As this article shows, ensuring you have the correct tools in place to detect, remediate and proactively protect against cybercrime is essential. The so-called 'slush fund' approach to dealing with ransomware, for example, is no longer acceptable, realistic or practical.
Visibility and true 'actionable intelligence' from security platforms is the only way to deal with advanced threats. I believe this is achieved in three key ways:
1. The Tools - Put the right tools in place and regularly review that they are still 'fit for purpose'
2. The People - Ensure your people are up to date with training on these platforms and that they also understand the impact of threats to how the business operates. They MUST also be cyber aware themselves, particularly in jobs not related to IT. A point that is often overlooked and under appreciated. These are the people most commonly targeted.
3. The Processes - Automate as many of these as possible. Automation does not mean a lack of control, it simply ensures the correct course of action is determined more quickly. If it is a manual process, is it practiced and repeated? Don't make the first time a process is undertaken to be during a breach.
As detailed below, it's interesting to see that we are still seeing that one in three attacks are successful. With the average time to detect a breach still sitting around the 146-day mark, we need to improve on this and the only way to achieve this is to empower security teams to work more efficiently and effectively.
As data becomes crucial to the core business activities being carried out by those companies, cybersecurity has rapidly evolved from an afterthought to the chief risk concern – particularly across the banking and financial services sectors. Those institutions are right to worry. Although banks and financial services providers were able to prevent approx. £705.7m worth of unauthorised fraud over the first half of the year, cybercriminals still managed to steal more than £503m from UK financial institutions through authorised and unauthorised fraud in the first 6 months of 2018 alone. That equates to a success rate of around one-in-three attacks, and speaks for itself in terms of how crucial it is for institutions to invest and deploy adequate cybersecurity processes.