. That’s why we see a lot of ransomware attacks in the news, as well as supply chain attacks.
How is Orange Cyberdefense positioned to address these threats?
Detection, impact limitation, response and recovery are essential to reduce the duration and impact of a compromise and avoid a fully-fledged breach. Achieving this requires more than just mastering security basics.
That’s why at Orange Cyberdefense, we have a team of very experienced security practitioners to help our customers assess security architecture, their vulnerabilities and defence in depth.
We have 11 cyber SOCs across the globe providing an intelligence-led detection response and recovery for our customers to stay operational and out of the news.
What are the best strategies for beating ransomware attacks?
Ransomware is generally the final stage of malware infection. This is the last action of a compromise that has already progressed through several other phases of exploitation. Malware operators will extract every possible bit of value from a compromised endpoint before initiating encryption and revealing their presence.
So, the earlier we can detect and disrupt malware activity, the less likely it is to progress to a ransomware incident. The challenge is that there is not one type of technology that solves detection, so you need to have a clear view on vulnerabilities to be able to better assess your risk, then work on early detection.
Then, alongside detection across log data, network data and endpoint data there are also threat activities that happen outside of your infrastructure then might pose a risk to your business that need to be detected.
You probably cannot solve all problems at the same time. But you can choose a security partner with a complete MDR portfolio and the right expertise that can guide you to get the best of your investments.
How do you help organisations to protect themselves in an increased remote workforce environment?
Orange Cyberdefense offers complete secure access service support and we help our customers implement a Zero Trust strategy with our services and recommendations, but at their own pace.
Our strength comes from the combination of our expertise – we’re a cloud provider, a connectivity provider and a security provider. The combination of the three makes it easier and more effective for our customers.
Those offers are completed by our cyber SOC service which not only covers the SOC triad of log, network and endpoint but also detection of threats to the business of the open, deep and dark web.
You can start with whichever is the most relevant for your parent need and then expand based on the business requirements.
How do you help your customers to protect their brand against cybercrime?
Our CERT team is dedicated to detecting cybercrime against our customers. They have a dedicated cybercrime monitoring team comprised of around 20 intelligence analysts across three different global locations, speaking 10+ languages.
They are largely specialised and have worked in fields like the military or intelligence agencies. We’re talking about 18+ plus years of experience in this field and they are also a member of industry recognised bodies.
They have partnerships established with different vendors and have access to private lists, as well as specific communication channels with police and intelligence agencies.
This team also has access to the specific agreements that Orange, as a telco, has with the Internet and security global organisations like the public Internet registry, VeriSign and so on.
They have all the tools to be able to constantly monitor the web, mobile and social channels, identify any brand exploitation, any social media impersonation, any malicious mobile apps, defacement of legitimate websites and open detection and they can then send a notification to the customer, provide him with recommendations and help with takedown options.
How do you support your customers when they are under attack?
Zero risk doesn’t exist. We deal with this in a reactive way when the customer is under attack.
We have a CISO team which is also very experienced, and which has the right skills and the methodology to assist our customers in identifying, containing, eradicating and recovering from cyber incidents. They follow the principles of the Association of Chief Police Officers for all aspects of evidence management. We look to ensure that if your defences have been breached, the threat is prevented from escaping and damage is really limited to a minimum.