As part of their thought leadership series, our partners at Microwarehouse held an online event entitled “Cyber Security: The Current State of Play”. The event was moderated by Guido Marchetti – Microsoft Modern Work & Security Lead at Microwarehouse and the speakers included Des Ryan – Director of solutions and cyber security for Microsoft Ireland, Oli Venn of Watchguard and Brian Honan of BH Consulting. What was evident from the start and agreed by all the speakers was that cyber-attacks are continuing to grow with cybercriminals becoming more malicious and sophisticated.
We are all witnessing the horrific scenes of an unjustified conflict in Ukraine unfold on our TV screens and social media channels, but conventional military conflict is today supplemented by an army of keyboard warriors whose battlefield extends far beyond the borders of the sovereign state of Ukraine. To date there is no evidence to suggest that Ireland has come under any cyber-attacks directly relating to the conflict, however, this is likely to change, and it is expected that the conflict will bring about a sharp rise in attacks by both state actors and criminals who will capitalise on the conflict in much the same way as they capitalised on the Covid Crisis.
Here are some of the key points from the event:
- In terms of Ransomware Ireland is ranked 20 in the world for machine count encounters but when you look at it per capita, per machine, Ireland is ranked number 1.
- 85% of attacks in Ireland and the UK are Zero-Day Attacks. A Zero-Day Attack is where a hacker exploits a vulnerability before developers can fix or patch it.
- It is expected that criminals will target the goodwill of people who wish to support the people of Ukraine with fake support websites and phishing emails.
- Many remote workers still don’t have adequate cyber security in place and risk being an easy entry point into wider company networks.
- 40% of companies do not have a cyber security strategy in place.
- Compromised credentials have been used in 80% of breaches.
- Most breaches resulting from compromised credentials can be averted by enabling Multi-Factor Authentication (MFA), however, adoption rates are far too low.
- CEO/Invoice redirect attacks are continuing to grow.
- Attackers increasingly leveraging the computing power of compromised machines for cryptocurrency mining.
- Ransomware kits or ransomware as a service (RaaS) is widely available on the dark web and allows criminals with limited cyber knowledge to launch attacks.
Most decision-makers in companies both large and small are aware of the dangers but far too many are not taking the appropriate steps to protect their systems and their data. If you suffer a data breach resulting from an attack, you have a legal obligation under GDPR to inform the data commissioners’ office and the individuals whose data has been compromised. This will erode the trust in your brand with a likelihood of some existing clients abandoning you and potential clients looking elsewhere. It can take years for your business to rebuild its reputation.
Cyber security needs to be at the core of your IT strategy and a multi-layered approach is the most effective way to protect your business and mitigate the chances of a successful attack.
The are many cyber security solutions available and your IT Service provider will make recommendations to you based on the requirements of your business. There simply isn’t any solution that can guarantee you 100% protection from a successful attack. Humans are creatures of habit and often the weak link in your cyber security defence. You can, however, turn that weak link into your strongest defence by educating your employees. In our experience, the adoption of continuous Cyber Awareness Training with Phishing Simulations has helped companies bring about a cultural change whereby individual users understand the risk, their responsibilities and the actions they should take.
What you should have for a multi-layered approach to Cyber Security
- A clear cyber security and Information Security Policy
- Secure logins with Multi-factor Authentication
- Email Filtering
- Endpoint antivirus protection
- Data Encryption
- Access control policy
- Implement Software patches & updates
- Cyber Security Awareness Training
- Phishing Simulations
- Desktop exercises
- Secure backups
Talk to our experts today, who can help you access your current security posture, determine where you are vulnerable and help you build a multi-layered strategic approach to mitigate your chances of a successful attack. Email firstname.lastname@example.org or call us on +44 161 710 1729.