As the old adage goes, prevention is better than cure and that couldn’t be more true of cyber defence. On Friday 29 April 2022, we held the second of our cybersecurity events with guest speakers from Islands Insurance, Arctic Wolf and Tessian, to highlight the unfortunately all too true reality that it is not a question of if but when, a security breach is likely to happen to any organisation’s IT network and operating environment.
Nation State Actors
As the Russia-Ukraine war continues, the world is on heightened alert and cybersecurity attacks are a very real threat. In February, the UK’s National Cyber Security Centre (NCSC) called on businesses to “bolster their online defences” from potential Russian hackers. The end of the war seems nowhere in sight and neither do threats to our networks. In fact, along with Russia, North Korea, China, Iran and other nation state actors there have already been as many attacks in the first four months of 2022 as there had been in the whole of 2021 and that was three times worse than 2019.
Jersey has been added to Russia’s list of ‘unfriendly’ countries thanks to international sanctions and with Putin in a tough place, he may raise the stakes to get what he wants. He sees it as funding a war, not carrying out financial crime.
Current events have brought the issue to the forefront but Microsoft in their Digital Defense Report assessed that Russian-aligned threat groups were positioning for the conflict as early as March 2021, when threat actors started to conduct more actions against organisations inside or allied with Ukraine.
86% of breaches are financially motivated with ransomware the most significant and rapidly evolving cyber security threat faced by all organisations. The perpetrators can sit for weeks inside your network without being detected, using your systems and exfiltrating your data, then will use your cyber insurance value against you. Many are paying ransoms in crypto currency which have skyrocketed from $93m total value in 2019 to $406m in 2020. (Source: Statista)
Prevention is better than cure
The cyber insurance market has moved from one of hard to sell to hard to buy. Claims come from those who have lost data and the insurance covers the cost of restoration, loss of revenue or reputation damage as a result of the attack. Although the implementation of GPDR was a driver for organisations to purchase cyber insurance five years ago, the rapid evolution of ransomware more recently has changed that. Individual ransom demands have increased from $50k to $250k and double extortion attacks where data is encrypted and exfiltrated are common place. Combined with the likelihood of prosecution being extremely low companies are now more inclined to pay the ransom and need the insurance to provide the right level of cover.
As a result, insurers require proof that the right controls are in place to prevent cyber crime in the first place. The most important factors being up to date and effective Incident Response Plans and Multi Factor Authentication in place. (Read more about the necessary controls here.)
Alert Fatigue and Human Behaviour
Against this backdrop, tools and systems to defend against cyber attacks have become big business with some $150bn being spent per year, yet the problem just keeps getting bigger. With a larger attack surface through both the cloud hosted systems, as well as the legacy IT estate, IT Security teams not scaling at the same pace as the threat and not knowing what alerts to address first in cyber defences. IT teams are sadly developing ‘alert fatigue’. According to the IBM/Ponemon Cyber Resilient Organization Report, “The more tools you have in place, the lower your ability to respond to an attack.”
At our event in November 2021, we introduced the benefits of systems developed by our partners Arctic Wolf and Tessian, designed to mitigate the dual risks of cyber criminality and human error. Both Arctic Wolf and Tessian have developed solutions which address the areas where human behaviour makes cyber defences most vulnerable to attack.
Tessian’s systems provide human layer security specifically for email and have moved away from a rules based approach to machine learning and data science which looks for patterns in the way an organisation’s employees uses email. Whether they are innocent email mistakes or email is used intentionally to take data out of a company, Tessian’s behavioural intelligence model helps protect organisations and employees from themselves.
Arctic Wolf have used machine learning to take an alternative approach to bolstering cyber defences. Rather than adding yet another tool to the mix, they pool the data, apply a considered ‘concierge service’ blended with automation, running alert signals through their platform to filter out the noise and only provide focus upon the alerts that are of critical relevance. Although the individual tools are all doing the correct job, they are less effective because organisations don’t have the time, people or processes to filter through all the information and pinpoint a breach.
Putting the right controls and systems in place will make sure you’re protected. Having the right people, processes and technologies in place will ensure organisations have an effective approach to defence and covered from both the likelihood and impact of attack.
If you want more information on how we can help your security operations, then please get in touch.