Q. As one of the Cyber Security experts at CodeBlue, would you care to elaborate on your role and how you go about your day to day?
Rameez: As a Senior Cyber Security Analyst at CodeBlue, it’s my job to help CodeBlue to continually improve its Information Security (IS) posture. I assist in identifying IS risks, potential vulnerabilities and develop strategies for mitigation using security controls and different processes that we can take. I also help to assess our customers security posture and provide recommendations on how we can help enhance that posture. Provide support to our internal team with security related queries, consultations, and technical recommendations across different security areas.
Q. How long have you been working in cyber security?
Rameez: I’m coming up on a decade working in cyber security. I started my career as a Network Engineer back in 2011 but quickly moved into the cyber security domain.
Q. And would you say you’ve seen a lot of changes over the past decade – How have you found that within NZ, and more broadly when it comes to security, how do you see the current state of play in NZ?
Rameez: I’ve worked in four different countries before coming to NZ, so you could say I have a broad view of global threats. In NZ, the trends that we’re seeing around phishing attacks is an increase in sophistication and bad actors who are using new and varying techniques to launch attacks. The overall level of complexity and sophistication has increased since I started my career.
Q. Do you think phishing attacks and cyber security in general is on the forefront of NZ SMB’s minds, or is this something that needs to be improved upon?
Rameez: Businesses are starting to understand the fluid dynamics of the cyber security landscape. Some of the latest cyber-attacks that have targeted large global companies, such as the New Zealand Exchange (NZX) and others are helping NZ businesses open their eyes to the overall business risk. As a result, locally we’re seeing more organisations enhance their posture. With the rise in phishing and credential attacks, organisations have started to invest in end-user training and awareness to educate their staff.
Q. Keeping on the topic of phishing attacks and how they typically start from an email being interacted with that shouldn’t, can you provide some more insight into how they come about and what they are and look like?
Rameez: Predators use common scam techniques based on what is happening in the country at that moment. These actors are leveraging tools and techniques that send fake emails to users that look like they’re from a legitimate email address. But if you hover over the email address it will show a different email address. The tools used mimic emails that they’ve seen to come from the legitimate source and then add an attachment or link designed to compromise users.
The main objective is usually credential harvesting. The actor uses the phishing email as a precursor to a more serious attack, the most common of which being ransomware, but there are other attacks like DDoS and terror as well.
Q. We briefly touched on the current level of maturity for NZ businesses and how they’re becoming more aware of the associated risks. What are the most common flaws or areas that could be improved for NZ SMB’s right now, and what can they do to improve?
Rameez: That’s a great question. Because the technology landscape is always changing, you need to be on top of each element of your environment. SMB’s need up-to-date technology in place so that we can protect and detect these attacks as they occur in real time. In addition to that, as we’ve already discussed, user education is so important for a business.
Q. CodeBlue have worked alongside HP for a long time, what sort of changes are we seeing in the endpoint device field – are the devices becoming more sophisticated to help alleviate some of the weaknesses around end-user behaviour?
Rameez: When HP design their endpoint products, they take into consideration the sophistication of global attacks to determine endpoint security needs. HP’s chipsets and the quality of configurations used in devices provide an extra level of protection for users.
Q. With an unpredictable global health pandemic, are you seeing NZ businesses becoming stifled by a lack of internal resources to properly manage their security posture? And are they taking advantage of the right technologies?
Rameez: In short, they are a little stifled. Cyber security is such a complex topic and requires dedicated resources and knowledge, even to manage firewalls and security controls in an organisation. This is where an IT Managed Services Provider can help and manage the right technology for combating cyber security issues for businesses, while allowing SMB’s to focus on more important aspects of their business.
Q. In terms of CodeBlue’s managed services and in particular, your security services, how do they help to combat the challenges and demands that we’ve been discussing?
Rameez: Here at CodeBlue, the first port of call is always about what’s happening in the threat landscape at that time, and then we provide services accordingly. So, for example, the phishing attacks that we are, we have a security awareness program in which we provide support while also helping organisations educate their users on a regular basis. Whether it’s monthly, fortnightly, or something else, we send out real world simulated phishing emails to test users. If they click on it or fall for it, they’re redirected to training that is relevant to avoiding such an attack in the future.
We can tailor our training material to suit the needs of SMB’s and we also have a system in place that enables end-users to report any suspicious or malicious emails which is sent to our Security Operations Centre for analysis. It bolsters our catalogue of known threats and helps to develop a culture of cyber security awareness within the organisation, and ultimately helps us shorten the time from identification to mitigation.
Overall, we provide an in-depth security strategy to combat sophisticated attacks. In addition to our core cybersecurity services, such as, Managed Firewall, DNS Filtering and Anti-Malware which are the entry level requirements for protection. These signature-based solutions are designed to block malicious attacks and prevent access to known blacklisted domain and IP addresses. We also offer Endpoint Detection Response (EDR) and Security Information Event Management (SIEM). These advanced offerings are behavioural and analytical based and are required to detect and prevent malware attacks, in the absence of a signature file.