The threat of cyber attacks is the strongest it has ever been for business leaders and public bodies in advanced global economies.
While many organisations make the decision to try to deal with attacks internally, their increased frequency, severity and sophistication mean that more and more are entering the public consciousness.
They point to the growing vulnerability of organisations and the subsequent need for a smarter approach towards cyber risk management.
Hackers, once seen as rogue criminals acting alone, are today well-organised groups that can orchestrate their activity with precision, a trend which skyrocketed after 2018.
Organised hacking has skyrocketed
Before 2017, there were relatively few large-scale attacks and ransomware demands were moderate, around £300.
Following the global impact of the 2017 Petya incidents in Ukraine, hacker groups such as DarkSide came to the fore which allowed users to sign up for an account with ease and take advantage of services such as payment gateways and even media relations support for press coverage.
Greater accessibility to knowledge and intelligence, combined with an ability to mobilise have given rise to methods such as double extortion ransomware where hacking groups steal an organisation’s data and threaten to leak it unless a ransom is paid.
Risk heightened during pandemic
The “digital-first” mentality of almost all organisations, heightened during the pandemic, means that cyber criminals are able to exploit gaps in IT systems and cloud infrastructure in order to access valuable data.
It is no surprise then that during 2020 the number of ransomware incidents went up by 148%. In the last quarter of the year, 70% of all ransomware attacks included the threat to leak exfiltrated data.
In addition to protecting sensitive data, the business challenges fuelled by the pandemic included securing connections for remote working and educating employees on good cyber hygiene, such as how to avoid email phishing scams.
Eighteen months on, these objectives continue to require constant, proactive effort as part of effective risk management, especially with the expansion of remote workforces.
Furthermore, if the pandemic has taught us anything, it is how fragile supply chains can be without appropriate safeguards.
Modern supply chains are incredibly complex and it is difficult to determine their overall level of cyber resilience; all the more reason for greater vigilance when it comes to an organisation’s internal programs and processes.
Insurance no panacea
Cyber insurance, while being a vital piece of the puzzle when it comes to ensuring comprehensive protection, is not a panacea.
The cyber insurance market continues to go through significant transitions. The pace of innovation is such that opportunities for new business efficiencies are unbounded.
However, with these opportunities come novel exposures which summon insurers to review their capacity and limits, more recently around ransomware.
Organisations must work with their brokers to fully understand the insurability of their exposures or risk being left with vulnerabilities that bear the potential to disrupt the whole value chain if exploited.
Mitigate risk
There are a number of steps organisations can take to mitigate the risk of attack and enable more competitive terms with insurers.
Certain security controls are starting to be requirements for cyber insurance coverage, namely multi-factor authentication.
First and foremost, however, organisations should review their backup strategy.
This includes examining what is backed up, where it’s hosted, how often backups occur, and who is responsible for execution of the backup strategy.
Organisations should also look to systematically upgrade remote desktop protocols, establish a cyber incident response plan and ensure that employees are being provided with up-to-date information on how to stay safe when connected to any enterprise system.
Next big threat – deepfakes
As modern technology continues to shock and awe with its evolution, the next big cyber threat may be something as pernicious as deepfakes.
A deepfake is a sophisticated digital forgery of an image, sound, or video.
The forgery may be so good that a human is unlikely to detect the manipulation.
The goal is to mislead and deceive, making it appear as though a person has said or done something when that is not the case.
This can cause serious material damage to organisations.
Hackers are aware that reputation is far tougher to regain than loss of capital and as access to such technology widens, the use of deepfakes to bring down an organisation has the potential to snowball.
Despite the resources organisations are committing to cyber risk and a strengthening national cyber security ecosystem in Scotland, gaps remain in understanding preparedness in this current climate of uncertainty.
With the pervasive and accelerating nature of attacks, in whichever form they manifest, organisations across Scotland run afoul of building resilience if they do not take the necessary precautions to defend their assets.
Kevin Hancock is regional director, Highlands and Islands, for Marsh Commercial.