Brian Sims
Editor
Brian Sims
Editor
THE BUSINESS Continuity Institute (BCI) has launched its latest Cyber Resilience Report, which is sponsored by Daisy. The detailed and extensive report examines the disruption levels and cyber resilience arrangements across organisations, as well as the reporting and role of senior executives in the development of cyber resilience strategies.
While this year’s report sees 74% of respondents noting an increase in the number of cyber attacks within the past 12 months, it also finds that most organisations registered the impact of those attacks as small-to-medium in terms of scale. As higher numbers of organisations are taking proactive steps to mitigate the impact of cyber incidents, this serves as evidence that it’s resulting in reduced impacts on those organisations.
Demonstrating this, some organisations are using dedicated tools to increase the chance of an early warning and a faster and more effective response. Indeed, when considering their most recent cyber incident, 39.9% of respondents were notified by a security information event management system, while 35.2% received an anti-virus/end detection and response alert. Using these methods means that the attack is often discovered before business impacts are recorded.
However, 14.5% of organisations discovered a cyber attack was taking place as a result of a system outage, which obviously runs the risk of customer impacts and reputational damage, while also forcing the organisation into a more reactive and somewhat slower response.
Method of attack
The traditional methods of phishing and spear phishing remain the most frequent form of cyber attack, with the number of organisations reporting a successful phishing attack rising from 65.7% to 72.4% this year.
Phishing also ranked as the most disruptive method of attack, particularly as the sophistication of such attacks is becoming greater as cyber criminals work to eliminate the tell-tale signs of a phishing e-mail, such as bad grammar and other inconsistencies.
However, it’s also important to note that phishing attacks often work in tandem with another form, where the phishing e-mail effectively works as a vessel for malicious code, such as ransomware. On this note, while ransomware only just makes it into the Top Five most frequent methods of cyber attack, respondents have ranked it as the second most disruptive, in turn showing this threat is not to be taken lightly.
Developing the response
On a positive note, 87% of respondents say their organisation has business continuity arrangements in place to deal with cyber incidents. The business continuity function can be a vital aide in a cyber attack and respondents highlighted that it ensures, first and foremost, a faster recovery followed by also helping to mitigate financial losses.
That said, the BCI’s report also finds that cyber risks can still be siloed within organisations. For example, an IT team may not adequately communicate with the business continuity team about potential cyber risks. Therefore, there needs to be greater collaboration between teams in the face of this threat. This can be developed with support from top management, but also by continuing to train and exercise certain scenarios across teams to develop relationships and an understanding of roles and responsibilities that will be crucial in a live incident.
The requirement of a collaborative effort is shown in other areas of the report. For example, while cyber security teams are the main department responsible for the cyber resilience strategy of an organisation, 43% of respondents find that business continuity plays a significant role in creating cyber resilience.
Further, in order to build this resilience, the report finds that complex threats, such as cyber attacks, require a multifaceted response. As such, respondents have been shown to support technical measures (ie one of the pillars of cyber resilience) with policies and alignment to Best Practice, industry regulations and standards. However, it’s vital these measures are validated in order to test their effectiveness. For this critical part of the process, 64.6% of organisations conduct exercises and 59.0% of them initiate penetration testing.
Forecasting the future
Looking ahead, 74.0% of respondents consider a ransomware attack to be within the top threats to their organisation over the next five years. Most respondents (67.2% of them, in fact) feel that they could respond to a cyber incident within the hour, showing a confidence in the effectiveness of their response and detection times.
Some 40.4% of organisations have suffered financial losses of more than 10,000 Euros as a result of cyber incidents. While the financial impacts of cyber attacks may not seem like an existential threat, it’s also important to consider indirect costs (ie the potential loss of customers) as well as the cost of investments needed to keep the organisation safe from an attack.
Rachael Elliott, head of thought leadership at the BCI, commented: “The results of the survey outlined in this year’s report show an ever-evolving cyber security landscape, and one in which the number of attacks and their ferocity has increased markedly. With the classic attack vectors, attackers are becoming increasingly more intelligent in their approaches. Phishing e-mails no longer contain the spelling errors of yesterday and attacks have the potential to unleash damage to systems quicker than an organisation has time to react.”
Elliott continued: “Even if an organisation has the most advanced technology in place, attackers know that by approaching the weak link to cyber security within an organisation – the people – their attack will have more chance of success. Thankfully, we see training and exercising of staff in cyber awareness on the increase and, with the continued management attention now being paid to cyber security, we firmly believe that organisations are in a good place to stay one step ahead of the attackers.”
Fascinating insights
Steve Burden, head of cyber security solutions at Daisy, noted: “This year’s report has provided some fascinating insights into cyber resilience. The success of cyber resilience relies on the partnership between cyber security and resilience personnel as they work together with a common goal and a shared strategy. However, what’s clear from the findings of the survey is that organisations are not always coming up with the right solutions, resulting in more frequent breaches and rising costs.”
Burden continued: “Attacks are becoming more sophisticated and, sadly, the commonly repeated phrase of it ‘not being a matter of if, but when’ you’re breached has never been more true than it is today. It’s therefore encouraging to see so many organisations adopting an assumed breach mentality and proactively implementing cyber resilience measures to reduce the impact of a cyber incident. We very much hope to see this trend continue throughout 2023.”