How are you preparing?
As we head into the back end of 2022 the landscape of the working world and the systems behind it have gone through big changes.
As companies and industries have adapted to new ways of working, there has naturally been an adaptation of cyberthreats.
With consistent leading threats still looming large, and rising threats gaining momentum it can be a minefield trying to navigate and prioritise your defence strategy, but with industry leading research from the Gartner Report, you can develop the best approach for your company.
Overcoming fatigue of consistent threats
The consistent top threats are just that for a reason. They are effective at what they do and have the ability to rip through any business that isn’t properly prepared.
Whilst many companies are aware of top threats such as phishing and ransomware, one of the more difficult challenges for security leaders can be gaining the support and funding needed to stay prepared.
One way to gain support is to raise awareness of new automation tactics developed during the rise of cybercrime in the pandemic, which include smarter and more efficient attacks.
As ransomware has developed an increased focus on cloud storage and encryption, well known and used cloud applications are now a method of encrypting and hiding their nefarious activities, meaning high profile services can’t always be relied upon. This makes proper cloud management even more important moving forward.
With phishing one effective tactic for raising awareness is to run phishing tests across your company to understand how adept your staff is at recognising threats. Use a mix of small-scale, targeted phishing tests, based on job roles, ages and work-from-home practices so that you cover a wide base of possible attacks, and don’t forget to praise your colleagues for good practices!
By strengthening multi factor authentication security that monitors both pre and post authentication behaviour you can minimise the risk of critical data being breached. Having dedicated help desks or security can provide even more scrutinous eyes to notice unusual behaviour.
Preparing for the new kids in town
When high-momentum threats have begun to hit companies in the same industry as yours, it’s time to pay attention! As they gain greater momentum, they can expose weaknesses in your security due to lower awareness. It’s imperative to build up your knowledge base and understand which assets you have that are likely targets. Following news and reports around industry trends, especially APIs and Supply Chains can help you understand the holes in your security.
With high momentum threats you should develop a blended balance of fast and slow response types, with the fast approach having appropriate, quick responses to public facing attacks, and slow which avoids overreactions and a drastic change of strategy.
On the horizon
As is the nature of the beast, there will always be newly emerging threats not too far away. It’s always difficult to develop tactics when heading into the unknown, which is why it is so important for you and all security leaders to develop workarounds based on whether these attacks look similar established threats, as well as developing long term solutions to the risks being posed, that can be adapted in an agile way.
Risks around the future of work and the cloud are areas that could potentially gain more momentum. Attackers may look to use social engineering techniques against remote workers, and any mistakes during the transition of services to the cloud may also be targeted, which is why it is important to have cloud experts on your side at this stage and throughout the life cycle of cloud usage. Rather than pushing against the rollout of hybrid working and cloud applications it is important you embrace it as soon as possible, so that your energy can be put toward developing the best strategies for your team.
So how will you respond to the landscape of cyberthreats moving forward?
