Unlocking the Secrets of Cybersecurity: Insights from our Cybersecurity Preparedness Event
Recently, alongside our colleagues at Pro Liverpool and Sophos we brought together two industry experts to share their cybersecurity insights and help our attendees unlock some of the secrets of effective cybersecurity. Gardner CTO Paul Stringfellow and Sophos’s Jon Hope shared their knowledge on the changing landscape, the latest data from Sophos’s annual State of Ransomware report and what you can do to prepare your business.
The changing landscape
Cybersecurity threats continue to evolve.
The way we work
Our workforce is more mobile, no longer just confined to the relative safety of our business IT infrastructure. It is mobile and wants to work from anywhere, with continuous access. These changes alone has altered the way we operate and introduce new opportunities for cybercriminals.
Change in infrastructure
To meet the needs of the changing workforce organizations have changed infrastructure. No longer is it just in the data centre. Now it incorporates SaaS solutions, the public cloud, co-location facilities and services delivered by third parties. Bringing more complex environments to manage and secure.
Attack Service has Grown
This changing environment and supporting infrastructure present new attack surfaces. Cybercriminals no longer need to try to target well secure enterprise data centres. Instead, they are looking for insecure devices, user credentials, poorly protected third-party services as much easier ways of breaching security for malicious purposes.
Technology does not stand still; organizations are embracing operational tech such as IoT and increasingly generative AI like ChatGPT. All of which has changed and broadened the places a cyber attacker can target.
The changing attacker
It is not only us that has changed, but cyber-attackers have also changed with us. Attackers are professional criminal organisation who operate like any large money-making business. They sell their services to any bidder lowering the barrier to entry to build a cyber-attack. Just like any growing business, they are also exploiting technology to be more efficient and effective. Using long-term reconnaissance to feed their own analytics engines to better understand how to craft attacks against targets.
People: They target our people to steal credentials. Because as a way to gain access into an organisations system is so much easier than “hacking” their way in.
Data: In most cases our data is the target. This maybe to make it inaccessible (Ransomware), to steal it (so it can be sold) or to do both.
Money: the goal is often financial. Looking at ways to extort or “con” money from victims.
The trends that were discussed are not hypothetical as we saw from Sophos’s research in their State of Ransomware report (you can request a copy from here).
We can see that ransomware remains a huge issue, with all key numbers continuing to rise including the average incident recovery cost, now at $1.82m.
Am I a Target?
In terms of targets criminals were indiscriminate in their attacks, with company size having little impact on whether organizations are hit or not. Although education did stand out with an increased level of targeting, this is mainly in recognition of the amount of “interesting data” that education holds and the reality that their cybersecurity funding and protection maybe less effective than the commercial sector.
While organization size and industry made little difference, turnover did play a part in the likelihood of an attack. Companies with the highest turnovers (+$5bn) were more likely to be hit, with 72% of companies that size having had a ransomware attack, than those with lower turnovers. This did not mean there was no chance of being attacked in fact over half (58%) of those with turnover of less than $10m had seen at least one attack.
Time to recover
Another interesting stat from Sophos’s research was how long it took to recover from an attack and whether recovering from backup or paying a ransom had much impact. For those who recovered in the first month after an attack, there was little difference in method used. However, where companies tool longer than this to recovery, it was more likely they were having to recover through paying the ransom.
It should also be noted however, that while backup versus ransom didn’t make a huge difference in time. It did make a difference in quality. Those paying ransoms were not guaranteed to recover all data and were more likely to suffer further attacks.
Another concerning stat was that recovering from an attack did not mean the end of the incident. Sophos reported that 30% of attacks in 2022 were “double jeopardy” attacks, where not only was data encrypted it was also stolen. The logic here was that even if an organisation didn’t pay to decrypt data, that data could be either sold or ransomed again with the threat of leaking that data if ransoms were not paid.
What to do
Knowing the size of the problem is helpful, but steps can we take to reduce the cybersecurity threat.
People, process, technology
There is no one magic button that fixes all cybersecurity issues. Rather to effectively deal with the challenge requires focus on three key areas.
Having good processes around areas from acceptable use policies to cyber incident response will make a significant difference. For companies who have not worked through Cyber Essentials, this is a great starting point to help build some basic processes to improve security posture.
Not only are our people a risk but if we educate them and give them the right security focussed environment, they can become our most powerful defence. Educating users about threats, creating a supporting security environment and a security culture will help engage your people and significantly improve your cybersecurity defence.
This is probably the least important part of an effective cybersecurity posture because if the people and processes are wrong, technology can only do so much. The right tools do play a part and will help identify risks and potentially stop threats before they cause to much damage. When choosing security technology organisations should consider.
- Tools that offer broad security coverage.
- That use intelligence and analytics to provide proactive protection and rapid response.
- If you don’t have internal security skills look at managed services.
The cybersecurity threat is evolving as rapidly as ever, threats are constant and complex. But as Paul and Jon shared you can take steps to better prepare your business to deal with it and reduce the risk and impact of any potential cybersecurity attack.
Want to learn more about cybersecurity and ever evolving world of technology? Checkout the tech takeaways podcast – Podcasts – Gardner Systems
Need some more information on if what you’re doing is keeping you safe online? Message us for a free audit call! – About Us – Gardner Systems