The UK’s prominence as a world-leading digital economy has acted as a lure to cybercriminals, with the latest government report into cyber breaches underlining the threat of cybercrime to the country. As reported by the Public Accounts Committee, the last 12 months have seen a number of high-profile cyberattacks resulting from a range of complex and impactful vulnerabilities.
The report also uncovered an interesting dichotomy; while there is a wider awareness of the risk posed by cyberattacks to businesses, organisations aren’t always aware of the existing vulnerabilities housed within their own ecosystems. So, what is causing this?
Evolving threat to businesses
The global volume of cyber-attacks rose 63 per cent last year according to some estimates. A large proportion of the high-profile attacks can be attributed to organisations who haven’t shored up their defences across all parts of their ecosystems. This was unfortunately illustrated by the WannaCry breach and – more recently – the BlueKeep vulnerability. These ‘wormable’ flaws essentially need only one in-point into an organisation’s unprotected device before being able to travel between one vulnerable computer and the next.
Keeping an eye out for these vulnerabilities can be easier said than done. In companies with thousands of connected devices, you can easily lose track of the total visibility of your entire network. Our latest study discovered that a lack of visibility across endpoints – laptops, servers, virtual machines, containers, or cloud infrastructure – is preventing organisations from making confident decisions, operating efficiently, and remaining resilient against disruptions.
Almost a third (32 per cent) of CIOs and CISOs surveyed said that departments and business leaders work in silos, leaving them with a lack of visibility and control over IT operations. And this has directly affected the business, with the majority (80 per cent) of CIOs and CISOs having found out that a critical update or patch they thought had been deployed had not actually updated all devices, leaving the business exposed as a result.
CIOs and CISOs often battle to balance two core business requirements: system uptime and effective security. However, many CIOs and CISOs just don’t see the traceability between systems with vulnerabilities and the methods attacks take to cause business impact.
Whilst having the right security infrastructure in place is critical, businesses should first ensure they have complete visibility across their endpoints. True visibility across your business’ entire technology landscape ensures that access points can be identified and security patches and updates can be made.
Getting your priorities right
I’ve spoken with many IT professionals during my time as a CISO and many of these leaders recognise the importance of implementing a strong IT security and operational strategy to minimise the impact of threats and technology-based disruption. However, many of these leaders experience challenges internally that cause them to make trade-offs in how well they are able to protect their network.
According to our research, 95 per cent of CIOs and CISOs in the UK have said they make compromises in how they protect the business. In fact, around 84 per cent of UK CIOs and CISOs said that they have refrained from adopting an important security update or patch due to concerns about the impact it might have on day-to-day business.
When asked about the key reasons for making these compromises, a third of those surveyed (33 per cent) cited pressure to keep the lights on, with almost a third (31 per cent) suggesting that a focus on implementing new systems takes precedence over protecting existing business assets. Otherwise, over a quarter (26 per cent) cited that being hamstrung by legacy IT commitments restricted their security efforts, and 23 per cent stressed that internal politics was the key driver.
Business-wide visibility and control is key
When you consider that a cyber lead at the City of London Police stated that cybercrime could cause the “most significant harm in the UK”, organisations must ensure that IT security and operations are in place - from protecting against sophisticated attacks to ensuring basic IT hygiene processes to protect against future threats and disruption.
This report from the PAC starkly highlights what I’ve seen all too often in my own role - namely, that company-wide visibility and control of endpoints is the only way to truly stop cyber attackers firmly in their tracks and ensure resilience against business disruption. Without organisational-wide visibility of endpoint and infrastructure data in real-time, IT and security leaders will struggle to both keep complex systems running smoothly and appropriately assess cyber risk.
To protect against future threats and disruption, here are five steps organisations can take now:
- Assess your organisational obstacles: Are your security and IT operations teams working in tandem from a single, actionable data set? If not, where are the areas of friction and how can these be addressed?
- Know your environment: If you are asked how many total endpoints — patched or otherwise — are on your network, can you answer accurately? Will your answer be based on the current state of your dynamic environment, or on information you gathered a week ago?
- Eliminate fragmentation: The fragmentation of point solutions within IT security and operations teams has fundamentally broken many organisations, created by the implementation of a wide range of tools that are impossible to integrate. Make your business more secure by unifying endpoint security functions to reduce the likelihood of a breach and enable rapid response to halt attacks quickly.
- Declutter your infrastructure: One of the most cited issues throughout the WannaCry incident was the challenge of updating operating systems in an environment laden with legacy apps. If a business is running a critical application which requires keeping an outdated operating system on life support, it’s time to rethink.
- Educate your employees: By various estimates, up to 83 per cent of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Investing in ongoing training for employees to protect against phishing attacks should be your first line of defence.
Chris Hodson, EMEA CISO, Tanium