Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now


Security spotlight: How AV is keeping ahead of the cyber gangs

With ransomware and DDOS attacks rising, and increased vulnerabilities as the result of more remote and hybrid working, Installation finds out what kind of steps pro AV vendors are taking to keep data and infrastructures secure

Cyber security has always been the definition of a ‘moving target’, but even so the past 18 months have witnessed an abundance of often troubling developments in this area. In particular, corporations and public sector organisations have had to respond swiftly to the escalating threat posed by two forms of malign activity: DDOS and ransomware attacks.

Computers and Internet of Things (IoT) devices are among the victims of distributed denial-of-service (DDOS) attacks, whereby a targeted server, service or network is deliberately overwhelmed with a very high level of internet traffic. According to a recent Cyber Security & Threat Intelligence Report by Netscout, there were 5.4m DDoS attacks in the first half of 2021 – representing an 11% increase year-on-year. As well as utilising newer “attack vectors”, malign actors have also been developing new DDoS “attack strategies that evade traditional mitigation techniques”.

Simultaneously, IT departments have also had increasing cause to be concerned by ransomware, whereby a form of malware is deployed to block access to, or threaten publication of, valuable company or personal data. To say that the statistics here are troubling would be to make a major understatement. Not only are the ransom fees being demanded continuing to soar – from an average of $5,000 in 2018 to around $200,000 in 2020 according to the (US) National Security Institute – so is the proportion of companies being affected. For instance, a recent report by the International Data Corporation found that 37% of organisations worldwide had been affected by ransomware in the previous 12 months.

If that wasn’t bad enough, it seems almost certain that the global situation is further amplifying the overall threat environment. Although coined by Frank Hoffman as far back as 2006, the term ‘hybrid warfare’ – whereby cyber attacks might constitute one element of a mixed campaign that, for instance, also includes conventional warfare and the deliberate dissemination of false information – has inevitably assumed new prominence in light of Russia’s invasion of Ukraine and its alleged history of intervention in foreign elections. Moreover, in a sign of how much concern there is about the implications of sustained cyber attacks, UK intelligence agency GCHQ has been among the national organisations urging companies to bolster their “cybersecurity resilience”.

With reports suggesting that a surprising number of ransomware demands are being paid in part or in full, it would be easy to feel despair about the overall cybersecurity outlook. But, although there are certainly many causes for concern, Installation’s conversations with a few leading solution providers in this area indicate that awareness of – and attention to – the various risk factors is now firmly on the increase.

Chris Snell, senior solution architect EMEA at enterprise data protection & backup specialist Cobalt Iron, agrees with the suggestion that the overall security environment is growing more challenging: “As a general comment, cyber security is becoming more and more important because of the burgeoning business in ransomware. Every day now, it seems, there is a well-known business being attacked and having problems.” Despite this, he sounds optimistic that more companies are taking the problem seriously, not least with regard to backup, which he indicates has been historically under-prioritised in some sectors.

But now, he says, “it is a daily conversation with prospects, and it tends to involve not only backup admin and infrastructure managers – you are also getting the input of CIOs and CTOs. In fact, it’s really a number one or two focus for every prospect we speak to these days.”

Snell also points to the work of a US organisation called Sheltered Harbor, indicating that it could provide a template for other countries and sectors to follow. Its purpose, says its website, is “to protect customers, financial institutions and public confidence in the financial system if a catastrophic event like a cyber attack causes an institution’s critical systems – including backups – to fail”. According to Snell, “we have been talking to prospects on this side of the Atlantic who have heard of Sheltered Harbour, and I think we are going to see even more customers who look at [its approach] and think that it would be a good thing for us.”

Meanwhile, Cobalt Iron continues to evolve its own solutions for SaaS-based enterprise data protection. In February the company announced the granting of a patent on its technology for dynamic IT infrastructure optimisation in response to cyber threats. Geared towards providing new capabilities for the Cobalt Iron backup platform, the patent covers means by which Compass will automatically reconfigure IT infrastructure when cyber threats – such as  ransomware attacks – are detected.

Based in the US but with a global reach, Utelogy Corporation is a leading provider of intelligent management, monitoring and software that delivers analytics and control to AV and unified communications. According to senior director Nicole Corbin, it’s the recent pronounced trend towards remote working that has generated new security worries for many businesses in the AV space.

“One of the most detrimental things to a modern organisation is the lack of cybersecurity,” she says. “The key reason we have seen this worsen over the past couple of years has primarily been caused by the shift to remote and hybrid working. This unveiled a lot of issues with how cybersecurity measures were implemented and made available such as secure at-home networks, VPN access, and the unforeseen cybersecurity issues that came with remote video conferencing.”

DDOS, ransomware and phishing attacks are among the types of malign cyber activity, all of which should be a “primary concern of any organisation which has some sort of IT infrastructure deployed”. In terms of Utelogy’s own protective measures, Corbin says: “Utelogy takes security very seriously both for our business as well as the products we create. This includes (but is not limited to) having a secure network and VPN, enabling DLP [data loss prevention] software, implementing roles based authentication policies, and complying with industry standard data protection regulations. We also provide mandatory annual security training for all employees and conduct tabletop exercises to ensure everybody is well-prepared for any such attack.”

As well as ensuring compliance with the voluntary US customer data management standard SOC2, a “holistic approach” has made it possible to “meet and exceed” various industry standards. Corbin notes: “We have ensured our products are up-to-date with secure authentication methods such as SSO and MFA, comply with GDPR, are scanned for vulnerabilities on a daily basis, and offer native N+1 High Availability, which provides redundancy across geolocated data centres to ensure the Utelogy platform is continuously available and active – thus saving time, avoiding lost revenue, and combating the threat of data loss.”

Despite her concerns about the recent increase in the AV sector’s cyber vulnerabilities, Corbin does indicate that things are moving in the right direction. The overall security situation “has become more prominent [and] companies are taking measures to correct this.” The ongoing shift towards “re-envisioning the way we work [through remote or hybrid approaches means there is a need for organisations to] implement better, stronger and safer methods to protect employees, the business, and ultimately the end-user.”

Muhammad Rehman, VP product management at security and audio-visual content delivery specialist Edgecast, also believes the overall outlook for cyber attacks is becoming more challenging. For instance, he pinpoints the impact on consumer services: “Cybercrime is increasing, with the risk of broader and more powerful attacks on a variety of consumer services intensifying. Frequently exploiting major sporting and entertainment events to launch attacks, criminals pose as brands to steal account credentials, financial information, and trick users into downloading malware.”

Drawing on the results of a recent data-gathering exercise focusing on media content services, Rehman is understandably concerned that cyber crime is still not receiving the attention it deserves. “Despite the increasing frequency and sophistication of cyber criminals’ attacks, we recently surveyed security professionals at streaming and OTT service companies. We found that less than a quarter were fully prepared for any type of cyber attack.”

In terms of Edgecast’s own developments, Edgecast Security provides “comprehensive application and data security,” says Rehman. “Our cutting-edge security solution cuts down on the time it takes to mitigate risks by allowing you to foresee the impact of change management so you can intervene to block advanced threats at the edge before they reach vital web infrastructure. Bot management solutions are a proven method for identifying and blocking harmful traffic lurking on the edge of the internet.”

This is only a brief overview of a massive and ever-evolving issue, and the fact that several companies in the AV sector invited to take part in this article ultimately chose not to do so suggests that by no means every organisation considers itself ready to discuss security measures at length. Meanwhile, with geopolitics adding evermore to the impetus behind cyber attacks, it’s increasingly apparent that only constant and comprehensive vigilance will ensure the AV sector remains one step ahead of the cyber crime gangs.