Attempted cyber attacks continue to rise, according to the Business Continuity Institute (BCI) Cyber Resilience Report 2024.
The BCI introducing the report says that its annual Horizon Scan report including in 2023 report give cyber crime as the greatest future risk. As for this Cyber Resilience study, the BCI says that the potential for significant financial and reputational fallout in the event of a cyber attack means that senior management and boards are becoming heavily invested in cyber security; ‘and, in turn, are pushing investment into new technologies and new staff’. While phishing remains the ‘most disruptive’ threat, for example to deliver malware to staff computers – and ransomware is a particular concern for executives – ‘attackers are becoming ever more dynamic in their techniques’, according to the report.
Also raised are other deceptions, such as deepfakes, ‘increasingly being used to emulate personalities such as CEOs’, which can cause reputational (besides financial) damage. As for what can be done and what businesses are doing, the report says: “IT and cyber specialists can help implement a technical policy (e.g. investing in the right hardware and software, ensuring compliance of industry standards), whereas business continuity/resilience specialists can ensure the right processes and controls are put in place around any policy developed (e.g. staff training and exercising, ensuring continuity of services in the event of an attack).”
Hence also organisations are using tools such as security information and event management (SIEM), endpoint detection and response (EDR), and internet Protocol (IP) alerts, to identify threats earlier. And more are taking up cyber insurance as ‘a financial safety net’.
A survey of BCI members found awareness and training was highlighted as the top priority by most, 79.4 per cent of respondents, ’emphasising the critical role of well-trained staff in defending against cyber threats. By fostering a culture of cybersecurity awareness, organizations can significantly reduce the risk of human error’.
Rachael Elliott at the BCI stressed how quickly the cyber security landscape can change. She said: “We are seeing how global conflicts are now no longer confined to the battlefield and are played out in the cyber environment, while AI-technologies are not only helping to craft attacks, but are also becoming part of social engineering techniques where, for example, deepfake technology can help make an attack appear credible.
“As attackers become more skilled and attack vectors advance, it is concerning that less than two-thirds of those surveyed report their organization carries out regular training and exercising to ensure staff are cyber aware. Training should not only be frequent, but programmes should continually evolve so they capture new types of attack and the evolving vectors that criminals are developing.”
Background
The BCI points to the recent supply chain cyber attack that disrupted London hospitals via the laboratory pathology service Synnovis. The BCI runs a Cyber Resilience Special Interest Group.
Read more
You can freely download the report, and others from the BCI, and an article on cyber resilience by Italian consultant Federica Livelli; if you sign up online; you don’t have to be a paying member. Visit https://www.thebci.org/resource/the-bci-update-series–cyber-resilience-report-2024.html.
