DCMS has released its annual Cyber Security Breaches Survey, which found that – while threats have become more frequent – ransomware has decreased.
It’s reassuring to see that the latest survey reflects what many of us in the industry already know to be true – that cybersecurity has, slowly but surely, risen up the agenda to become a business-wide and board-level issue. The challenge the industry faces is no longer one of awareness, it’s about how to put in place achievable yet effective measures to manage the huge variety of digital risks businesses face today. One such digital risk that the survey highlights, is that of suppliers. There’s no doubt that third parties are hugely important in today’s hyper-connected business environment, but they’re also a potential source of data breaches and are often targeted by malicious parties in order to leapfrog into other businesses’ networks.
When it comes to working with external parties, there has to be a balance between risk and reward. Assessing the cyber risk of your suppliers needs to be done through the lens of potential impact on your business operations. First, you must identify the most important parts of your business and then focus on protecting them. Ask yourself: which data flows in and out of the business? which suppliers have access to what corporate data? where is my most critical data and who can access it? By taking this approach, you can align your security protocols so you know how much access to grant to, and how much trust to place in your suppliers.
This year’s DCMS cyber security survey shows almost half of UK companies have been breached or attacked in the past year, and phishing attacks continue to rise – impacting 86% of organisations in the last 12 months. While the targets and sophistication of these attacks evolve slightly over time, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense are enough to have a significant impact on the deterrence of cybercrime.
Employee awareness schemes are critical to ensuring staff are equipped with the ability to spot fraudulent emails and learn to be more cynical to keep the organisation safe. The Verizon 2019 DBIR found that senior executives are 12 times more likely to be the target of social incidents, and nine times more likely to be the target of social breaches than in previous years. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next, or have assistants managing email on their behalf, making suspicious emails more likely to get through. The increase of success that cybercriminals enjoy from phishing attacks can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.
This year’s Cyber Security Breaches Survey from the DCMS demonstrates the increasing sophistication and threat from email attacks. The volume of phishing and impersonation attacks continues to rise, showing that cyber criminals are turning to social engineering tactics in order to access organisation’s sensitive data. The statistics show plainly that these attacks are far more prevalent than the likes of ransomware attacks but they make the headlines far less. Organisations may think they have their email security under control but they evidently need to think again.
Even amidst the crisis in the past few weeks it has been especially worrying to see the rise in fraudulent emails related to the coronavirus. Although there is no doubt about the importance of training employees to recognise these more sophisticated techniques, these scams are designed to take advantage of emotions so it’s absolutely crucial that organisations put systems in place to protect employees from even receiving the emails. Organisations need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks.
Although DCMS report that the number of ransomware incidents have halved since 2017, our FireEye Mandiant ransomware investigations increased 860% from 2017 to 2019. The majority of these attacks were deployed out of hours. Cybercriminals never switch off and so organisations should have emergency plans in place and ensure after-hours coverage is available to respond instantly in the case of an emergency.
From our investigations we’ve seen hackers become a lot more sophisticated in their tactics with careful planning and execution. Most of the ransomware deployments take place three or more days after the initial infection. This means that even if an organisation does fall victim to having their network and data compromised, there is some leeway between the first malicious action and ransomware deployment. If initial infections are detected, contained, and remediated quickly – before the ransomware is deployed – businesses can mitigate the financial and reputational consequences of the ransomware infection.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics