SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers

Video: 10 Minute IT Jams - An update from Cydarm

Wed, 5th Oct 2022
FYI, this story is more than a year old

Cyber attacks are escalating. Companies must act fast.

This is the warning from Vaughn Shanks, CEO of Sidearm, a cyber security company focused on resilience and rapid response to ever-evolving digital threats. Speaking on the 10-minute IT Jams podcast, Shanks emphasised the crucial importance of operational efficiency in defending against cyber crime, particularly as attack methods, regulations, and workforce challenges continue to change.

Sidearm's offering is a cyber security operations platform designed, as Shanks described, to deliver "better, faster, and more consistent cyber security operations," which can be tailored to any organisation's specific requirements. The system, which can be hosted by Sidearm or the client, is built around evidence-based security, using data to improve resilience and foster greater collaboration between teams.

"Depending on who you are, that might determine what security attributes you have – be it a staff member at an organisation or maybe an external service provider or someone in an adjacent team," Shanks said, outlining Sidearm's approach to fine-grained access control. "Based on your attributes, we can actually filter what is displayed and it's this fine-grained access control that actually enables the collaboration on the platform."

At the core of the Sidearm platform is its case management system, designed to help organisations mitigate increasingly sophisticated cyber risks. Shanks pointed to two major factors driving demand: a steep uptick in cyber attacks and the growing skills shortage in the industry.

"You need a way to bring less experienced people into your security operations team if you're going to be able to staff a security operations effort, and that's not possible if people are having to learn everything as they go," he said. The solution, Shanks explained, lies in integrated playbooks: "Someone with very little training can join an experienced team and immediately start becoming productive by doing some of the more routine tasks and also leaving a paper trail as they go."

He referenced the "110 60 rule", a benchmark which allows one minute for triage, ten minutes for understanding, and sixty minutes for containing a breach. "If you want to front run that, you need to be very efficient at triaging threats, understanding and providing context around threats, and then containing the threat," Shanks added. "That process is a lot easier if you have a platform that enables you to spread that effort among several people… we're just removing that cognitive burden to allow teams to function really well, even on their bad days."

Upcoming advancements for the Sidearm platform include a significant upgrade to its playbook feature, moving from a basic checklist approach to a more dynamic flowchart style. "We're moving into something that works more like a flowchart," Shanks revealed. "Part of that will be the ability to do hybrid orchestration – so preserving human agency and collaboration where you want to have that flowchart ability and be able to parallelise tasks and make decisions, but then also speeding up parts of the process using automation."

There is also a concerted effort to make the platform more user-friendly. "We'd like an administrator at an organisation to be able to immediately, once they get onto the platform, to start integrating with their existing security infrastructure," Shanks explained. "We're aiming to make that process smoother and easier for our users."

Addressing the threat landscape, Shanks described a worrying increase in both the volume and severity of cyber attacks over the past three years, especially ransomware. "We've seen a spate of ransomware attacks, and I think this has been made worse frankly by the prevalence of remote work," he said, noting that hybrid and remote working practices have expanded the pool of systems accessible from outside, even including critical national infrastructure.

He cited e-commerce as another pressure point, observing that the sector saw "ten years of growth" during just the first six months of 2020, rapidly broadening the attack surface for cyber criminals. "As they say, the defenders have to be right all the time, attackers only have to be right once."

While ransomware grabs the headlines, a more common and profitable form of cyber crime is business email compromise, according to Shanks. "This is where even a small organisation can get a threat actor into their email system and basically trick them into paying invoices into bank accounts that are not owned by them," he explained. Phishing, credential stuffing, and password theft remain common attack vectors, and web application weaknesses are "still very prevalent", he added.

Shanks also warned businesses not to overlook regulatory risks. "Regulation is a threat to business," he said. "The government can fine you, they can impose additional restrictions or obligations on you if you're in critical infrastructure… patience of the government and the regulators and the general public frankly is wearing thin, so more regulation is coming."

To stay ahead of threats, Shanks advocates for rapid access to expertise, tested processes, and adaptable technology that can keep up with changing demands. His advice to organisations is to be ready for both the usual and the unexpected, particularly as attackers innovate and regulators tighten rules in response.

"We're very happy to provide a demo to any prospective customers and we can also set you up with a trial if you're keen to know more," Shanks concluded. "We're aiming to make cyber security operations accessible and effective for everyone."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X