Strategy and anticipation are key to securing against cyber threats

With technological progress comes increased security risks. Sophisticated and co-ordinated cyber groups are working every day to find potential entry points into organisations’ networks.  And it’s getting easier for them to exploit companies’ vulnerabilities, as businesses often neglect security when adopting new technology. 

Following an attack, an organisation’s activity may be paused for between 20 and 30 days on average, which from our experience, may lead to a revenue loss of £274,000 per day for a business with a yearly turnover of £100m. In fact, ransomware attacks are expected to cost businesses $265 billion per year by 2031. In 2021, the estimated cost of cyber-attacks was equal to $20 billion, meaning we’ll have observed a 13X increase in 10 years if this figure comes true.

Still, companies fail to realise the scale of the risk they’re exposed to. A survey commissioned by HYCU reveals that only 15% of IT leaders are currently prepared to defend themselves against a ransomware attack. In order to resume activity and limit the financial consequences, organisations’ only option is therefore to pay the ransom. In the UK alone, over 80% of companies concede to cyber attackers’ demands, as shown by research from Proofpoint.

If businesses keep paying their ransom demands, conducting cyber-attacks will remain a profitable career route, and cyber gangs will have access to even more resources to continue performing increasingly advanced attacks. As the stakes are getting higher, companies must move away from their apathetic attitudes towards cyber and begin thinking strategically if they are to put an end to this vicious cycle.

The well-organised structure of modern cyber-attacks

Ransomware is now a very lucrative industry that is only growing as it recruits new talent. Thousands of individuals around the world have found full-time employment as part of a co-ordinated cyber group. Their mission? To analyse companies’ security systems and access points to ensure their attacks can be conducted effectively, swifty and without detection.  

These sophisticated and organised cyber groups recruit people with a wide range of skills, including money specialists, data miners and coders. Every person knows exactly what they have to do, and they all contribute to ensuring the attack is perfectly coordinated so that businesses that fall victim to attacks cannot anticipate the risk. And as more businesses are threatened, bad actors are even more motivated, either by financial gain or simply the satisfaction of hacking companies’ systems. Some gangs are even state sponsored, making it impossible to implement a legislation at a state level to protect businesses.

Without the appropriate defences, businesses stand little chance against these coordinated attacks and are often left with no choice than to pay ransom demands in the hope of saving their own and their customers’ data, avoid further financial loss, and protect their reputation.

Moving away from cyber apathy and towards defensive strategy

In times when cyber-attacks are so prolific, implementing preventative measures is key for companies to protect themselves as best they can. It is also important to remember that large scale or well-known brands are not the only businesses vulnerable. Companies of any size and across all sectors are potential targets. 

Raising awareness of this threat within the business is crucial. Research from Tessian shows that, currently, one in three employees don’t express enough concern about cybersecurity at work and a quarter of employees do not understand the importance of reporting they had been involved in a cyber incident, showing there is no collective responsibility amongst the workforce. Businesses cannot remain cyber apathetic – helping employees understand the high risk of falling victim to a ransomware attack and making them feel involved in protecting the business is essential. Employees must realise it is their responsibility, and not only that of the of IT team, to act to prevent data breaches.  

Adopting a ‘military grade’ defence strategy is key to helping companies empower their teams. Such a strategy helps to minimise the impact of these unavoidable attacks.

Thinking beyond traditional security measures 

Avoiding the huge financial loss that an increasingly sophisticated range of attacks can incur means businesses must adopt a new approach. The fast-paced cyber landscape requires businesses to think outside the box; standard and traditional security measures are no longer enough to defend against the evolving threat landscape. More specifically, organisations should follow the example of the once-mysterious defence sector. Making sure the business is secure does not require investing a huge amount of money or developing a completely new security system – companies must simply learn to use existing technologies efficiently to strengthen their infrastructure and anticipate and prevent attacks. 

For example, air-gapping technology allows companies to keep specified devices off main servers so immutable data is not stored in the main system, but in isolated environments. Think of them as backups or ‘safe zones’. This technology is very useful to help organisations recover in case of an attack because businesses can regain access to some of their most crucial data, quickly. 

Technological innovations like this must also be supported with in-depth recovery plans. The 30/3/3 model is often recommended to make it clear to everyone what data needs to be recovered in 30 minutes, 3 days, and 3 weeks, should attackers manage to gain entry to a company’s systems. As a result, all employees know exactly which data must be prioritised for the organisation to resume business as usual, as quickly as possible. Everyone ultimately has the direction they need to make the right decisions when facing a crisis, and can work together to help mitigate potential chaos. 

The importance of always being prepared

Keeping pace with the ever-changing cyber landscape is a real challenge. Businesses must make it a priority to regularly adapt their defence strategies, minimise their vulnerabilities and avoid falling victim. In times when the consequences of a breach could be disastrous, inaction is not an option. 

Companies should not lose faith; none are condemned to losing millions, providing they work hard to implement the right defence strategy.

+ posts

Jonathan Bridges’ career has spanned 24 years at multiple global system integrators, with a deep focus on driving innovation through the leverage of leading-edge Cloud solutions. At Exponential-e, Jonathan leads the front-end business focus, covering Cloud, Managed Services, Apps & Data, Unified Communications, and Security. His core focus is providing customers with the support they need to harness leading-edge technologies and drive their digital transformation strategies

CIF Presents TWF - Miguel Clarke

Newsletter

Related articles

Generative AI and the copyright conundrum

In the last days of 2023, The New York...

Cloud ERP shouldn’t be a challenge or a chore

More integrated applications and a streamlined approach mean that...

Top 7 Cloud FinOps Strategies for Optimising Cloud Costs

According to a survey by Everest Group, 67% of...

Eco-friendly Data Centres Demand Hybrid Cloud Sustainability

With COP28’s talking points echoing globally, sustainability commitments and...

The Path to Cloud Adoption Success

As digital transformation continues to be a priority for...

Subscribe to our Newsletter