2 minute read
what does the threat landscape look like for businesses?
Whilst we need to move on from, and stop talking about the pandemic, it did release a cacophony of challenges that business leaders are still grappling with today. One of which was an increase in cyber security threats as more people worked from home.
Leaders will remember the rush to buy laptops and equipment from PC World as employees were mandated to work from home. The point being, it meant the threat landscape altered as IT teams had less control over what employees were clicking on and responding to.
Chris Lennon is a cyber security commentator and the Director - Sales and Development, at Specialist Risk Group
Looking back, he says: “Many firms just didn’t have the IT capabilities but have broadly now responded to agile working. As you would expect, threat actors tried to exploit this flux. However, there weren’t new types of attacks but there was an increase in the frequency of phishing and smishing attacks, which are text messages saying your delivery hasn’t arrived and you need to click a link, for example.
“The vogue now for these types of threats is around energy pricing and in a moment of weakness, you can see how somebody would click on the link.”
WHAT SHOULD BUSINESSES BE AWARE OF?
Lennon says that no sector or business is immune from an attack and critical infrastructure is a key target for cyber criminals, although every business from every walk of life could be attacked.
“It’s not only a technology issue and you can’t just throw hardware at the problem because it is a people issue. You can spend all the money in the world on the best technology but if the people aren’t trained or if the tech is inflexible, this is where you will get issues,” he explains.
Knowing that the problem exists, many businesses just don’t seem to be gripping it sufficiently.
Paul Bentham, who is Chief Product Officer at Immersive Labs, says that the issue of cyber resilience is still not where it should be – at board and leadership level.
He says: “I agree that the solution to the problem is people, but it is still not sufficient at board level for too many businesses, and it needs to be. The connectivity of the world and business also means that many companies carry supply chain risks. Threat actors can get to what they want not by attacking the government or the big businesses but by compromising a smaller supplier that has the crown jewels of their personnel database.
“The message for small and scaling businesses is this. If you do business with big contractors, you must take cyber security seriously.”
Ryan Pullen, who is Head of Cyber Security at Stripe OLT, says another risk for businesses is employees.
He explains: “People are now selling access to the company they work for to threat actors. It might be a disgruntled employee, for example, and there is no real silver bullet way of detecting that. They might not be getting a pay rise internally and a threat actor will say to them that I will give you £100k if you leave your laptop open when you finish work.”
From The Nhs To The Business World
To help our readers get a deeper understanding of the current threat landscape around cyber security, Business Leader was also privileged to talk to Deryck Mitchelson, a self-proclaimed ‘veteran cyber warrior’ that previously worked as Chief Information Security Officer at the NHS
Easily track and evidence your training using eLearning Solutions at vwvplus.co.uk
