On 26th April we hosted our hugely successful cyber security event on business preparedness at The Old Hall, Liverpool. Gardner CTO Paul Stringfellow was joined by Sophos cyber threat landscape expert Jonathan Hope. If you couldn’t make it down, don’t worry! We’ve summarised the event in this blog.
Jon has been at Sophos for over 11 years, during which time he’s enjoyed numerous roles in firewall, channel, and sales engineering. Like us, he’s committed to keep businesses and their users protected from online threats. His experiences and knowledge were a great boon to the event, offering attendees unique insights into how businesses can be better cyber-prepared.
Session 1 – Gardner Systems CTO Paul Stringfellow
To set the stage for deeper discussion, it’s first necessary to talk about the complexity of modern cyber-attacks. A major contributing factor is the growing professionalism of the hackers of today. It’s essentially a constant arms race between criminals and cyber security companies like Gardner and Sophos. As security software continues to be developed better and better, malware is created to counter the advances in business protection.
Security technology does continue to evolve to meet the speed and dynamism of the threat. Detection and response technologies are good examples whether that’s Endpoint (EDR) or eXtended (XDR) these tools are designed to simplify the process for overstretched businesses, by using analytics to more accurately identify threats and importantly automate their mitigation. However, these tools still require internal resources to manage them and that is a significant challenge for many. This has seen providers of these solutions increasingly offer managed versions of them (MDR). This allows businesses to add teams of dedicated security professionals to their cyber security efforts. Allowing them to react to security threats 24/7, because of course the reality is, it’s a 24×7 threat.
Session 2 – Sophos cyber threat landscape expert Jonathan Hope
In Jon’s session he shared how in the current cyber threat landscape, ransomware remains a top issue for businesses. The continued prevalence of the threat is driven by the changing threat landscape. Today, criminals have the option of purchasing as-a-service cyber-attacks. Buying readymade attack platforms or even contracting criminals to deliver the attack for them.
Because of the ever-lowering cost of carrying out attacks for the cyber-criminal this has seen an evolution in the types of organisations attacked. Unfortunately, this tends to be organisations that are unlikely to be able to pay the ransom, such as public sector organisations and SMEs. This in turn, means the landscape is broad and businesses from any sector can be affected.
Jon also shared some of the changing techniques used by cyber criminals. The social engineering vector is one that is constantly evolving. For instance, phishing emails might reference trending events to increase the likelihood a user clicks on content. He also outlined how Data exfiltration was increasingly parts of cyber-attacks, with attacked no longer satisfied with encrypting data, they are also stealing it.
Jon wrapped up by sharing some basic measures businesses should be taking to protect themselves, this included employee training and protection, server cover, and network firewalls.
With the cyber threat landscape constantly changing, organisations must come prepared to defend themselves. This includes threat detection software, endpoint protection, user training, and having a cyber-resilience response plan. The financial and reputational risks to businesses are simply too high to ignore cyber security. Gardner’s as IT service providers ourselves, we know this better than anyone.