Why it is time to change our approach to cybersecurity
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from Switchshop
It cannot be argued that COVID-19 has changed the way in which we live and work. There have been changes to how healthcare professionals administer care, the way in which students are taught and the way we communicate with our teams. IT professionals had to work quickly, as organisations were given a matter of days to prepare to deal with this paradigm shift and the heightened cyber-risk associated with this unprecedented global event. For cyber attackers, this has served as just another perfect opportunity to identify and exploit vulnerabilities. Whilst cybercrime is not increasing overall, it shifted its focus.
Sadly, the NCSC has reported that COVID-19 is the most frequently used subject of scams claiming to be from governmental bodies, more than any other subject in fact. Phishing scams such as these aim to exploit people’s fear surrounding the virus and their desire to follow guidance from the UK government and NHS. With the sudden increase in people working remotely, ransomware cases have increased by 20% in the first half of this year.
Over this year we have seen attacks on local authorities, with a single instance costing £10.4 million. As well as the threat to public sector, experts also advise that educational and research establishments are at risk of attack. This advice comes just before the attacks we have seen over the last two weeks involving UK Universities.
Fortinet states that with the public sector seeing 42% of organizations having suffered a ransomware incident in the last 12 months, it is imperative that organisations readdress their approach to cybersecurity.
Organisations need to understand that a single cybersecurity solution alone is not infallible
What can we do to mitigate such attacks?
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security. Every component of your defence solution has limitations and vulnerabilities when acting in isolation, however, by applying multiple layers, you create a security posture that is close to impenetrable.
Michael Curry, Director at Switchshop states “we recognise that cybersecurity can’t just sit at the gateway, or on the client, but requires a truly holistic approach, covering all areas of an organisations infrastructure. Layering security components with best of breed technologies ensures that no matter where the attack comes from, you have a line of defence, visibility, and the ability to act. Ultimately, this gives you the best possible chance of repelling or limiting attacks on your network”
Defence in depth is based on the premise that there is no real possibility of achieving completely impenetrable security by implementing any collection of security solutions. Rather, components of a layered security strategy are virtual obstacles that hinder the progress of a threat, slowing and frustrating it until either it ceases to threaten or until actions can be taken to neutralise or mitigate the threat.
Throughout Cyber Security Awareness month, Switchshop will be hosting a series of webinars, to outline its approach to helping customers develop layered security solutions and defence in depth strategies. Our aim is to help the public sector to understand and combat the heightened cyber risk associated with COVID-19, whilst bearing in mind the financial and operational challenges the sector faces.
Join us during Cyber Security Awareness month to learn how the public sector can better defend, detect, mitigate, and recover from sophisticated cyber-attacks without increasing operational complexity.
Register here and get involved in everything cybersecurity including webinars, information sharing and giveaways!
PublicTechnology completes our round-up of the most read and significant stories of 2020
Government considering launching online tool – but not in time for upcoming polls
Venues in Scotland will be able to conduct trials with juries based in cinemas or other offsite locations
County council seeks leader to work with suppliers, staff and elected members
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...
2020 was a cyber security wake up call for many organisations. Attempting to provide secure remote access and device flexibility quickly exposed the flaws in legacy systems and processes. As we...
Mariana Pereira, director of Email Security Products at Darktrace, looks at four new tactics by hackers and how security teams can react to defend against these developments
One Trust breaks down the modular approach of the new SCCs