“Having any automation in place will save money, but most importantly time.”
Hi Scott, please tell us about your role and the team / technology you handle at NTT Ltd. How did you arrive at NTT?
I came to NTT through the acquisition of Solutionary. My role as the SOC Director for the Americas Region is pretty simple, but nuanced. I:
- Ensure my team has the tools, training, and standards to serve our customers.
- Liaise with our threat intelligence center and incident response teams.
- Collaborate with the sales team in client relations for both current and new clients.
- Maintain a working knowledge of every service that we deliver, along with a mental map of the infrastructure and staffing needs to ensure the services can be delivered smoothly.
- For an idea of the kind of technology we leverage and how a DOC works, check out this virtual tour: https://ntt.l8h.eu/
Could you tell us how the recent security threats are forcing IT companies to relook into their digital infrastructure?
I think anyone that doesn’t take security seriously today will end up on the news like so many others have. The sad reality is however, even “if” an organization takes security seriously, it only takes one blind spot to get hacked. With everything being more cloud and SaaS based, the most important thing to do these days, aside from having a sound incident response plan in place in order to minimize the breach exposure time and the overall impact of the attack, is to know your supply chain, know your partners, vendors and service providers, their history, how they perceive their own cyber hygiene. It’s kind of like going on a first date – you want to ask around and do your research before you jump in to ensure you’re compatible.
What are the major types of threats that could badly affect any business? How can businesses optimize their spending on security operations?
Right now ransomware is a significant threat and the single largest vector is email (phishing). The weakest link in any company is the person who takes cyber security the least serious.
According to our 2021 Global Threat Intelligence Report (GTIR), cyberattacks have increased by 300% with hackers taking advantage of pandemic-induced global destabilization by targeting essential industries and common vulnerabilities from the shift to remote working. Other major threats include:
- Crypto malware has unseated spyware as the greatest malware threat accounting for a staggering 41% of all detected malware in 2020 (followed by Trojans: 26%; Worms: 10%, Ransomware 6%.)
- XMRig coinminer was the most common variant, representing nearly 82% of all coinminer activity with nearly 99% in EMEA. It was also the most common malware in the Americas.
Businesses can optimize in a number of ways; two key approaches are:
- Automate – Attacks today are partially if not fully automated, so if you don’t have automation in your defense strategy, you are in trouble.
- Patch and streamline – Pick a single software, or SaaS solution, and make everyone in the company use it. An all too common vector for attackers is finding a way in due to outdated software and most companies have two of everything (office, chat, email, document repository, etc.) which make it that much harder to keep their systems and software patched. Patches exist for a reason, and until AI is fully aware, there will always be holes in coding, it’s the cost of doing business.
Are third-party Cloud solutions reliable in the modern context of cybersecurity?
Absolutely. Many cloud providers build security into their solutions from the start. It will take a bit of research, and asking the right questions, but the information is out there and organizations should understand the features and limitations of their cloud provider(s).
At NTT, how do you identify, analyze and monitor the various threats? What predictive modeling do you use for threat detection and reporting?
We have various approaches depending on the threat. We offer managed threat detection and response (MDR), Managed SIEM with threat detection (SOCaaS), we have teams of threat analysts that work with our Global Threat Intelligence Center and our Digital Forensics and Incident Response team as well.
Two of the most important elements here are Mapping tactics, tools and procedures (TTP) and threat intelligence.
- Mapping TTP used by threat actors helps to understand their strategy, the time it takes them to deploy their attack and how much time an incident response team has to discover, escalate and remediate.
- Focusing on threat intelligence, so incident response teams can act as hunters and detect threats early on and even predict threats by analyzing patterns and offender profiling. Early detection and prediction are crucial, as these days response teams have minutes or less to respond to an attack.
Hear it from the pro: What are the biggest trends in IT security and threat detection that every business professional should watch out for in 2021-2022?
Automation, automation, automation and actionable threat intelligence.
With the massive adoption of API’s, specifically REST, it’s easier than ever to interface with other technology to pull the information you need faster than a human can search for it. Having any automation in place will save money, but most importantly time. Today cybersecurity defense is struggling. Threat actors are innovating, automating and scaling making it hard for companies to keep up. Today, the difference between identifying a threat sooner rather than will have big implications on an organization’s business continuity and its bottom line.
Tell us more about the hiring challenges when it comes to technology companies like NTT? What advice do you have for the industry leaders in this regard?
The brutal truth is that there is not enough talent to go around, and security analysts know they are worth a lot. So be prepared to invest in talent. Beyond that, rotate your staff to get them varied, practical, on-the-ground experience. The most common reason I see security people leaving an organization is that they’re bored. Talented security specialists generally like a challenge.
Thank you, Scott! That was fun and we hope to see you back on itechnologyseries.com soon.
[To participate in our interview series, please write to us at email@example.com]
Experienced Security Operations Director with a demonstrated history of working in the information technology and services industry. Skilled in Information Assurance, Information Security, Systems Engineering, Physical Security, and Auditing. Strong operations professional with a Masters in Management Information Systems with a focus towards Cyber Security
NTT Ltd. is a leading global technology services company. Working with organizations around the world, we achieve business outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital and secure. Our global assets and integrated ICT stack capabilities provide unique offerings in cloud-enabling networking, hybrid cloud, data centers, digital transformation, client experience, workplace and cybersecurity. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries and delivering services in over 200 countries and regions. Together we enable the connected future.