The rise of cybercrime has affected every citizen and business, but there are steps companies can take to minimise their exposure and be confident in their protection.
Our work with organisations has shown us first-hand that attacks are increasing in their sophistication and that a multipronged defence is proving effective. Here are the five steps we recommend to all companies who want to strengthen their cyber defences:
1. Accept that risk has increased (and budget accordingly).
The spike that we are seeing in cybercrime is real. It’s driven by the fact that criminals know there’s money to be had and they’re reinvesting in building their capabilities. It’s now estimated that an attack is executed every 1.1 second, up from one every 39 seconds a decade ago1. In 2021, we’ve seen an uptick both in the number of companies affected compared to last year, and the number of companies investing in detection and rapid response. Companies need to accept that the level of cybersecurity investment now needed is higher than in past years, both in terms of people skills and in systems and tools for protection, detection and response.
2. There’s no substitute for a total focus on cybersecurity.
Companies who’ve made cybersecurity a secondary responsibility of their IT manager need to think again. Whether it is managed internally or through a partner organisation, whoever is responsible for your cybersecurity must have a deep understanding of current risks and remedies, and it really needs to be their full-time job. Doing cybersecurity effectively takes a certain mindset and total focus; ideally the person in charge shouldn’t also bear primary responsibility for your day-to-day IT operations.
3. Toolsets have evolved thanks to automation.
As cyber-attacks evolved over the past few years, traditional cybersecurity tools started to lag behind. If a threat was detected an alarm triggered and humans had to investigate whether a breach was occurring – often this resulted in discovering a breach only when it was too late. Now, automation and orchestration have addressed some of that challenge. While human intervention and expertise is also required, SOAR platforms (security orchestration, automation and response) can make your human teams more efficient by prioritising and automating investigation and response activities.
4. Remember, attackers are using automation too.
Forensic examinations of hacks have revealed the extent to which attackers have upped the ante. Cyber criminals are bypassing systems, deleting backups, reformatting disks, and using automation of their own, such as monitors that identify security responses and automatically react. Large hacks may be orchestrated by one entity who outsources elements of the attack to specialists, such as malware authors and breach specialists who secure entry into a corporate network and then hand over to another team who will dig in and move laterally through systems. Incursions can take months. Attackers are patient, relentless and highly incentivised. Many victim organisations of ransomware pay up, with payments averaging nearly €190,000 per attack as of the end of 20202.
5. Align to a recognised security framework, even if it takes time.
Aligning IT operations to a security framework like ISO27001 is a good medium-term goal for companies to work towards, but may need a step-by-step approach. Trying to enact a lot of new policies at once can be disruptive and employees may not get on board. A good first step for an organisation is to look at the Cyber Essentials standard, which can help build a level of company-wide awareness and competence. The five basic security controls taught by the standard are said to protect against 80% of common attacks.
A managed security service can act on your behalf.
As companies increasingly move their data to cloud services outside the office walls, they may lose visibility of their information. That’s where a managed cybersecurity service – involving specialists who are always watching your systems – can really pay dividends, as it gains back some of that visibility for you.
We have seen that our customers who have a managed security service, wrapped around a software solution such as SIEM (security incident and event management), have withstood attempts to breach their systems. We recently watched in real-time as attackers tried – and failed – to breach one of our customer’s systems from within a partner organisation who’d been hit by ransomware
Whatever action you take next in regards to your cybersecurity, remember the goalposts continue to move as attackers get bolder. If ever there was a time for cyber defence to become a boardroom priority, it’s now.
Find out more about Evros managed security services here.