ISUMO’s Communications Manager interviews Chief Technology Officer John Keyser and Operations Director Spencer Hanley.
In July the Government released the Cyber Security Breaches Survey 2022.
In this article I look at the details of the survey and get some advice and insight from ISUMO’s Chief Technology Officer John Keyser and and Operations Director Spencer Hanley.
Unsurprisingly, the risk of being targeted by malicious operators is not going away. The survey reveals that the proportion of UK businesses experiencing cyber attacks in the last year remained the same as in the previous 12 months.
39% of UK businesses identified a cyber attack in the last 12 months
The survey makes a worrying read. Indicating that many companies are still not actively assessing and monitoring their vulnerabilities. Meaning that subsequently they’re unable to protect themselves against many forms of cyber attack.
- the most common threat in this survey was phishing attempts, at 83%
- 1 in 5 organisations identified more sophisticated attack types such as denial service and malware or ransomware attacks
- 31% of business and 26% of charities estimate that they are attacked at least once a week
- business are beginning to react, with 54% now identifying cyber security risks within their organisation
58% of small, 55% of medium and 60% of large businesses are now choosing to outsource their cyber security to external suppliers citing access to greater expertise, more resources, and higher standards for cyber security.
ISUMO’s Chief Technology Officer John Keyser and Operations Director Spencer Hanley, explain what they see as the most important measures organisations should be taking to minimise cyber attacks and protect against financial loss and reputational damage.
John explains that some organisations are working with the Government backed assessment scheme ‘Cyber Essentials’. This scheme is intended to help organisations secure against cyber attack. By demonstrating that they have robust cyber security in place, participating businesses are able to attract new business.
He is also mindful that, while anything that encourages organisations to assess their risks is good, it often falls short of providing the ongoing attention that proper cyber security requires. In other words, it should not be seen as a ‘box-ticking’ exercise.
“Never rest on your laurels. Long gone are the days when a fire wall is enough to keep attackers out. Post-pandemic ways of working have accelerated our exposure to risks of attack with the use of more mobile devices, including worker owned, disparate data storage and data sharing platforms. Presenting vulnerabilities both inside and outside of the fire wall. Phishing is an example of a style of attack that seeks to exploit of our new ways of working and requires ongoing surveillance to counter the frequency of these attacks.”
Spencer agrees, “The false sense of security that that comes from doing one act and having the certificate isn’t enough in todays environment”.
John continues, “Ransomware attacks are probably the most damaging for small to medium organisations, partly because they can’t afford the ransom and also because they don’t always have proper back-ups in place so data is lost, which could signal the end for that business. Even cyber insurance can be a false security. A business will have to demonstrate they have everything in place to protect them and even then there’s no guarantee insurance will pay out. Ongoing attention and monitoring is realistically the only way to protect your data and your business. There really isn’t one single action, it’s ongoing monitoring, having security in-place and real-time back-up of all areas”.
Spencer makes a good point, “Many organisations that are attacked will never say, so I imagine the scale of this crime is higher than reported. Reputational damage and brand disruption are two things that could take a company down over the ransom payment”.
Cloud service partners can provide some security, as John explains.
“Managed service cloud providers do offer protection but you still need to configure it and protect your local environment end to end. Cyber security is assessing your individual environment and putting in-place continuity and multi-level live monitoring. Where is my data and what are our risks? This is what you need to know, day by day”.
So, what is the most important action that organisations can take, to protect against cyber attacks?
Spencer says, ”The single most important thing is to focus on it. Accept that it’s a reality, and that you are vulnerable. However you do that, either by getting a team in-house or outsourcing it – just take it seriously”.
John adds, “Run an assessment and give cyber security the attention it needs. Don’t think you have everything covered, know you have”.
During our interview, I was fascinated to see John was able to see real-time cyber attack attempts on the ISUMO analytic dashboard, “Looking around now, the biggest risks are ransomware, that’s what happening right now in the world”.
With cyber criminals seeking to exploit security vulnerabilities, ISUMO’s technology and their 20 years of expertise are constantly assessing the security of many organisations. They are able to identify all areas of vulnerability, and offer a Care Plan that provides 24/7 cyber security protection.
Spencer is keen to stress, “Cyber security is a hot topic and rightly so. Organisations should be careful to do their research and find good people to work with. You don’t need to throw the kitchen sink at it. A bespoke plan is ideal, so you’re only paying for what you need. I’m very happy to have these discussions with businesses that handle data, that want to focus on protecting the most valuable assets of their business, their data and their reputation.
Give Spencer a call direct on 07967 652650