5 Questions with Niall Tuohy, Viatel Technology Group’s Newly Appointed Security Lead
Niall Tuohy has joined Viatel Technology Group as Security and SD-WAN Product Manager. We sat down with Niall to learn more about the wealth of experience he brings to Viatel, the security challenges facing businesses and what is on his radar for the future.
1. Tell us about your professional journey. What path led you to your new role?
I have been working in the telco/techco space now for almost 20 years but when I started it was really only supposed to be an interim role. I have always had an interest in technology in general and I have seen first-hand the evolution and growth of cyber threats and cybersecurity in general. 20 years ago, 3G technology and the capability to access the internet from a mobile device or end point was new to most but now we live in a world where we have an expectation of being able to connect everywhere and even our homes and appliances have become connected locations and this has also been a driver in the growth of cybersecurity. It’s fascinating to see how cyber crime morphs and changes so quickly in order to exploit even the smallest opportunity.
2. Of the many menaces out there, what do you consider the biggest current cybersecurity threat(s)?
Ransomware attacks are one of the biggest challenges out there. Ransomware is a type of malware that encrypts files and demands a ransom payment in exchange for the decryption key. Ransomware attacks have become increasingly common and sophisticated, targeting both individuals and organisations. Itcan have devastating impacts on a business, not just with the encryption of data but can and is brand damaging as we have seen in the media on numerous occasions.
Phishing is a social engineering technique in which attackers use fraudulent emails, text messages or websites to trick users into revealing sensitive information such as login credentials or financial data. End users can also be included as one of these threats as usually it involves someone clicking on a link or an email as they believe they have been sent it in good faith.
Supply chain attacks are also increasing and involve targeting a third-party vendor or supplier to gain access to the networks of their customers. These attacks can be particularly effective because they allow attackers to bypass traditional security measures.
3. Most companies are painfully aware of the need for cybersecurity measures. What are the biggest challenges they face in implementation?
Many companies struggle with limited budgets, staff and time to devote to cybersecurity. This can make it difficult to identify and implement the necessary security measures to protect their systems and data. When budget and resources are available, the challenge can be deploying solutions correctly and utilising their full capabilities. Having multiple different platforms and management portals can bring its own headache though so correct consolidation and interoperability is crucial.
For smaller organisations, where in-house resources and expertise don’t exist then the challenge is even greater to understand what you need to implement in the first place.
Many companies are still using legacy systems and applications that may not be compatible with the latest security protocols. Upgrading these systems can be costly and time-consuming, and companies may not have the resources to do so.
4. Security is everyone’s responsibility. Do you have any tips or advice for organisations on how to communicate cybersecurity risks and best practices to all their team members?
Communication and awareness are key to fostering a culture of cybersecurity within an organisation.
Employees need to be trained regularly on how to identify and respond to potential threats such as phishing attacks, social engineering tactics and other cyber threats. This should be an ongoing process rather than a one-time event.
When communicating cybersecurity risks and best practices, use clear and simple language that everyone can understand. Avoid using technical jargon that may be confusing for non-technical staff.
Use real-life examples of cyber-attacks and data breaches to illustrate the importance of cybersecurity and the impact it can have on the company and its customers.
New employees should receive cybersecurity training as part of their onboarding process. This will help to ensure that they understand the importance of cybersecurity from the outset and are aware of the company’s policies and procedures.
5. What are the three biggest things on your radar for the future of security (new threats, emerging technologies, regulations and legislation etc)?
Whilst new threats will always continue to emerge and technology is advancing especially in the area of AI, deployment concepts, methodologies, frameworks, potential regulation and legislation is becoming an area of much interest.
The Zero Trust methodology, coined by John Kindervag, is a security framework that assumes that all devices, users, and applications are potential threats and should not be trusted by default. Instead, Zero Trust requires continuous verification and authentication before granting access to sensitive resources. This approach offers significant benefits in terms of security. By segmenting the network and only granting access to resources on a need-to-know basis, Zero Trust can reduce the organisation's attack surface, limiting the potential impact of a breach and therefore reducing the impact an end user can have in their contribution to a security breach.
Another regulation that is being explored in Ireland is the Cybersecurity Act, which is designed to improve the overall level of cybersecurity across the EU. The act includes provisions for a certification framework, which will allow companies to demonstrate compliance with cybersecurity standards. Additionally, NIS (2016/1148) is now replaced by NIS2 (2022/2555). The new directive strengthens and expands the scope of the original NIS Directive, with a particular focus on critical sectors such as energy, transport, banking, and healthcare. The NIS2 Directive also includes new provisions for incident reporting, cybersecurity certification, and cross-border cooperation.
NIST, CIS and ISO27001 are also a hot topic.
CIS (Centre for Internet Security) controls are focusing on technical implementation to harden your cybersecurity whilst ISO 27001 is the international standard for information security. Its framework requires organisations to identify information security risks and select appropriate controls to tackle them. NIST (National Institute of Standards and Technology) is planning significant changes to its Cybersecurity Framework (CSF) – the first in five years, and the biggest reform yet. One notable change is who the framework is aimed towards. US Congress has explicitly directed NIST to consider the needs of small businesses and higher education institutions, beyond its original target demographic of critical national infrastructure organisations (in utilities, telecoms, transport, banking etc)
To speak to Viatel Technology Group about your corporate cybersecurity, call 01 256 9200 or email firstname.lastname@example.org