Matt Aldridge, pictured, Principal Solutions Consultant, OpenText Cybersecurity, discusses how businesses can weather the current cyber storm.
There is no denying it – cyber crime is on the rise. The year 2023 has so far brought a seemingly endless wave of notable data breaches and cyber-attacks, impacting over 100 organisations across a range of industries. That figure is likely to be even higher when considering those that haven’t been publicly discussed.
At the same time, many organisations are looking to save money where they can amid economic uncertainty – which involves re-assessing priorities on the corporate agenda. It’s often tempting for business leaders to look towards tech to meet these cost cutting targets.
However, with cybercriminal activity continuing to rise, it’s clear that cybersecurity is one area that businesses simply cannot afford to shave. Criminal tactics are also shifting – with the rise of new concepts such as malware-as-a-service (MaaS) emerging. This concept is like Software-as-a-Service (SaaS), where customers pay to access software over the internet instead of buying and maintaining the software themselves. In the same way, with MaaS, criminals can pay for access to malware and cyber-attack infrastructure. This can be done through a subscription model, or on a pay-per-use basis – and means that attacks are becoming rifer as it allows those without the technical expertise the ability to launch attacks in a sophisticated and targeted way.
With attacks evolving and the global annual cost of cybercrime predicted to top $10.5 trillion by 2025, cyber professionals across both the public and private sectors are left asking: are we getting anything wrong? And what can we do better to stem the tide?
You can’t fix what you don’t know is broken
According to recent research, nearly half (46 per cent) of SMBs have experienced a ransomware attack over the past 12 months, yet 67pc still don’t believe they are a likely target. I believe this is where many cybersecurity issues stem from. If businesses do not view themselves as a target for cyber-attacks, they will not be taking the right steps to put protection in place.
A good place to start is conducting a cyber audit. This should involve bringing in a managed service provider (MSP) to do an internal audit of business systems and to report on the company’s weaknesses and strengths. This audit should serve as the backbone of a company’s cybersecurity reform efforts and — depending on the MSP — may even provide a security certificate that can be used for marketing purposes to differentiate the brand from competitors.
In the UK, the National Cyber Security Centre has recently launched its “Cyber Action Plan” as part of its latest cyber awareness drive for small/micro businesses and sole traders – if you need an independent, trusted place to start this is definitely worth a look. As well as great advice, it includes some basic automated checks to help highlight key areas of concern such as website and browser security, and it will also soon be able to do some checks on your email security configuration.
Building up cyber resilience
To combat the creative angles of cyber-attacks, it is vital that businesses focus on increasing their cyber resilience once they know where the gaps lie. At the heart of this is employee education – which underscores all effective cyber security strategies. To mitigate against the latest cyber threats, organisations need to be implementing security awareness training and phishing simulations to ensure employees know how to spot the latest scams. Employee awareness and vigilance is the most powerful tool in the cyber resilience kitbag.
As companies continue to operate with their workforce geographically distributed due to hybrid working, it’s also imperative that they ensure sensitive data is protected. In a world where new cyber risks and dangers are evolving at compute speed, companies need to make sure they have methods of recovery in place to ensure they can deliver continuous business operations if the worst does happen.
This should involve having secure cloud backup and Disaster Recovery as a Service (DRaaS) solutions in place to ensure that the business has comprehensive data protection for any type of data, on any system and across any environment. These tools should provide IT professionals confidence that they can restore business data quickly and reliably, store and transmit data securely, extend protection as environments change and provide long-term survivability of historical data.
Consider a zero-trust approach and embrace the latest technology
As the cyber landscape becomes more complicated each day, it’s important for businesses to consider the latest industry best practices to build up their cyber defences and stop attacks. One of these is a Zero Trust driven implementation of a cyber resilience framework – which provides a great solution for improving security posture and reducing risk.
Zero Trust techniques help detect or thwart lateral movement across the network by continuously validating every stage of a digital interaction between a user and the network. This means that if a cyber attacker does gain access to the corporate network, they are less likely to be able to move around inside and cause more damage. Compromises cannot always be prevented, even in a resilient environment – so having careful network segmentation and isolation is important to ensure business continuity if a breach takes place.
With 60% of IT teams admitting they are not fully confident that they could fend off a ransomware attack, businesses also need to embrace the latest technology to help aid their cyber defences.
For example, using AI is no longer an optional improvement for cybersecurity professionals, but an essential instrument that expedites and improves many processes, such as automated security processing and threat detection. Considering the rise of AI-enhanced cyberattacks, the only way to maintain security is by incorporating AI into threat recognition systems in to cope with the increasing sophistication and intelligence of cybercriminal techniques.
Overall, great advancements have been made in technology and it’s essential that businesses start investing wisely and using these tools immediately to prevent future cyber-attacks. By choosing technology vendors with long-standing experience, proven solutions, and demonstrated expertise in the areas where the organisation or person in question needs guidance or service, businesses and individuals can further close the gaps in their security and recovery line-ups – achieving ultimate resilience against the latest cyber-attacks and data loss.
More reading : see the OpenText Security Solutions 2022 Global SMB Ransomware Survey.
