Why the Spring Statement Missed the Cyber Resilience Beat

Less than three months into 2022 and we’ve already seen a new wave of cyber-attacks in the headlines. Nvidia, Samsung and Ubisoft all fell victim to massive data grabs by the elusive Lapsus$. There has also been the emergence of “wiper” malware designed to destroy data on infected machines in Ukraine.

Now organisations are being warned by UK defence secretary, Ben Wallace, about the risk of retaliatory cyber-attacks from Russia after a series of economic sanctions were imposed. Sectors that play a vital role in the UK economy like managed IT service providers, utilities companies, banking systems, communications and transportation are particularly at risk. Organisations are being urged to stay alert for new online attacks and raise their cyber-resilience once more.

Accelerating Existing Initiatives

Bolstering online resilience is imperative to operating successfully in today’s cyber economy. In recognition of this, the UK Government is consulting on proposals to introduce legislative changes designed to strengthen cyber resilience among digital service providers and help secure digital supply chains. In parallel, it is examining how to assure consistency across standards and pathways for cyber security professionals.

Yet, the chancellor has ruled out any increase in further defence spending in the spring statement after the £16.5 billion boost that was announced in 2020. Existing Government-led initiatives are a step in the right direction but need to be accelerated to effectively counter the threats facing businesses today.

A Rethink of Defence Tactics

At the same time, the focus cannot just be on protecting big business and critical infrastructure. The latest joint advisory from the National Cyber Security Centre (NCSC-UK) released in collaboration with the US and Australian Governments highlighted a shift from big businesses to mid-market companies. Our research shows that on an average day, mid-market firms receive 716.4 security alerts, making it difficult to stay in control of a rapidly evolving threat landscape. In the UK, these businesses generate an estimated total value of £540 billion a year. So any cyber attack on the mid-market jeopardises not only the businesses concerned, but UK PLC as a whole.

The UK needs a cohesive security strategy that offers tangible support to mid-market companies about the threats it is facing and how to protect against adversaries. This strategy requires greater information sharing between organisations of all sizes and a rethink of what constitutes adequate defence. Basic security hygiene is no longer enough.

To ensure cyber resilience, mid-market organisations should:

  • Have one single view of threat intelligence – threat actors don’t operate within set boundaries so neither should security. Businesses need to monitor potential threats across all digital channels and autonomously respond to multi-channel attacks
  • Keep software and operating systems up to date – security professionals are already battling a growing workload, cloud-based systems ensure updates happen automatically and systems are patched for effective security hygiene
  • Introduce multi-factor authentication (MFA) – don’t leave anything to chance. Bolster passwords with MFA and combine it with behavioural analytics to verify the identity of everyone accessing corporate systems and resources
  • Run regular Security Awareness Training and phishing simulation – No matter how sophisticated your cybersecurity systems are, it still only takes one misguided click to send your sensitive data hurtling into ransomware oblivion. Never underestimate the insider threat. 17% of the mid-market experienced serious attacks in 2021 after employees opened suspicious or malicious emails, with that number rising to 28% for businesses turning over more than £51million.

The good news is that the technology already exists to put enterprise-level cyber protection into the hands of the UK mid-market. To find out more about cyber security readiness of mid-market organisations and what can be done to deliver a step-change in cyber protection, download our report: The UK Mid-market on Code Red.

🍪 This website uses cookies to improve your web experience.