Why it is time to change our approach to cybersecurity
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from Switchshop
It cannot be argued that COVID-19 has changed the way in which we live and work. There have been changes to how healthcare professionals administer care, the way in which students are taught and the way we communicate with our teams. IT professionals had to work quickly, as organisations were given a matter of days to prepare to deal with this paradigm shift and the heightened cyber-risk associated with this unprecedented global event. For cyber attackers, this has served as just another perfect opportunity to identify and exploit vulnerabilities. Whilst cybercrime is not increasing overall, it shifted its focus.
Sadly, the NCSC has reported that COVID-19 is the most frequently used subject of scams claiming to be from governmental bodies, more than any other subject in fact. Phishing scams such as these aim to exploit people’s fear surrounding the virus and their desire to follow guidance from the UK government and NHS. With the sudden increase in people working remotely, ransomware cases have increased by 20% in the first half of this year.
Over this year we have seen attacks on local authorities, with a single instance costing £10.4 million. As well as the threat to public sector, experts also advise that educational and research establishments are at risk of attack. This advice comes just before the attacks we have seen over the last two weeks involving UK Universities.
Fortinet states that with the public sector seeing 42% of organizations having suffered a ransomware incident in the last 12 months, it is imperative that organisations readdress their approach to cybersecurity.
Organisations need to understand that a single cybersecurity solution alone is not infallible
What can we do to mitigate such attacks?
Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security. Every component of your defence solution has limitations and vulnerabilities when acting in isolation, however, by applying multiple layers, you create a security posture that is close to impenetrable.
Michael Curry, Director at Switchshop states “we recognise that cybersecurity can’t just sit at the gateway, or on the client, but requires a truly holistic approach, covering all areas of an organisations infrastructure. Layering security components with best of breed technologies ensures that no matter where the attack comes from, you have a line of defence, visibility, and the ability to act. Ultimately, this gives you the best possible chance of repelling or limiting attacks on your network”
Defence in depth is based on the premise that there is no real possibility of achieving completely impenetrable security by implementing any collection of security solutions. Rather, components of a layered security strategy are virtual obstacles that hinder the progress of a threat, slowing and frustrating it until either it ceases to threaten or until actions can be taken to neutralise or mitigate the threat.
Throughout Cyber Security Awareness month, Switchshop will be hosting a series of webinars, to outline its approach to helping customers develop layered security solutions and defence in depth strategies. Our aim is to help the public sector to understand and combat the heightened cyber risk associated with COVID-19, whilst bearing in mind the financial and operational challenges the sector faces.
Join us during Cyber Security Awareness month to learn how the public sector can better defend, detect, mitigate, and recover from sophisticated cyber-attacks without increasing operational complexity.
Register here and get involved in everything cybersecurity including webinars, information sharing and giveaways!
Home Office chief reveals two thirds of users also need to be trained
Courts service has also equipped its workforce with 11,000 laptops
Dominic Cummings-supported plans for a high-risk science and tech research agency appear to have stalled
Government will set legal requirements for digital identity providers rather than consider national identity cards
Defence Medical Services (DMS) is pursuing ground-breaking digital, data and technology transformation which will revolutionise Tri-Service healthcare provision to over 135,000 Armed...
OneTrust presents the reasons why your organisation should invest in privacy management - and offers three easy tips for getting started
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...
Phishing emails are one of the most pernicious threats facing organisations today. If you’ve been leveraging Microsoft 365 and Azure to keep your users productive whilst working remotely, Six...