Almost nothing remains certain in the world of cyber security, with the exception of one thing – the threats you faced yesterday will not be the threats you face tomorrow.
Maintaining a high level of cyber security resilience requires continual monitoring of the threat landscape and assessment of your organisation’s ability to respond and recover from a potential threat.
So, what is the current ‘lay of the land’? Results from the 2018/2019 BDO and AusCERT Cyber Security Survey highlight that cyber attacks are increasing in sophistication and magnitude of impact across all industries, on a global scale. Here’s what you need to know.
Where are attacks coming from?
One of the most important activities to undertake when establishing a cyber resilient business environment is to understand where the cyber threats are coming from.
The survey results highlight some interesting perceptions from industry, which suggests organisations are underestimating where attacks are coming from. Respondents perceive that cyber criminals will be perpetrating less attacks in 2019, but surprisingly the view is that activists/hacktivists are going to be nearly twice as likely to be sources of cyber security incidents than the previous year.
This suggests that organisations may be underestimating the prevalence of cyber security criminals and insiders, and overestimating the frequency of attacks launched by other actors. This could be symptomatic of a limited understanding of the relevant cyber security threat risk landscape.
This potential misunderstanding of the threat landscape could lead to a situation where organisations invest effort – time, money, resources – in the wrong areas when it comes to protecting themselves from cyber attacks, leaving themselves vulnerable to other more likely sources.
Suppliers and external service providers are a concern
The survey results also highlight that there has been a steady increase over the past three years in cyber attacks against the supply chain and IT service providers. Survey respondents are concerned about this and indicated that they expect attacks on third party hosting providers will double in the next year. The concerning part is that on average, just over 54.8% of organisations have defined security standards and baselines in place for third parties, and only 64.4% conduct regular security risk assessments.
It is important that organisations work closely with their MSPs to assess any potential cyber security threats or vulnerabilities and put appropriate measures in place to address them.
What sectors are most at risk?
Any organisation is susceptible to cyber attack, regardless of its size, location, operational model and sector. Having said that, the nature of the information some organisations have makes them more attractive than others.
Results from our 2018/2019 survey indicate that the education, healthcare, and information, media and telecommunications sectors are those most affected by recent data breaches. These industries possess high volumes of valuable data, making them particularly enticing targets for cyber criminals.
There is no escaping the fact that cyber security threats will remain part of modern business, and the risks associated with this need to be managed into the future.
What organisations can do today though, is be proactive. Take the time to truly understand your cyber threat landscape, assess and rectify your vulnerabilities, put in place an incident response plan (and test it!), and act quickly and coordinated if your organisation is compromised.
Results from the BDO and AusCERT 2018/2019 Cyber Security Survey are a great place to start in determining the current landscape for your industry. If you require further assistance or want to discuss more about how your organisation can improve its cyber resilience, don’t hesitate to get in touch with a BDO Cyber Security expert.