“The starting point must be that every British company is a target, that every British network will be attacked, and that cybercrime is not something that happens to other people.”
Setting out to make cybersecurity the UK’s top priority in 2015 the then-Chancellor George Osbourne would have been dejected to see, had he glimpsed into his ministerial crystal ball, that today we face far greater and more sophisticated cyberattacks with 43 per cent of all those taking place in Europe targeting British-based organisations, and our public sector proving most vulnerable.
Not to be the bearer of bad news but alongside this is an abundance of complex global challenges from economic pressures and the energy crisis to geopolitical tensions and supply chain constraints, combining to create a tsunami of risk and exposure looming over organisational operations, productivity, reputation, and continuity.
Before I take you down a rabbit hole of negativity let me reassure you that when it comes to mitigating your cybersecurity risk there are a variety of economically effective options to pursue without breaking the bank on the latest glamorous AI-infused cybersecurity product.
Hooray!, you cry, however, there is a caveat to this which is necessary to see the bigger picture. As insurance premiums continue to rise, now projected to reach $25bn in 2025 according to the Swiss Re Institute and with a growing list of ever-stringent requirements to adhere to, it is critical that organisations navigate the risk of limited insurability by re-examining their strategic planning. 98% of basic cybersecurity hygiene still protects against 98% of attacks, organisations should ensure first and foremost that they focus on delivering the fundamentals of effective cyber hygiene before they consider deploying their limited capital on more complex services and products.
Impactful initiatives that can help support your organisation and strengthen your security posture.
As you are taking the time to read this article it is likely that you are concerned about cyberattacks and thinking how best you can limit your organisational risk, identify vulnerabilities, and maintain a robust position going forward. So, with this in mind here are a variety of best practices that you may look to adopt to strengthen your security posture.
Enable Multifactor Authentication (MFA) – to prevent unauthorised access, and compromised user passwords, and provide extra resilience for identities MFAs offer an additional layer of security by requesting multiple user IDs at the time of registration.
Apply Zero-Trust Principles – ‘never trust always verify’ – zero trust is a security approach that in its design protects your organisation’s assets by eliminating the concept of ‘trust’ from your architecture. Never automatically trust external and internal users and devices, authenticate and authorise everywhere, and implement least privilege infrastructure access.
Use Modern Endpoint Protection/Anti Malware Software– implement software to detect and automatically block attacks, improve visibility, and provide critical insights to your security operations.
Keep up to date – patch, patch, patch – unpatched and out-of-date systems are a key reason that organisations fall victim to a cyberattack so ensure you update, fix, and improve as applicable.
Ensure organisational resilience through disaster recovery– the impact of systems error and downtime and speed of recovery can be immeasurable so protect your critical data with segregated/immutable backups.
How a managed service provider (MSP) can support you with your strategic cyber security efforts
Managed Service Providers like Brightsolid are the caretakers of our customer connectivity, and infrastructure while also being the custodians of their data. This places MSPs in a unique position to be able to monitor and manage their customer’s estate while being able to optimally respond to and resolve security challenges.
Our expert security analysts from our in-house Security Operations Centre safeguard our customer assets and infrastructure with 24/7 monitoring of potential threats, giving organisations peace of mind that threats will not go undetected. Our engineers support our customers through triaging and analysis, proactive threat hunting and automated response together to deliver rapid threat detection and response.
Monitor your infrastructure 24×7 – early warning and detection to help remediate and respond quickly to potential threats.
Cyber security expertise – professional cyber security experts with their understanding of the latest threats and vulnerabilities who can advise on best-practice, recommend bespoke security solutions and help you stay ahead.
Incident Response – in the event of an IT infrastructure security breach or incident, MSPs provide rapid incident response to identify the cause, contain the threat, and help you get back up and running minimising the impact to the organisation.
Ensure compliance management – MSPs can help you meet any regulatory compliance requirements for security such as GDPR or PCI DSS through the implementation of security controls and assessments.
Andy Sinclair will be speaking tomorrow at the Digital Scotland: Tayside conference, at Abertay University.