In response to findings from the UK Cyber Security Breaches Survey, IT security experts commented below.
James Romer, Chief Security Architect for EMEA at SecureAuth:
These threats can all be effectively addressed through complete identity management platforms, combining identity access controls alongside user awareness programs. It appears from the report that businesses and charities have not correctly identified the importance of implementing strategic identity solutions as a priority to improve their cyber defences. It’s clear that with identity and credentials accounting for the majority of data breaches, more awareness and focus needs to be put on comprehensive authentication techniques to shore up organisations’ defences and prevent cyberattacks in the future.
Organisations need to go further than just two-factor authentication, utilising Identity platforms that join silos of data together to create comprehensive Identity controls. Part of those controls should be to Implement adaptive authentication that combine techniques such as geographic location analysis, device recognition, IP reputation based threat services, and phone fraud prevention to address the threats at the identity level efficiently.”
David Kennerley, Threat Research Manager, EMEA & APAC at Webroot:
These results should highlight why it is absolutely critical for organisations to have a robust cybersecurity strategy in place to deal with and defend against these kinds of attacks. Due to poor security practices and culture, organisations are sometimes left with no other option but to pay the ransom to get their data back – but be warned, by paying the ransom you are sustaining the model, and more worryingly there’s been many cases previously where even paying the ransom doesn’t guarantee that the cybercriminal will actually return your files.
The key to mitigating these attacks requires a combination of the right security technology, a comprehensive disaster recovery plan (DRP) and employee education, particularly as the report shows that disruptive breaches were most commonly spotted by individuals rather than software. Also, supplementing this education with smart technology, such as AI, will only enhance detection.“
Mark Adams, Regional Vice President, UK & Ireland at Veeam:
“Reading that over half of the businesses surveyed and six in ten of the charities interview were impacted by breaches or attacks came as no surprise. Especially when you consider that less than half of these companies had the right contingency plans in place to deal with highly disruptive breaches. This is no easy nut to crack. Covering all bases is the demand, but breaking it down into departmental accountability is a way of overcoming some of the pain.
“Hearing that just five in ten businesses (and three in ten charities) implemented the five basic technical controls under Cyber Essentials is completely unacceptable. Worse still, these steps, whilst highly useful to follow, do not cover the issue of data availability.
“Restricted access, firewall configurations, the latest malware updates… it’s all incredibly important, but at some point your business will be breached. It’s inevitable. When it happens, you need to ensure you can remediate quickly to reduce the impact of the attack, and allow your business to remain ‘always on’.
“When 98% of businesses and 93% of charities represented in the survey were found to rely on some form of digital communication or services, we are reminded that businesses cannot afford these services to suffer downtime or lose their availability. The ability to keep these lights on, using data backup and disaster recovery solutions, couldn’t be more important. This should be regarded as a sixth step in the essentials list that is no longer a luxury, but a necessity.”
Simon McCalla, CTO at Nominet:
“The absence of internal security staff is not hugely surprising, but it is a concern. Increased technology outsourcing is an established trend, meaning that sensitive enterprise data tasks now handled by MSPs with privileged access to critical systems is a particular area for concern. Data breaches can be caused by an insecure connection, a backdoor, or even an inside agent, and huge data losses can be made. Companies with particularly sensitive data need to seriously consider bringing security teams in-house in order to mitigate these risks and have the expertise to deal with any suspicious events as they occur.
“The lack of awareness around DNS attacks is also leaving companies wide open to be compromised. The vast majority of threats use it to get malicious data either to or from a target. By understanding the patterns and anomalies in this traffic and having visibility of malicious domains, threats can be stopped from communicating effectively.”
Greg Day, VP & CSO, EMEA at Palo Alto Networks:
“It’s really important that businesses get basic hygiene right, otherwise you’re just putting hard work, customer data and day-to-day business operations at risk. We need to ask where the problem is coming from. Is it due to lack of knowledge, skills, or resource, or all three?
“Traditional cyber security mindsets have created a heavy human workload, which take up resources. We’re now seeing new legislation which leverages the concept of state of the art cyber security, to meet this modern security capabilities do allow for much greater automation and efficiencies. As such businesses need to consider if they have a modern state of the art security operating platform or a legacy of components. For resource-poor businesses, the cybersecurity industry has started to offer security as a service, so businesses that don’t have the skills internally can leverage others.
“The report’s findings on the adoption of cloud computing tally with our own research, for example that security policies only cover cloud computing 59% of the time for businesses. This rush to the cloud is not taking full account of the security risks. We know from our own research that despite most cybersecurity professionals (64%) saying security is a top priority for their adoption of the public cloud, less than half of respondents are very confident that existing cybersecurity in the public cloud is working well, and only 19% of those we spoke to said they have the correct level of involvement in the security of cloud services. Visibility is critical to IT security, however the move to the cloud has brought with it multiple vendors and new responsibilities for security which is makes visibility harder. Our research found that only around 1 in 10 (13%) cybersecurity professionals said they were able to maintain a consistent, enterprise-class cybersecurity across their cloud(s), networks and endpoints. If we can’t see or understand what good looks like and can’t consistently apply controls to enable our increasingly digital businesses, then we should expect future reports to only get worse. The capabilities and opportunities are there for improvement, businesses just need to take them.”
Matthias Maier, Security Evangelist at Splunk:
Justin Coker, VP EMEA at Skybox:
Tony Pepper, CEO at Egress:
“What might be surprising for some is that, in spite of what we see on the news, the most common attacks reported are not sophisticated attacks. The most common attack businesses are facing is fraudulent emails or being directed to fraudulent websites, which 75 percent had experienced. By comparison, viruses, spyware and malware attacks only affected 24 percent. Again, this shows that businesses would benefit from focusing on the basics first, which means the actions of their own staff. Education is important, but organisations also have to put in place processes and technology that helps protect staff from making mistakes that put the company at risk. By prioritising their own employees, the vast majority of attacks could be prevented.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.