Why continuous cyber security improvement is so important

Data leaks are a common occurrence for organisations, no matter how big or small. Protecting assets is crucial, and with cyber criminals constantly thinking of new ways to extract information, continuous improvement is necessary.

According to Tony Anscombe, chief security evangelist at ESET, the three key reasons why continuous improvement is crucial are:

1. “Cyber criminals continually evolve their tactics and techniques in order to avoid detection and to continue to monetise their efforts. Cyber defenders need to adopt the same dynamic attitude to improving defences, using different technologies and procedures in order to combat threats. This is also important as companies transform either their business model or their existing operations; for example, the shift to cloud technologies requires a different approach by cyber defenders in order to keep the company safe as it transforms.”
2. “Many countries have adopted stringent data protection and privacy regulations. These typically require significant investment into processes, policy and cyber security technology to keep customer data secure from potential breaches. As legislation is implemented and is modified by legislators, then cyber security needs to keep pace in order to comply.”
3. “Business transformation has accelerated in recent years, with many businesses moving the majority of systems to cloud-based services. Companies need to ensure incident response and recovery, a core element of cyber security, plans evolve at the same pace the business evolves. It’s crucial to prepare for an incident. In today’s environment, it is less about ‘if’ and more about ‘when’ an incident may occur, so preparation and continually improving plans is essential for business continuity and reputation.”

Cyber security risks come in various forms, with Mr Anscombe noting that recent years have made it increasingly harder for businesses to adapt to these issues.

“There’s significant growth in the number of reported vulnerabilities and, unfortunately, the number of zero-day threats that cyber criminals take advantage of. In the last 10 years, the CVE database additions each year has increased five-fold,” said Mr Anscombe

“This creates a tidal wave of security patches and updates and the challenge of understanding what devices are in use within the business, especially a challenge for smaller and medium size businesses that may not have the resource and systems in place to track devices.”

Cyber criminals are becoming more adaptive to the systems that businesses put in place, making it harder to mitigate issues.

“The evolution of cyber attacks that do not start with phishing, malware, or other known techniques is a huge challenge. For example, the exploitation of vulnerabilities, zero-day and supply chain attacks provide bad actors with the ability to infiltrate a network often without detection,” Mr Anscombe explained.

“With time and research, they can map the network and understand where sensitive data is stored and the best point to launch a cyber attack, such as ransomware. This adaption to other methods of incursion into the network shows the flexibility of cyber criminals.”

Organisations can ensure their data is as leak-proof as possible by investing in technology and maintaining it.

Mr Anscombe said: “Extending the technologies used in businesses to include technologies such as endpoint detection and response, vulnerability and patch management, and the associated management tools that allow cyber security teams to view and prioritise alerts created by such systems is imperative to keeping one step ahead of cyber criminals and their changing techniques and tactics.”

“Where resources are an issue, outsourcing some or all of the cyber security operation may help; in some instance, outsourcing the day-to-day operations will free up internal teams to focus on the more serious alerts and investigate fully.”

Human error plays an important role in many cyber attacks, said Mr Anscombe. This is why educating and training employees on cyber security is crucial to maintaining a secure workplace.

“There are many statistics demonstrating that cyber attacks often start due to human behaviour, be it social engineering, phishing, or even venturing into deep-fake technologies,” he said.

“The United States Cybersecurity Infrastructure Security Agency attribute 90 per cent of cyber incidents as starting with a phishing attack. Employee training on the core principals of cyber security is incredibly important in order to help mitigate this threat.”

Mr Anscombe added: “It should include continual education on the current and evolving threats; for example, if a region or business category is experiencing specific campaigns conducted by cyber criminals, then short refresher education should be conducted using the current and relevant content. It’s also a good practice to conduct simulation attacks in order to identify any weaknesses or areas that need additional focus.”