Blog

2024 Managed Detection and Response (MDR) Playbook for CISOs

Written by ForeNova | August 7, 2024

Cyber threats worsen, so businesses need managed detection and response (MDR) security solutions for incident response, threat intelligence, and compliance reporting. Security leaders, including the CIO and CISOs, recognize the value of outsourcing MDR services for continuous monitoring and quick incident response and help improve their security posture.

 

Compliance requirements in the European Union (EU), such as GDPR, DORA, NIS2, and AI Act, mandate member states to monitor cyberattacks effectively, implement countermeasures for incident response, and capture artifacts from each material breach to fulfill reporting and notification mandates.

ForeNova, an MDR provider based in the EU, understands the constant changes to the global threat landscape small-to-medium enterprise (SME) organizations face in staying ahead of next-generation cyberattacks and helps organizations meet their incident response needs.

 

Current Cybersecurity Threat Landscape in the EU

CIOs and CISOs face the reality that their attack surfaces increase as their business model changes. Organizations adopt new merging digital technologies to meet their business objectives. As new digital transformation strategies, including adding chatbots for customer success, Co-Pilot functionality for code development, and automated incident response capabilities, become more deployed, they also become part of the new cyberattack chain organization that needs to be defended against.

The Rise of Kinetic Cyberattacks

Most cyberattacks, including password cracking, denial-of-service (DoS), and account takeovers, do not harm people. However, kinetic cyberattacks do.

CIOs and CISOs continue to see a rise in kinetic attacks, including accessing medical devices, which alters their operational capacity. This alternation could physically harm the device's user. Attacks against SCADA devices, water treatment centers, and solar panel farms are kinetic attacks.

As traditional IT crosses into operational technology (OT) networks, kinetic attacks will cause damage to both environments.

 

 

Data Exfiltration from Medical devices, IoT sensors, and Robotics

IP-enabled medical devices, Internet-of-Things (IoT) sensors, and robotics continue to grow across the EU. These devices change how people receive medical treatment, automate farming techniques, and build cars. Even with these advancements in their respective fields, these devices also create larger attack surfaces for hackers.

These sensors generate a sizable amount of data, which is valuable to the firm and to hackers. Accessing this data gives hackers inside information about how the devices function. This insight also exposes vulnerabilities hackers can exploit, including remotely controlling the device.

Brute Force Attacks Against Legacy Security Adaptive Controls

Even with the constant increase in complex cyberattacks powered by adversarial artificial intelligence (AI) and machine learning (ML) tools, organizations continue to leverage legacy security adaptive controls, including firewalls, identity management systems, and secure email gateway (SEG) devices. Hackers continue scanning for vulnerable legacy devices and adjust their attack vectors and velocity.

Cross-Attack Methods

The term "cross-attack" is commonly used to describe the combination of two attack vectors into one. Email phishing attacks usually start with another attack method. Social engineering helps contact the victims of email phishing attacks. Cross-attack methods, also known as kill chains, leverage several attack vectors. Denial-of-service attacks, Brute Force attacks against identity management systems, and browser attacks are very potent cross-attack methods.

Botnet, AI, and Deepfake

EU organizations, including SMEs, governments, and the military, have realized these attack problems. Botnets simulating actual users, especially regarding the manipulation of our online surveys and elections, are a troubling trend. Botnets powered by AI become even more difficult to detect. AI has extended more tools for hackers to alter their botnets faster if they become blocked.

AI also plays a role in creating deepfake content. Images, voices, and text all become victims of deepfake. A picture of a politician appearing in front of a crowd is non-existent, a singer's voice becomes recreated, and text content becomes altered because of deepfake.

Critical Infrastructure

Throughout the EU, critical infrastructure, including nuclear power plants, wind turbine farms, and water systems, continue to become a target. Many of these systems have deployed next-generation cybersecurity protection systems, including AI-enabled NGFW, advanced email security, and XDR. Several critical infrastructures are still on legacy operational technology (OT) and industrial control systems. Many of these legacy platforms continue migrating towards IoT architectures and devices to help reduce the risk. Even with the migration to IoT, these devices are vulnerable to cyberattacks. 

What is Cyber Diplomacy in the EU?

Cyber diplomacy continues to become a focal point for CIOs and CISOs in the EU. Many cyberattacks continue to cross borders throughout the EU. Even with EU compliance regulations to govern cybersecurity, excellent partnership, coordination, and cooperation are paramount.

A well-known project initially funded by the German Foundation for Peace Research (DFS) and the German Federal Ministry of Education and Research created "The Cyber Normative Power of Factual - Cyber Diplomacy and State Practice."

The foundation of this project is to understand better how each member's state leveraged cyber operations while creating a positive sharing model to help promote cross-border coordination.

Updated EU Compliance Regulations for 2024

In 2024, several EU compliance mandates were introduced or updated from a previous release.

AI Act of 2024

“The European AI Office, established in February 2024, enforces and implements the AI Act with member states. It ensures AI technologies respect human dignity, rights, and trust and promotes collaboration, innovation, and research in AI.

It also engages in international dialogue and cooperation on AI governance for global alignment. The European AI Office aims to position Europe as a leader in ethical and sustainable AI development.”

The AI Act includes rules for transparency, risk management, testing, incident reporting, and cybersecurity for AI models.

NIS2

The NIS2 Directive, implemented in 2023, updated the EU cybersecurity rules introduced in 2016, enhancing the legal framework to align with the growing digitization and ever-changing cybersecurity threats. This update broadened the coverage of cybersecurity regulations to include additional sectors and entities, ultimately enhancing the ability of public and private organizations, competent authorities, and the EU to respond effectively to incidents and improve resilience.

DORA

“The Digital Operational Resilience Act (DORA) is an EU-wide directive that will become fully enforceable in 2025.” Its goal is strengthening cybersecurity readiness and protection, specifically for the financial sector. DORA applies to all credit institutions, payments, and account information service carriers. The directive published several network and system security requirements that all financial institutions must implement.

These requirements include:

  • Risk management
  • Incident reporting
  • Digital operational resilience testing
  • Information share.

Digital Violence Act (Germany)

“The European Digital Services Act (DSA) will apply to all online platforms starting February 17th. This law will replace the German Network Enforcement Act (NetzDG), which addresses hate crimes on social media in Europe. Users in countries with previous regulations will benefit, but German users may need help to overcome setbacks. “

Digital Services Act - DSA (Germany)

Users shopping online or browsing for The EU Digital Services Act (DSA) ensure this trust. “The DSA requires action against illegal content from digital service providers. Major platforms must comply by August 25, 2023, as monitored by the EU Commission. All other operators will need to comply by 17 February 2024.”

In Germany, the Bundesnetzagentur, the federal network agency under the Digital Services Act, will monitor compliance.”

How do MDR Services Support EU Compliance Mandates?

All EU mandates require organizations to monitor their systems, devices, and data to ensure they implement the best practices for keeping personal information safe. These mandates also require continuous monitoring, incident response, compliance notification, and reporting. Organizations lacking funding and access to security operations engineers will benefit from engaging an MDR provider like ForeNova.

ForeNova's MDR and managed SIEM solution align well with these EU mandates. Organizations struggling to meet the security reporting and maintenance requirements of their cybersecurity prevention architecture must develop an economic and technology use case.

CIOs and CISOs Building an Economic Case for MDR Services

Developing an economic and technical case to help fund an MDR engagement begins with the organization's leadership understanding their respective firms' obligation to meet the various EU compliance and regulatory mandates.

  • Does the organization have the needed funding to hire and retain the correct amount of SecOps engineer resources to staff a 24x7 operation?
  • Does the organization have the financial resources to scale up its security operations, addressing the growth of cyberattacks while reducing staff burnout?
  • Does the organization set aside funding to prove the current cybersecurity protection architecture and support systems in the future?
  • Does the organization expect increased cyber insurance premiums because of losses sustained during the recent ransomware attack?

These foundation questions help organizations determine whether they have the funding to staff their SecOps team or whether they should consider an MDR engagement with firms like ForeNova.

Answering no to any of these questions often leads an organization to consider an MDR engagement as the only way to meet its compliance and regulatory requirements.

Conclusion

EU organizations recognize the need to create agile cybersecurity architecture, including incorporating AI and ML defensive tools to stop cross-attacks. AI tools used in extended detection and response (XDR) leverage AI to detect better early signs of cyberattacks from captured security telemetry from different endpoints, hosts, and network devices within the enterprise network.

Without MDR capabilities or capital investments in human capital, monitoring solutions, and automated incident response,   most SMEs in the EU face countless fines and lawsuits for failing to protect personally identifiable information (PII), financial information, and healthcare data.

Why ForeNova?

ForeNova's MDR offering, along with its various consulting and assessment services, helps empower organizations with the knowledge to help develop a more robust approach to cybersecurity, reduce the potential impact of next-generation attacks, and reduce the cost of security operations. Cybersecurity experts understand the complex world of SecOps, compliance, and risk. Their in-depth knowledge helps their client meet their security obligations.

Interested in adding MDR to help augment your current security operations (SecOps)?

Click here to schedule an initial discussion with the MDR experts at ForeNova.