As part of our Unlocked programme, sharing expertise across the ECI network, we recently welcomed Lisa Forte, partner at Red Goat, the cyber resilience and defence consultancy. Together with ECI’s Head of Cyber, Ash Patel, and Avantia’s CTO Dan Huddart, we discussed the current threat landscape and what boards can do to best protect themselves.
Lisa shared how cyber-attackers are now professionally run and globally recognised organisations, with processes and reporting to maximise extortion of as many companies as possible. As the attackers professionalise, what are the five biggest cyber threats facing companies?
1. Double extortion ransomware
In recent years, ransomware has emerged as one of the most prominent cyber threats, rapidly evolving from traditional malware attacks to more destructive ‘double extortion ransomware’. In the past, attackers would encrypt data and demand a ransom for the decryption key. Cyber attackers have now adopted a new tactic that amplifies the impact of ransomware attacks. Not only do they demand payment for decryption keys to unlock the encrypted data, but they also engage in data exfiltration, stealing sensitive information from the targeted companies. To add further pressure, these attackers threaten to publicly leak the stolen data unless the ransom is paid promptly.
As a result of this dual-threat strategy, numerous companies have found themselves compelled to give in to the ransom demands to prevent the potential exposure of their confidential data. This approach has proven alarmingly successful, pushing many organisations to pay the ransom as a desperate measure to avoid reputational damage and potential legal consequences.
2. Politically motivated groups & DDoS attacks
The rise of pro-Russian hacking groups has led to a surge in Distributed Denial of Service (DDoS) attacks, which flood servers and network sites to prevent users from accessing them. The aim is to cause downtime for websites, creating potential financial losses and significant disruption to businesses. E-commerce websites are particularly under threat due to the damage these attacks cause, as well as financial organisations and companies who are seen to be in support of Ukraine.
3. Employee targeted attacks
The number of insider threats has been rising as employees are increasingly collaborating with attackers, granting access to networks, and sharing sensitive data. The cost-of-living crisis has made individuals more susceptible to manipulation, contributing to this trend. To mitigate the risk, companies should adopt a principle of least privilege, ensuring that employees only have access to the data that is essential for their roles.
4. LinkedIn targeting
Hackers are increasingly using alternative social engineering techniques, such as building long-term relationships on professional platforms such as LinkedIn to gain access to sensitive information. Some companies, including MI5 & CPNI, have launched the app ‘Think before you link’, which is a series of targeted training sessions on what this looks like on LinkedIn or other similar platforms.
Using generative AI can help attackers streamline their operations and make it more difficult for employees to spot the attack. That being said, this hasn’t yet drastically impacted attacks, as their previous approach was already so effective!
In the face of all these significant threats, what can all boards do to tackle the different issues?
1. Every board should conduct a review of all systems and applications
This means spending time evaluating; what does my business need to survive/run? What are the critical systems that need protecting? The board should consider how the business would be able to operate in the event of an attack, how long it would it take to get back online and where an attack would have the greatest impact. For example, could you do business without emails, and do you therefore have the necessary contact details of key stakeholders in the event of an attack? Cyber accreditations such as ISO27001 or SOC 2 are a key way to front-foot your cyber awareness and preparedness internally.
Dan Huddart, Chief Technology Officer at ECI-backed business Avantia, spoke about how they have developed an ‘always on’ approach. This includes putting processes in place to take immediate action and isolate if any threats are identified.
2. Create a crisis management structure
Developing a comprehensive cyber incident response plan is crucial and should be prepared as if an attack is an inevitability. Pre-building comms statements and establishing clear protocols will help with swiftly and effectively handling the response, as the board will struggle with bandwidth during a crisis.
3. Tabletop exercises
Regular tabletop exercises can help identify weaknesses and improve response capabilities. Establish a structure of Gold (strategic decision maker), Silver (tactical) and Bronze (operational) teams, and make sure everyone knows where they sit in this. This should be re-run annually, or if the risk changes, for example with an acquisition.
4. Staff training
While technical prevention methods are essential, the weakest link in cybersecurity often lies with employees, therefore making it essential to provide adequate training for all staff. Good examples of this can be engaging video series, ideally delivered in the flow of work and tailored to the specific needs of individuals, rather than one-size-fits-all content platforms.
5. Cyber insurance
Cyber insurers can be hugely valuable during an attack; they can offer PR support, additional call-centre resources to help with the influx of enquiries and can assist with negotiating with the ransomware group. However, this can be difficult and costly to obtain and maintain.