4 of the biggest cyber security risks we face in the UK today
From cloud account compromise to supply chain risk, we ask security leaders in private and governmental roles about the biggest threats facing our businesses today.
Cyber security is one of the biggest concerns of the moment, but what are the biggest risks we currently face in the UK?
In order to answer this question, we spoke to our network of security leaders in private and governmental roles and analysed some of the biggest surveys of chief information security officers (CISOs) out in the market, from the likes of Proofpoint (a leading cyber security provider with a people-centric approach), Forgepoint Capital (investors in cybersecurity companies) and Dark Reading (a specialist cybersecurity media organisation).
Here’s our view on the top four biggest cyber security threats which continue to face CISOs in 2022.
1. The insider threat
Intentional or unintentional, these are the risks posed by all of us at work. Whether it be opening a malicious file in our work email from a sender we think is legitimate, or engaging with someone who is using social engineering to steal our remote access credentials while working from home. It’s specific awareness training that can help us better understand good cyber hygiene and identify attacks against us before they are successful.
On the other end of the spectrum is the intentional, or malicious insider threat. In 2017, an employee at healthcare giant Bupa stole the data of thousands of customers and offered it up for sale on the dark web. Protecting our company and customer data from these threats means putting in place the right access controls, ensuring we always verify and reverify our users, and to maximise protection, implementing scalable artificial intelligence solutions which flag risky behaviour before it becomes an issue.
2. Cloud account compromise
With digital transformation a priority for companies globally, IT architectures are shifting to cloud-based and hybrid-cloud solutions, taking advantage of the scalability that companies like Amazon Web Services, Microsoft Azure and Google Cloud have to offer. The problem is, with data and operations being accessible directly from the cloud, gaining access to a cloud account can open the door to an entire company’s infrastructure, wherever you may be in the world.
When using cloud infrastructure, although you might outsource your computing power to one of the big providers, it is still tied back to hardware in a data centre. We’re heavily reliant on those cloud providers to protect us from other users of the same infrastructure. Our cohabitants could in fact be malicious, hijacking and harvesting information from within the wall.
We need to know what our most sensitive information is, the right protections for it, and not fully outsource responsibility for cloud security to the big brand names.
3. Supply chain attack
As our protections become better, threat actors look for more complex and convoluted ways to access our systems and data and set their sights on software vendors, outsourcing providers and partners. Why should they attack 100 organisations individually when you can take them all down by attacking a single software product they use?
We need strong working relationships with our suppliers and a mutual understanding of the protections in place. When building software, CISOs are looking to take more control of this by ensuring security is considered throughout the development lifecycle (this is called ‘DevSecOps’). With the widespread use of Open Source tools, bad actors are looking to sneak vulnerabilities into the online libraries used by software developers, in order to take advantage of them at a later stage.
4. Incident response capabilities
Cyber security teams are under great pressure, with not enough talent to fill the roles that security operation centres (SOCs) across our businesses need to effectively operate. The only way these small teams can continue to protect us in the face of phishing, malware, distributed denial of service attacks and many more, is by gravitating towards the use of automated tools. At the same time, CISOs are looking to lean up by consolidating and simplifying the myriad of tools they have, and even outsourcing all or part of their SOC function.
All of these factors add risk and pressure that CISOs feel under to be able to effectively mitigate risk, but also quickly and effectively respond to any incidents which do arise.
Originally published in the Evening Standard