March 8, 2021
We hear so much more today about cyber-crime and hacking, and it’s hardly surprising given that 46 per cent of UK businesses experienced a breach in 2020.
Over recent years, and enhanced by the COVID-19 pandemic, tech adoption by individuals and companies has grown exponentially, as has the way we consume news and media, which has changed to almost instantaneous consumption.
No matter where you are, you are connected to something via your phone, tablet, car or laptop, even if it’s just your phone on a 3G network giving out your position; every interaction is a piece of data that is now a widely valued and traded commodity.
This is the Internet of Things and it provides the largest attack surface possible for cyber criminals.
“Business data, however benign you think it is, has value – thanks to cryptocurrencies, it has become monetised on the dark web.
“The age of the data is no object either, as data can be held and used over the coming years, once new quantum computing techniques have learnt how to break today’s security.”
So, what does this mean for business? How should you react? And what are the costs?
Initially, businesses must find out the known knowns. This means assessing your IT estate to find out where it is weak based on current cybersecurity knowledge.
Many businesses believe they are secure, hiding behind firewalls and antivirus software, but this is a dangerous assumption. Hacking threats change daily and even transform by the hour.
The security of your data is a specialist field within the IT industry, and it cannot be managed by simply adding software/tools.
Assessment of your networks and IT estate is a pre-requisite to setting up your security correctly. This service can be carried out remotely in conjunction with your in-house or current IT support company.
Changes to network architecture and security as a result of assessment are the first stage in establishing good cyber hygiene.
There are a number of simple best practices, such as two factor authentication, that many companies do not deploy and consequently leave themselves exposed.
Businesses must look to the future and secure by design. The old model of cybersecurity worked on protecting everything inside your perimeter and then trusting other firms to do the same, but this trust can be misplaced and cyber criminals exploit the weakest link in a chain to gain entry.
In what is known as ‘island hopping’, many businesses are now suffering breaches caused by one of their vendors, third parties or through the supply chain. The utilisation of zero trust networks, where verification is required prior to engagement with another server, platform or device is a key defence that all businesses must move towards.
Finally, fake news presents a new threat too. This technique, whereby an IT system is manipulated by algorithms to produce a result rather than simply being attacked, means the permutations an attacker can achieve from an attack are multiplied.
This means a traditional defence only approach isn’t sufficient and counterintelligence via data collation and analysis are required to anticipate, prepare for, and respond to attacks.
In reality, every business should work on the basis they will suffer a breach, and work towards cyber resilience; this is the 360-degree coverage from threat detection to recovery and re-establishment.
With the current landscape exacerbated by the COVID-19 pandemic, which is stressing business finances, here’s a six-step guide to what organisations can do now to stay ahead of the attackers in 2021.
1. Cyber hygiene
Understanding your estate, its weaknesses, and then deploying basic cyber hygiene, is the top priority for businesses.
The more you can automate your security, the more cost effective it will be. Automation is helped by advances in AI and machine learning and, in addition, cloud providers make significant contributions towards standardising and automating security tasks.
3. Security by design
Security by design will help eliminate more of the known weak links and cloud adoption also spreads the use of zero trust mentality. In addition, less complex environments are simpler to protect, so drive to simplify your IT estate.
The aspiration to protect everything will fade as it becomes impossible. Instead, businesses must work towards more focused efforts that anticipate, detect and disrupt active threats. Counterintelligence will be used to primarily thwart advanced threats, leaving the more basic threats to be covered by cyber hygiene, automation and security by design.
Recoverability is a key element to cyber resilience, often ignored or left as an afterthought. However, given that everyone will be breached at some point, the only thing a business can control is its response when it occurs.
IT security is too critical to be left to a business; the self-regulation will come in the form of stricter third-party controls that organisations will implement to protect themselves. Working towards Cyber Essentials & Cyber Essentials + are key steps for business in 2021.
Working with Melius Cyber
“Melius Cyber was able to remotely analyse our current estate across the UK, give us a hackers’ eye view of the vulnerabilities, and then assist us to implement best practice and cyber hygiene.” – Alex Lush; Severn Glocon