FEATURE
2021 has been a year of significant change for cybersecurity – but that ’ s the nature of the industry . It ’ s fast-paced , increasingly advanced , and can be relied upon to throw challenges in the face of organisations when they least expect it .
The one constant is that everything will continue to change . Businesses are tackling new threats , the annual spend on defence solutions is increasing and more people are having those all-important initial conversations about cybersecurity . But there is still a long way to go . While we are seeing more people talk about cybersecurity strategies , and even getting to the stage of planning the next phase , it often ends up with leaders choosing the bare minimum option – mostly due to budget restrictions . Given that investment in cyber solutions offers no immediate RoI , it ’ s important that leaders act with foresight to get ahead and continue on their maturity journey in order to limit the impact .
Businesses know all too well the devastating repercussions of a successful attack , and most would agree that a post-attack budget is far larger than a pre-attack one . Suddenly , once the perimeter has been breached , companies are much more convinced by greater security measures , but by this point it ’ s already too late .
The past year has witnessed a great many cyberattacks , but two major threats to modern businesses are ransomware and insecure supply chains .
Responding to ransomware
Throughout 2021 , ransomware has become more sophisticated and prominent in cyberattacks . Advances in this threat vector means a single breach can leave organisations trembling in its wake as systems and data become compromised . The main question being asked by clients now is : how can we get in front of ransomware ? And to answer that question , we must break down the life cycle of ransomware to understand how it enters the network . It ’ s usually down to phishing , password guessing , exploitation of vulnerabilities , or malicious documents in an email . Once they understand the entry point for ransomware , businesses can start putting together a strategy to safeguard against it .
Vulnerability assessments are a critical part of getting ahead of attackers . While
Like the Mike Tyson saying : ‘ Everyone has a plan until they get punched in the mouth ’.
most businesses already conduct some form of assessment , it ’ s not always at the necessary scale or depth . Penetration testers often get these responses from business teams following an assessment : ‘ I don ’ t know what that is ’, or ‘ I thought we had turned that off ’. It can be difficult to achieve good asset management across a complex network environment , especially in large organisations . So , as a bare minimum , businesses should remember the key basics that can really make a difference : patching , passwords and policies .
Part of the issue when it comes to tackling ransomware is that it ’ s far too easy to become distracted by the new shiny tech being released – such as Artificial Intelligence and Machine Learning – and forget about fundamental cyber hygiene . In order to get in front of ransomware , it ’ s time to ditch the buzzwords and reinstate those strong foundations . It is always worth hammering home the basics – not because they ’ re easy , but because they ’ re needed .
The complexity of supply chains
Not only has ransomware been an exponential threat this year , but some of the biggest cyberattacks to have taken place in 2021 have had links to the supply chain . From the Colonial Pipeline attack to multiple attempts on the COVID vaccine , supply chains have www . intelligentciso . com
37