FutureScot
Cyber

Your culture could be your cybersecurity knight

Gorodenkoff/Shutterstock.com

In recent years, there has been a surge in cybercriminal activity. Indeed, according to the UK Government’s 2023 Cyber Security Breaches Survey, there were approximately 2.39 million instances of cybercrime across all UK businesses in the 12 months up until the winter of 2022/2023. 

With these high levels of activity, it has never been more crucial for organisations to foster a robust cybersecurity culture. 

In addition, current economic and geopolitical developments have aggravated concerns surrounding cyberattacks and elevated the urgency for businesses to bolster their defences and continuously monitor for emerging threats. 

Here are some of the ways organisations can tackle the growing challenge of cybercrime:

Adopt the right mindset

Next to employing modern cybersecurity solutions, businesses can benefit from developing a cyber-security and risk awareness mindset, which should be embedded in every level and process of the organisation. 

The vast majority of successful attacks include some type of social engineering trick, and cybercriminals will continue to exploit human vulnerabilities with highly targeted phishing techniques to acquire user credentials. 

The only effective approach to mitigating the risk of unapproved access rights is to ensure a properly hardened cybersecurity posture. 

Secure against credentials theft

Strengthening security against key attack vectors, like credentials theft, is another key strategy businesses can adopt. 

Gaining unauthorised access to an organisation’s IT infrastructure is usually only the first point of attack. 

The more privileges a compromised account has, the more opportunity the hacker has to move in laterally within the organisation to access sensitive data or take malicious action. 

To decrease this attack surface and prevent cybercriminals from exploiting stolen corporate credentials, businesses can add phishing-resistant multi-factor authentication (MFA) to their arsenal. 

Although not foolproof against all social engineering techniques or brute force attacks, MFA is highly effective at fending off the first attack wave. 

Approve and patch applications

As the line between professional and private use of devices dissipates, securing browsers, their extensions and other applications becomes paramount. 

To counteract the threat, organisations should ensure that only approved or verified applications and extensions are installed on employee devices and that machines are properly patched and hardened. 

Two highly effective methods of reducing the attack surface of browsers and applications are application control and vulnerability management, which will also contribute to improving an organisation’s overall cybersecurity posture. 

While most businesses recognise that outdated software represents a security risk, patching vulnerabilities is often neglected. 

Adapting rigorous vulnerability management for endpoints and networks should continue to be a top priority, especially as it is one of the most cost-effective methods for thwarting cyber-attacks.

Seek outsourced expertise

Some smaller or mid-sized organisations may not be able to rely on a full security operation centre (SOC), a computer emergency response team (CERT), or a security engineering team, due to budgetary bottlenecks or lack of organisational maturity. 

To bridge this gap, businesses should consider outsourcing these functions to a specialist managed security service provider (MSSP). 

Often offered at a competitive cost, these services can provide tremendous value towards an organisation’s cybersecurity programme and overall security posture. 

Get on the front foot 

Cyber threats continue to increase in both number and sophistication, so it is vital organisations of all sizes make it as difficult as possible for attackers to breach their defences. 

In practice, this doesn’t just mean adopting best-in-class solutions, it means using these solutions as part of a holistic cyber-security culture, where employees are educated in the threats they could face, and where operational processes are geared up to withstand and react to attacks. Hoping that a business won’t be targeted is no longer an effective strategy.


Partner Content in association with SentinelOne

Related posts

Data protection startup wins pitch award at tech investor conference

Kevin O'Sullivan
June 11, 2021

The need for security, the potential of smart

Will Peakin
October 1, 2017

Hackers stole $172bn from people last year; ‘too many people appear to feel invincible’

Will Peakin
January 22, 2018
Exit mobile version