Cyber attacks to rise as confidence in security wanes

Business leaders are suffering a crisis of confidence around their ability to manage cyber risk as new warnings have been issued over a rise in the level and intensity of attacks.

Broker Marsh has issued a new report which found the toll of almost three years of unrelenting workplace disruption, digital transformation and ransomware attacks means most leaders are no more confident in their ability to manage cyber risk than they were two years ago.

The report, The State of Cyber Resilience, was created in conjunction with software giant Microsoft and questioned over 660 cyber risk decision makers globally and analyses how cyber risk is viewed by various functions and executives in leading organizations, including cybersecurity and IT, risk management and insurance, finance, and executive leadership.

According to the report, leadership confidence in their organisation’s core cyber risk management capabilities, including the ability to understand/assess cyber threats, mitigate/prevent cyber attacks, and manage/respond to cyber attacks, is largely unchanged since 2019, when 19.7% of respondents stated they were highly confident, compared to 19% in 2022.

“Given the continued rise of ransomware and the current tumultuous threat landscape, it is not surprising that many organisations do not feel any more confident in their ability to respond to cyber risks now than they were in 2019,” said Sarah Stephens, head of cyber, international, Marsh.

The report added many organisations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cybersecurity strategies. Only 43% of respondents stated that they have conducted a risk assessment of their vendors or supply chains.

Of those questioned 41% of organisations look beyond cybersecurity and insurance to engage their legal, corporate planning, finance, operations or supply chain management functions in making cyber risk plans.

Tom Reagan, cyber risk practice leader, US & Canada, Marsh, added: “Cyber risks are pervasive across most organisations. Successfully countering cyber threats needs to be an enterprise-wide goal, aimed at building cyber resilience across the firm, rather than singular investments in incident prevention or cyber defence. Greater cross-enterprise communication can help organizations bridge the gaps that currently exist, boost confidence, and better inform overall strategic decision making around cyber threats.”

However Business continuity and disaster recovery company Databarracks have warned the breakdown of international cooperation due to the war in Ukraine has opened the door for cyber gangs and terrorists and it is likely they will take full advantage.

Barnaby Mote, managing director at Databarracks, said: “International cooperation is a necessity for policing ransomware. One of the causes of ransomware’s growth is that some states turned a blind eye to ransomware gangs, as long as they did not target local victims.

“The Ransomware Task Force outlined clearly what needs to be done to address the issue: ‘…exert pressure on nations which are complicit or refuse to take action against domestic ransomware groups’.

“We saw the benefits of this approach with REvil earlier in the year. The group was broken up and several members were arrested in Russia following pressure from the US to take action.

“As relations with Russia are at rock bottom, there are already signs REvil is active again, with some speculating that Russian authorities released those arrested at the start of the year.”

According to Mote, the uncertain outlook means businesses should be prepared for a new surge in ransomware attacks.

He added: “You can’t rely on international diplomacy to keep a lid on ransomware in the best of times, so it’s even less sensible to do so now. If you want to be able to reject a ransomware demand, you need to be prepared to recover your data yourself.

“Protection from ransomware covers all aspects of cyber security from user awareness training and patching through to incident response and recovery.

“Preventing an attack altogether is obviously preferable but it is not guaranteed. Rapid detection and response can significantly limit the damage and minimise the scale of the recovery effort.

“The last line of defence is always to recover from backups. Advanced ransomware attacks now will either target backups directly or will delay detonation to outlast shorter backup retention policies. Protect your backups using immutable storage and physical or logical air-gaps to prevent them from being changed or encrypted.”

According to the report, leadership confidence in their organisation’s core cyber risk management capabilities, including the ability to understand/assess cyber threats, mitigate/prevent cyber attacks, and manage/respond to cyber attacks, is largely unchanged since 2019, when 19.7% of respondents stated they were highly confident, compared to 19% in 2022.

Follow us on twitter: @risksEmerging

Twitter feed is not available at the moment.
SHARE: