Wanstor and Veeam host a Roundtable titled 'Last Line of Defence: Response in the Age of Ransomware - Building a Resilient IT Strategy in a Changing Threat Landscape'

In today's digital era, cybersecurity goes beyond merely safeguarding data.

It's essential for maintaining the integrity and resilience against various threats, including ransomware. We face these challenges in an ever more uncertain world, whether it's due to digital transformation, geopolitical conflicts, cybercriminal activities, or the current shortage of cybersecurity skills.

Wanstor and Veeam hosted a thought-provoking breakfast roundtable with IT leaders wanting to dive into these aspects of increased risk, the increased expectations this place upon us as IT and cybersecurity practitioners and share best practices. The talk was led by Andre Troskie, EMEA Field CISO of Veeam and Richard Kuczma, CTO at Wanstor. Below are some of the key highlights.

Cybersecurity Threats

We live in a world with growing risk from cyberwarfare, cybercrime, and the cybersecurity skills gap, emphasising the increasing complexity and cost of maintaining resilience. It underscores the significant concern posed by the evolving landscape of cybersecurity threats. Notably, NATO has advised civilians to prepare for future conflicts, indicating that cyber weapons will play a crucial role in upcoming warfare scenarios.

Global Risks

The World Economic Forum's Global Risks Report ranks global risks by severity over both the short and long term. The presentation also delves into the potential impact of a significant cyberweapon being used against the citizens of a major European hub, detailing the resulting disruptions to financial systems, power grids, water supplies, and food supply chains.

Regulatory Landscape

The regulatory landscape is undergoing significant changes with the enforcement of various new regulations globally, such as the EU DORA and NIS2.

Andre highlighted some key common requirements across these diverse regulations, which include robust ICT risk management, comprehensive incident reporting, rigorous resilience testing, meticulous third-party risk management, and the crucial responsibility of board and senior management for cybersecurity.

These measures aim to enhance organisational integrity, accountability, and resilience in the face of escalating cyber threats.

Internal Controls

Andre then emphasised the importance of developing effective internal control systems in maintaining organisational integrity and accountability. He spoke of the maturity of these controls, outlining the stages of maturity encompassing people, processes, and technology. Furthermore, his talk highlights the critical role of efficiency and effectiveness in these controls, underscoring their significance in safeguarding against evolving cyber threats.

Cyber Essentials

As a full-service Managed Services Provider, Wanstor plays a crucial role in helping our customers implement the right cyber security measures.

Our CTO, Richard Kuczma, outlined the benefits of IASME’s Cyber Essentials / Cyber Essentials Plus Certification as a first step towards a more secure organisation – as it focuses on five basic technical controls to prevent the most common cyber-attacks, including malware, ransomware, and phishing.

Richard then led a discussion around various topics around cybersecurity and ransomware, particularly with presenting risks to the board and getting sign off on cybersecurity investments. The group discussed a wide range of cybersecurity topics. Some highlights for us were:

Reporting on cybersecurity posture to the board

Inevitably most people were framework orientated, so using frameworks like CE+ and ISO compliance were the top picks for reporting and metrics.

Investing in preventative measures for business continuity, disaster recovery and operational outages

Planning for these applies equally to both cyber security incidents and more mundane outages. The general agreement was that there was a need for creating business cases to be presented to the board to invest in preparedness measures e.g. the cost impact of a system or site being down for ‘X’ hours – focusing on both financial and reputational losses.

Engaging the Senior Leadership team in "tabletop" exercises

Using simulated scenarios to test an organisation's response to various cyber threats not only helps improve security posture, it also helps with getting buy-in for investing in security.

The group also concluded it helped improve overall awareness, preparedness, communication and coordination across the organisation.

We at Wanstor love these sessions as they bring together industry experts and technology leaders to facilitate collaborative discussions around best practices. With this rich discussion, we concluded the morning with a delicious breakfast and lots of food for thought.