In a 2021 EY Global Information Security Survey, it was revealed that CISOs and security leaders are locked in battle with a new wave of cyber security risks, which became more prevalent during and after COVID-19. Law firms face a significant risk when it comes to cyber security because of the amount of client data they hold. The Solicitors Regulatory Authority (SRA) reported that £2.5m was stolen in the first half of 2020, a three-fold increase on the same time in the previous year (Source: SRA, https://www.sra.org.uk/sra/research-publications/risk-outlook-2020-21/information-and-cyber-security/)
Given the trajectory of current trends, the situation could spiral further out of control unless organisations are willing to invest in the technology and innovation necessary to fight the resurgence of cyber risk. Unfortunately, many have yet to even identify the risks and potential vulnerabilities which surfaced at the height of the pandemic.
An explosion of cyber threats
Between 2020 and 2021, nearly every business had to embrace disruption in some way or the other – frankly, they had no choice – and had to do so within a very tight timeframe. Progressive organisations were quick to come up with new customer-facing technology, which included cloud-based tools to support remote working and keep market channels open.
Although well intentioned, it all came at a price.
Most businesses failed to integrate any kind of cybersecurity measures into the decision-making process, either due to oversight or a pressing urge to move forward towards adaptation as fast as possible. Unfortunately, this led to a new wave of cyber security vulnerabilities in a very fast-moving environment, something which continues to threaten businesses across the UK and beyond.
We’re dealing with an explosion of cyber threats as we speak. In just 2021 alone, threat actors started adopting clever strategies – either by attacking businesses through phishing campaigns which contained malicious software forwarded to staff members – or by embedding backdoor code which gave them a free hand in exploiting commercial software procured by the respective business’ customers.
In May 2021, hackers were successful in shutting down the US Colonial Pipeline. Their weapon of choice? Ransomware-as-a-service easily attainable through the dark web, posing serious risks to the economy and society in general.
Meanwhile, the individuals responsible for infiltrating SolarWinds in 2020 did so through a very sophisticated supply chain attack, which security teams were mostly unfamiliar with.
This has highlighted the strategic importance of cybersecurity
Business leaders and organisations who are quick to recognise the risks and connect the dots already understand how critical it is to mitigate them, while fuelling their business’growth and continuing to pursue technological ambitions. And, those who do so have a bright future indeed. In fact, in the same 2021 survey we spoke of at the start of the article, 57% of respondents believe that the ongoing resurgence of cyber risk presents a unique opportunity for business cybersecurity to raise its profile.
CISOs are in the middle of a critical moment, however. If they are willing to support digital transformation from the initial planning stage, they can truly become a strategic enabler of technology-based growth, when it comes to fighting cyber risks and threats. But if they’re not willing to play a hands-on role in this transformation, then cyber threats will continue to accelerate at a near-blinding pace and their importance in boardrooms will eventually wither away.
Fortunately, senior leadership teams are showing concern about how their respective security functions can protect the organisation on a whole. Over 55% of respondents said cybersecurity is now under more scrutiny than it has ever been; 39% organisations are now including cybersecurity on their board agendas each quarter – this is up by 29% since 2020.
With the above in mind, a dismal 9% of executive boards said they are very confident in having their organisations protected from major cyber attacks, after seeing the cybersecurity risks and mitigations strategies presented to them.
This needs to change and it needs to change now. But how?
How technology can help in dealing with it cyber security threats
Cybersecurity teams in leading organisations use powerful, advanced and bleeding-edge technologies to protect their corporate assets. However, most threats can be thwarted using less sophisticated methods.
Most companies are not attacked by advanced, military-level hackers but rather everyday criminals who are financially motivated – if nothing else – and use methods like simple phishing emails.
Where companies get it wrong
When it comes to cybersecurity technologies, many will just automatically buy the most advanced technologies, not knowing how they will benefit them or how to utilise them to their fullest potential.
If anything, they end up creating more inefficiencies within the cybersecurity team, which means the overall cybersecurity programme gets compromised.
Once C-suite executives are fully involved in technology as a means to combat cyber threats, it is up to technology professionals to educate senior leadership about best practices when it comes to investing in the latest cyber security technologies.
For this to be successful, it is necessary to nurture a close collaborative relationship between technology professionals and decision-makers in the adopting business. C-suite members should be open to embracing new processes and ways of thinking about cyber risk. Meanwhile, those responsible for implementing should ensure the technology is actually fit for purpose and can help them to achieve their security goals. They should also ensure adequate training and awareness among colleagues, which is essential for effective uptake.
For businesses of all stripes in 2022, it is not enough to simply purchase the most advanced solutions and assume they’ll solve all your problems, and CISOs should encourage a culture of continuous learning to ensure everyone is familiar with the technology and comfortable using it.
The short answer is that tech is, of course, invaluable in fighting the resurgence of cyber risk – but only when it’s used properly!
Find out more about the data security and cyber resilience coverage within the LTIC certificate here