In fact, a recent cybersecurity benchmarking study found that 29% of CEOs and CISOs and 40% of CSOs admitted that their organisation is unprepared to deal with the rapidly changing landscape of cybersecurity threat.
There are many reasons for the increase in security vulnerabilities but one of the most significant is the rise in remote desktops being added to networks and the multiple other types of unmanaged and untrusted devices being used to facilitate remote and hybrid working. Businesses who would previously never have considered a ‘Bring Your Own Device’ strategy have inadvertently found themselves in the midst of one with little control over device hygiene and management and little opportunity for user education.
Hackers have predominantly been looking to exploit these increased vulnerabilities through ransomware attacks. According to IDC, approximately 37% of global organisations said they were the victim of some form of ransomware attack in 2021. With this perfect storm of enforced, accelerated technological change and increase in cybercrime, businesses must consider what can be done to assess and address their weaknesses before the criminals can take advantage.
According to Kieron Maughan, director of Stone’s cyber security partner Nellcote, one of the most common points of entry to a network is via an unsecure administrator account:
“As simple as it sounds, administrator accounts have often not been renamed and are therefore easily identified by their default title. Unlike other accounts that will lock after a number of failed log-in attempts, administrator accounts do not do this, giving a criminal infinite time to crack the code. A unique account name and a strong password that is changed frequently are vital.
“If you weren’t already using some form of multi-factor authentication then this will also help to minimise the risk of the use of employees’ own devices. Whether it’s simple two factor authentication requiring a password as well as a code or fingerprint, or contextual authentication, taking into account time of log in, location and IP address, this additional measure goes some way to redress the balance of security vs ease of use for your remote or hybrid workforce.
Attention also needs to be turned to suppliers and partners who can often prove the weak link when it comes to access to your network. When operations change so significantly as they have over the past two years, businesses will have made changes to their suppliers and partners and it is important that comprehensive due diligence is carried out on their security parameters. No matter how stringent your own processes are, if this step is neglected, it could be a wasted effort.
In the event of a ransomware attack, thoughts immediately turn to the back up to restore data and enable the business to continue however, to remove this option and strengthen their position, hackers will look to destroy any digital back-ups. It is therefore key to ensure you always have a physical back up – something that over time has often been forgotten in favour of the cloud.
Regularly scanning both internally and externally for vulnerabilities is also vital but many businesses still don’t realise that this is not effective if carried out as an annual exercise. As Nellcote’s Kieron Maughan explains, “Vulnerabilities arise regularly and therefore scanning on a monthly basis and keeping up to date with patches is undoubtedly harder in a hybrid working set up but is vital nonetheless.
“We have seen huge benefits from carrying out ransomware simulations with clients which explore how quickly a hacker could gain access to a network, move around it, and the potential damage they could cause.”
There can sometimes be a temptation for directors to buy in or subscribe to tools as a ‘quick fix’ for potential issues however the bottom line is that only the right processes and procedures embedded in your day-to-day business operations can help to protect you against the increase in cybercrime. The cost of preventative measures can be a hard pill to swallow but the cost of the loss and disruption caused by an organised crime cyber-attack on your business would be far worse.
