Actions of national agencies may lead to fear amongst businesses, but leaders must remain wise to the more common threats.
Last week, the UK government accused Russia’s GRU intelligence service of perpetrating four high-profile cyberattacks that took place over the last couple of years. While this latest development could lead to fears that nation states may threaten private businesses, it is important that companies do not lose sight of the biggest threat on their doorstep – the everyday hackers that carry out the majority of attacks they have to deal with.
Gary O’Leary-Steele, Technical Director at Claranet Cyber Security, said:
While nation state attacks make the news headlines, the complexity and frequency of attacks from all sources are on the rise, and attacks will often target the same vulnerabilities, whomever is behind the attack.
To ensure that they are adequately prepared to minimise the impact of cyberattacks, regardless of the perpetrator, organisations need to step up their vigilance across the board. This means implementing a cybersecurity strategy that emphasises not just reactively tackling incidents as they happen, but also adapting to the threat landscape by understanding how hackers think and work, and regularly testing your applications and infrastructure.”
Reactive data breach mitigation always has been and will continue to be crucial, but equally important is being able to understand the ways that hackers go about their business so that organisations can avoid being targeted in the first place, and can keep up with the rapid rate of change. In addition to increasingly sophisticated technical attacks, employees are regularly being exploited as a way into an organisation’s data, so security awareness training, including how to avoid phishing attacks, in addition to more detailed security training for developers and technical teams, must be a critical part of the protection employed.”
O-Leary-Steele concluded:
It would be foolish to ignore a growing prevalence of state-backed cyberattacks, but it’s crucial not to lose sight of the threat of independent actors, which will remain the most prominent danger for businesses for the foreseeable future. The volume and complexity of cyberattacks is rising substantially. As an example, over four in ten businesses (43%) experienced a cybersecurity breach or attack in the last 12 months, according to the Department for Digital, Culture, Media & Sport in its Cyber Security Breaches Survey 2018.
The best way for businesses to prepare for this is by making sure security measures are proactive as well as reactive, and regularly tested and reviewed. For most organisations, they will require the help of dedicated security experts to achieve this.”