May 27, 2022
5 focus areas to prepare for 2022’s smarter cyber attacks
There’s an oddly relaxed stance shared among many organisations toward cyber security. It’s just not seen as a major priority, leaving many of them vulnerable to cyber-attacks.
A quick look into the future
Already New Zealand has seen an increase of 28% in the last quarter of 2021 in phishing attacks, and with the war in Ukraine, hackers will seize the opportunity using new technologies and techniques for carrying out attacks and scams. On top of this, cyber security is changing in the face of hybrid work, and so are attackers and their tools.
In the future, we will see changes in all operating software and hardware development that will focus on better security. In the meantime, we will likely observe larger companies adjusting first - the tools that you currently use will start to move towards an automated approach to enhance what your security or IT teams are doing. Use this insight to keep up with the prevailing threat of cyber security attacks before the issue worsens.
Here are 5 areas to focus on:
1. Your People
Your biggest risk (and defense)
Software is still catching up to seamless functionality vs security synchronicity. While we wait for software designs that incorporate security, your people continue to be your biggest risk and your biggest defense. It all depends on how well your teams know what cyber-attacks look like, and the impacts they can have on your systems. Human error and lack of resources can create pathways for attacks. While a good security system will help keep you safe, it is your people that can make all the difference between success and failure during a breach.
What to do:
- Invest in good training for tools, processes, and awareness for your staff.
- Ensure all staff know what to do during a cyber security incident.
- Have the best filter/alerting tools in place to instantly spot an attack.
2. Hybrid Working Risk Assessments
Are your processes effective?
Have you reviewed your processes since the pandemic hit?
It’s important to acknowledge the new challenges that have arisen out of the hybrid work environment since the pandemic, as workers shifted to remote working. As best practice, your systems and processes should adjust according to new risk factors as they arise with people working on multiple sites. Risks left unresolved can leave your organisation vulnerable to attack.
What to do:
- Conduct a threat assessment – where is your organisation's greatest security risk? Mitigate your biggest risks first.
- Prevent your staff from taking shortcuts - ensure you understand how they are working and what they need to achieve this.
- Conduct a policy and process review – make sure this is practical and realistic for your staff, otherwise, they will continue to ignore it.
3. Artificial Intelligence (AI)
Become allies and perform beyond human capabilities
AI and machine learning (ML) have grown 28% in the past year and is already being used in several security applications. Microsoft’s Cyber-Signals programme has used AI to analyse 24 trillion security signals, 40 nation-state groups and 140 hacker groups. These technologies learn over time, drawing from the past to identify new types of attacks. Users, asset and network profiles are built using these behaviour histories, allowing AI to detect and respond to deviations from established norms.
What to do:
- Specify what level of security your organisation needs - there are systems that specialise in email filtering, threat hunting, detecting bots and bot activity.
- Invest in the right AI system – what do you need to give your teams the most accurate and concise information and help to protect your environment with minimal intervention.
Money is tight; spend wisely
Sticking to a well thought out budget is helpful for all areas of life, but how do you decide how much money to allocate to certain areas? When concluding a budget for cyber security, 10% of your IT budget is considered standard, but for high-risk industries this can go up to 25%.
- High-risk industries include:
So, what should you prioritise?
Let's say you run an eCommerce site. All your business comes in the front door. Testing and protecting this and setting up a BCP (business continuity plan) for when things go wrong should be central to your planning. Luckily you don’t have to figure this out on your own; consult with security professionals to get the best idea of your security needs. Working out where your gaps are is a good place to start – that's why we created our free Essential 8 assessment as a starting point for organisations to work out where they could improve.
What to do:
- Understand your needs as a business - where is the best place to spend your security budget?
- Decide what your biggest issues are and how you want to combat them.
- Confirm what percentage of your IT budget you want to spend on security.
5. Consult & Research
Stay ahead of the game
Attack vectors (pathways for attackers to illegally access your environments) and technology change fast. Hackers use this to their advantage and use the dark web for information exchange to find new vulnerabilities to attack next. They can purchase ransomware at a discounted rate and are willing to reuse tools if it means they can make money.
What to do:
- Do your research.
- Look at trends in offensive tech.
- Consult professionals for the best advice and solutions that are relevant to the current security situation.
Want more in-depth insights into these key focus areas? Check out our webinar led by Pete Bailey, Theta’s Head of Cyber Security.
We will help you assess your risks, implement solutions, and integrate software to give you the best chance of emerging out of this year's new attacks unscathed.
Get in touch for expert advice.