Firstly, let’s take a look at the current state of cyber security and how changes this year have influenced how organisations maintain cyber resilience.
Many organisations re-introduced their employees back into office workspaces following just over a year of remote working. Working from home for many employees and businesses has improved work-life balance and boosted performance. This sparked the trend of hybrid working, where working hours are more flexible and employees can do their job between home and the office. Cloud systems have become critical across all departments to facilitate this culture shift and in turn, have increased the number and variety of cyber threats.
Employees continue to pose the largest cyber risk in every organisation. Cybint now report that a staggering 95% of breaches are caused through human error. This has risen from 90% since we first reported this in 2016. Regardless of the technology in place to protect against phishing emails, malware and ransomware, attacks can still make their way through to staff members, leaving it to them to not make a mistake and put security at risk.
Ransomware continues to ravage organisations everywhere in the world. Though research from Coveware suggests that things are starting to change in the way organisations react after being infected. Ransomware payments decreased by 34% towards the end of 2020 to $154,000 (around £112,800), with more organisations realising that paying a ransom to recover stolen files rarely means they will be fully recovered. More organisations are now focusing on ransomware protection through prevention and backups.
So, what measures have we seen organisations take for better protection and cyber resilience? Here are our top 4 areas to address.
Security awareness training and phishing testing for employees
This has by far been the most popular measure organisations have taken this year to protect against the main cause of breaches. With employees working from home at the start of the year, and now hybrid working, there has never been a time where reliance on employee awareness has been more critical.
By providing cyber security training and ongoing phishing testing, staff are kept vigilant and up to date with the latest threats. Ultimately, running a security awareness training program keeps security front of mind and significantly improves cyber resilience. We see this as the most beneficial investment an organisation can make to tackle cybercrime and reduce the risk of experiencing a security incident.
We’ve also noticed a customer shift from self-managed, in-house solutions to fully managed, partly due to the time and resource constraints. We’ve helped hundreds of customers this year to deploy a fully managed security awareness training and testing service that works for them.
Understand when and where threats arise
The concept of a security operations centre is still fairly new and can be defined differently depending on whom you talk to. What cannot be disputed though is the importance of threat monitoring, detection and response. A Managed SOC is the answer to consolidating all your threat monitoring into a single platform, with 24/7 support available. The myth is that these types of services are highly bespoke, expensive, require a SIEM and are only available to the largest enterprises. This is simply not true.
In September, we unveiled the beta for our own Security Operations Centre. Our mission is to provide the quality and features of an enterprise level SOC for a fraction of the cost, fully managed. We see this as an essential investment for any organisation that has multiple cloud services which require monitoring, and have made it accessible for all, regardless of size or turnover.
Find out more about our Managed Security Operations Centre here.
Test the resilience of your cyber security posture
Vulnerability exposure should be the first consideration in your organisation’s security strategy, as without it, everything else you have in place won’t protect you. In the past, Vulnerability Assessments usually comprised a one-off scan and report that highlighted your weaknesses at a single point in time. When technology advances so rapidly nowadays and new cyber threats are born every day; this is no longer a plausible means of protection. Vulnerability Assessments need to be run on a more regular basis to ensure that your systems and applications are constantly secure.
We supply on-demand Vulnerability Assessments and IP scanning that can be run by your organisation at the click of a button. We can run assessments on just those systems that have been highlighted as a high risk to provide you with regular updates on your progress to mitigate any of those specific areas.
You should also consider Penetration Testing to learn where your cyber resilience can be improved. Like Vulnerability Assessments, Penetration Tests were once only available as a one-off. The results of a test would highlight weaknesses and help you to understand how much damage could be done by an attacker at a single point in time. As threats evolve and new exploits are found, it can be difficult to know how secure your systems are on a more regular basis.
Our Penetration Testing services operate continuously, at an unprecedented scale, providing complete protection all around the clock. With a combination of artificial intelligence and a team of over 1,500 experienced ethical hackers, our Penetration Testing has proven to provide four times higher ROI than traditional Penetration Testing, three times more time spent on targets than traditional Penetration Testing and a 20% reduction in failed patches due to patch verification processes.
Prevention-first approach to endpoint security
For years, endpoint security products’ primary threat protection was based on signatures, created after patient zeros were impacted and the damage already done. Assuming all attacks had been seen before, using signatures made sense. Today, Malware mutates daily, even hourly, making signature-based prevention tools obsolete, and creating the need for a stronger prevention-based approach to endpoint security.
The past 5 years have seen the inception of ‘next-generation’ endpoint security, where artificial intelligence is used to identify and suppress threats before they execute, with additional measures that limit the need for human interaction, an internet connection and sandboxing. The shift to hybrid working has multiplied the number of devices and endpoints used for work purposes, increasing the need for better antivirus and ransomware protection.