Advanced security systems are often a must, but they would be of little help if the basics, such as training employees to identify common attack vectors, are overlooked.
Something as simple as implementing a firewall, setting up a virtual private network, or requiring employees to use multi-factor authentication can go a long way in preventing a cyberattack. And yet, such basic measures are skipped more often than one would think.
With that in mind, Cybernews reached out to Kevin O’Loughlin, the CEO of Nostra, which provides 360-degree IT management services. We discussed the importance of basic security measures and overviewed the emerging threat landscape in detail.
Nostra has grown exponentially since its launch in 2006. What has your journey been like?
We have been blessed since we started. In 2006, we started off as an IT Cloud company, but we were a few years too early, and companies weren’t ready. Then the recession hit, and we didn’t have the reserves to handle it, so it was a very difficult few years. But, with resilience, we kept going, and we ended up with the right product set coming out of the recession and the experience to deliver. Since then, our business has been steadily growing every year, and the demand for what we do is still growing on a monthly basis.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
We are a fully outsourced IT business. What that means is we can provide the design, build and support for an entire IT system, from PCs to Servers, from Cloud services to security. We would have clients from 20 to 2,000 employees and from 1 office to 100 offices all around the world. We are truly a Global IT company at this stage, with customers' offices on every continent in the world.
Our biggest challenge is keeping up with the demand of matching client needs with our recruitment team. Thankfully we are attracting a lot of great people.
What are some of the most serious problems organizations can run into if managed IT solutions are not in place?
A lot of new business comes to us when they are in crisis. Unfortunately, people don’t talk about it, but it's so serious when it happens to a business, and the impact on staff and customers is immediate. Businesses lose credibility immediately. The owners, in particular, find that hard to get their heads around. Our job as an MSP is to advise and put as many layers of IT security in place. But it’s the basics; the Windows updates, and firewall configurations that are not kept up to date that cause the most damage. It can be prevented, that’s the hard bit to accept when you realize that 100% of your team can’t work and it may be weeks before you get your IT system back online with your data.
Have you noticed any new threats arise as a result of the current global events? What details should businesses and average individuals be vigilant about?
There is a huge increase in risk. At Nostra, we have defined the current risk level as Amber. There is a scattergun approach going on, criminals use events like the war in Ukraine to pull the heartstrings and trick users into doing things they otherwise wouldn’t. The biggest risk to IT systems are the users. User Awareness Training is so important. No matter how good your house alarm is, if you open the door and let someone in, no security system can prevent an attack.
Additionally, what are the best cybersecurity tools users should have in place to combat these threats?
For any person, the key is to keep your computer up to date. Patching a PC is very powerful. Never ignore it. Two-factor authentication for email is so important that I can’t emphasize enough how important this is. If you don’t have it, I promise you, you’re vulnerable, and much more than you realize. Two-factor authentication is part of all mainstream email systems. Turn it on. Obviously, antivirus and other security tools are important, too.
In your opinion, what IT and cybersecurity details are often overlooked by new companies?
2FA – I could give more, but honestly, please, everyone needs this now! 100% of users, 100% of the time.
What are your thoughts on cybersecurity systems specifically tailored to one’s business? Is it something each organization should invest in or is it only relevant for large enterprises?
For me, there are two stages. Firstly, do the basics, as I have listed above. Having an offsite backup is the key to allowing you to recover after an attack. After you have patching, 2FA, antivirus, antispam, and offsite backup, then you can start looking at monitoring, hardening of servers and firewalls, and pentesting. In 2021, 82% of all new clients we took on had massive gaps in the basics.
In the next few years, we will all learn more about SIEM and SOC, as they become more affordable. I suspect we will have all companies deploying these, big and small.
The belief that only large companies are prone to cyberattacks is only one of the myths still prevalent today. Are there any other misconceptions regarding cybersecurity that you come across often?
All companies are at risk, most breaches we see are random, they start with a phishing email, then get into an email system, then email someone internally with a link that starts the attack. Small companies get hit more often in my view because they don’t have the defenses.
The biggest misconception I see, however, is around GDPR. A cyber breach can result in large fines, data loss, and reporting to your customers. They cause long-term client and business damage and staff can lose confidence in management. Particularly the gaps that were evident and were not acted on. Cyberattacks are massively stressful for everyone: our team fighting to get data back, business owners who don’t know if they will be able to open again.
And finally, what’s next for Nostra?
For us, next is Cloud ERP. We are currently building and investing in Microsoft Business Central ERP and we see it as being another string in our bow. We have worked with many clients in the past few years on deploying systems. Now we’re seeing where we can add real value by simplifying the process and allowing businesses to make a big move to Cloud and standardization. We are continuing on the acquisition track, but what we are doing with ERP is new, so we need to build it from the ground up rather than look at it from a legacy perspective.