Responding to and Securing the Future

2023-01-13

Responding to and securing the future By Michael McCann, ANSEC IA 

What is clear is that we are moving to a more integrated digital landscape. The need for cyber security is therefore more important than ever before. And it is something in which everyone must play their part, and with the rate of cyber-attacks on the rise, we all need to be prepared. Ensuring that systems are properly configured and regularly patched is absolutely critical. 

For context, the Cyber Security Breaches Survey 2022 report from UK National Cyber Security Centre (NCSC) results show that in the last 12 months, 39% of UK businesses identified a cyber-attack. The survey also found that enhanced cyber security leads to higher identification of attacks, suggesting that less cyber mature organisations in this space may be underreporting. 

Of the 39% of UK businesses who identified an attack, the most common threat was phishing attempts (83%). Of the 39%, around one in five (21%) identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack. Despite its low prevalence, organisations cited ransomware as a major threat, with 56% of businesses having a policy not to pay ransoms. 

At ANSEC, cyber response is what we do, and we see an ever-increasing sophistication in cyber threats. Organisations must work diligently to stay ahead. As a business, understanding the risk to your organisation is the first step in your defence. Many companies are investing in the latest technologies and solutions in order to improve their own automation. This includes artificial intelligence and machine learning, to better detect, prevent and respond to threats. Solutions such as Extended Detection and Response (XDR) and Security Orchestration Automation and Response (SOAR) are being used to analyse patterns in digital activity and flag potential threats. These automated processes lead to faster response times which have proven invaluable in halting a cyber-attack before it escalates. 

Some larger organisations are investigating the use of tools such as ‘honeypots’  – a virtual trap to lure attackers which means that businesses can study techniques and indicators of compromise to improve security policies and processes. 

So, what can SMEs do? 

Understanding and testing plans across all areas of business  – not just those controlled by IT -continues to be extremely important. In addressing the possible repercussions of security incidents, it is vital to ensure that all business stakeholders understand how to: 

• invoke the plan; 
• utilise the platform on which it will operate; 
• have a clear understanding of the steps needed to support mitigation. 

Simulating common breaches increases corporate cognitive ‘muscle memory’ and sharpens the skills needed to execute response playbooks and runbooks, should a breach occur.  Learnings from such exercises help to improve the security and the posture of any organisation, large or small.   

Many cyber-attacks are successfully launched due to user error. Educating users and leadership boards provides a key foundation in preventing attacks from being able to progress through cyber security best practice, such as:   

• using secure passwords; 
• multi factor authentication; 
• avoiding suspicious links or attachments. 

By investing in the right technologies, anticipating incidents, educating users, and better leveraging existing security assets to defend against attacks, organisations can ensure that they remain secure in the face of the ever-evolving cyber threat landscape.