Entities Should Acknowledge the Gravity of the Cyber Attack Threat
Entities Should Acknowledge the Gravity of the Cyber Attack Threat
In a recent talk, Richard Horne, head of the U.K.'s National Cyber Security Centre (NCSC), indicated that the nation's potential cyber threats are being significantly undervalued by many. Emphasizing the gravity of state-sponsored threats and the numerous cyber criminals, he urged for a boost in the protection and resilience of vital infrastructure, supply chains, the public sector, and the overall economy. Horne, who assumed his position this year, expressed concern over the growing gap between the threats and the present defenses in place. He emphasized the need to speed up our efforts to outmaneuver our adversaries.
Introducing the NCSC's eighth annual review, Horne highlighted his observations since his appointment. He noted the broadening gulf between the looming threats and our preparedness to defend against them. He urged for an increased speed in our operations to combat cyber threats and stated the importance of being resilient is no longer sufficient. Instead, we need to strengthen our defenses and elevate our capacity to combat cyber intrusions. Furthermore, we should develop the ability to sustain and recover from successful attacks.
Many businesses are now acknowledging that cyber attacks are no longer isolated incidents and can lead to substantial financial losses and damage to their reputation. Consequently, they are investing increasingly significant funds in technology designed to shield themselves. Although this is beneficial, technology alone is not the solution.
Cate Pye, head of cyber security at PA Consulting, explains that the firm places emphasis on "digital trust" because they believe this is essential for organizations to gain the internal and external trust needed to safeguard their data. Neglecting this, Pye warns, could lead to customers abandoning the organization.
Cyber security has traditionally been perceived as primarily a technological challenge, with IT departments at the forefront of safeguarding organizations from the threats that last year cost $2 trillion. However, there is a growing recognition that the human aspect is equally important. Pye stresses that digital trust signifies "a shift in mindset."
Mike Britton, chief information officer at Abnormal Security, emphasizes the significant role of trust and human behavior in managing cyber threats. Since the inception of email, which Britton points out was never intended to be secure, there has been a need to balance usability, productivity, and risk. The increasing trend of using personal devices for work represents a particular challenge that Britton addresses by ensuring that Abnormal employees find it straightforward to work within the company environment but challenging to operate outside it.
An emerging approach in handling this challenge is to integrate scenario planning into the issue, with simulations used to alert executives to the potential hazards and guide them in formulating appropriate responses. Immersive Labs, a U.K.-based firm, is one of the pioneers in this field.
Pye, who has extensive experience in cyber security both in government departments and private enterprises, believes that a combination of robust systems and cyber-savvy individuals is required. She further emphasizes the importance of increased regulations for board members to stay vigilant against cyber risks.
Rather than just focusing on the awareness of cyber threats, the real challenge lies in modifying behavior to minimize risks. For instance, opening an email attachment might inadvertently create a breach. As more and more employees work outside traditional offices, the likelihood of such incidents increases.
By conducting regular exercises, organizations can enhance their preparedness in a manner similar to how fire drills prepare them for traditional emergencies. Additionally, these exercises provide a platform for shared experiences, thereby improving individual readiness. According to Pye, the goal is to develop a level of familiarity so that individuals know what they should do in a crisis situation. The most effective exercises, she says, should include technology and cyber teams responding to a realistic cyber incident while simultaneously escalating critical decisions through management and reaching the board level.
- To mitigate the risks posed by cyber attacks, Richard Horne suggested integrating scenario planning into the defense strategy, using simulations to prepare for potential hazards and devise appropriate responses.
- While businesses invest heavily in technology to protect themselves, Cate Pye emphasized the importance of digital trust, arguing that organizations must prioritize building internal and external trust to effectively safeguard their data.
- Mike Britton, from Abnormal Security, highlighted the crucial role of trust and human behavior in managing cyber threats, advocating for a balance between usability, productivity, and risk, especially in the context of using personal devices for work.