We are hosting a webinar on April 7, 2022. If you missed it, you can watch it at the bottom of this page.
Why are we hosting an iomart security webinar?
We know that securing your business is a top priority for many of you, and we also know that it can be a minefield of complicated jargon, countless tech fixes, and often quite expensive stuff. So, to try and help overcome some of the chaos, we thought we’d host a little chat with our experts to help you separate the wheat from the chaff.
Because right now? Well, you have us there. As it happens, we recently launched a top of the range security Service in association with the best threat hunters in the business: e2e-assure. We have two decades of experience in building safe environments. e2e-assure employs the UK’s highest certified security experts to hunt down and detect threats. And we have the infrastructure expertise to proactively respond and eliminate risk. Not bad, huh?
Anyway, enough of that, we want to be a source of useful information that you can take back to your business (regardless of whether you have a solution with us or not).
Therefore, we have been busy talking to different companies about their security situation. And we find that:
Security moves so fast and you find it a never-ending battle to stay on top of things
You worry that while you’re trying to focus on running the business, something might have been overlooked and a threat might have crept in.
Out-of-the-box solutions aren’t as secure as you need them to be and that’s where you can get stuck.
What we did with everything we heard
We started thinking about how we could provide useful information to help solve some of these challenges.
Something that was super clear: knowing what to prioritize and where to invest was not, well, super clear. Much of the concern centered around the uncertainty that “everything was covered” and the feeling that “threats move faster than business can keep up.” So we thought the best thing to do was to create an opportunity for a discussion. A chance to chat with experts on the front lines of security 24/7 and ask questions
The answer? Webinar time with threat hunters
We pulled some strings and spent some time with two of our security product experts, Messrs. Andy Sinclair and Stuart Avery.
Interesting things we learned on the day.
We did some anonymous surveys. And found that 50% of attendees were unsure, or lacked confidence, about how well their business would respond if it fell victim to an attack.
The good news (yes, there is some good news) is that 36% of attendees felt their business would “do pretty well” in response to a violation. This is encouraging news and underlines the focus that security now receives. And the priority status that is earned in the boardroom.
How do you think your company would respond to a breach if it happened tomorrow?
These results are not very surprising given the uncertainty about how best to protect your business. but we also know global cyber intrusion increased by 125% in the first half of 2021. And that 39% of UK businesses have identified a cyber attack in both 2021 and 2022. So getting our house in order has never been more important.
But don’t take our (or the ONS’s) word for it… We asked our attendees what their own experiences had been in the past year.
What type(s) of cyber security incident have you dealt with in the last 12 months?
We also asked about the specific challenges companies face when it comes to implementing security measures. These results are interesting. While I think we can all now agree that security has become a boardroom focus, 25% of respondents felt that one of their biggest challenges was the inability to allocate enough budget to address the issue.
When it comes to cyber security, what are the main challenges facing your company?
This could be a sign that some business owners are not yet willing to invest as needed, or it could be an indication of the broader expense of trying to cover everything. The last point seems to be more on the money (so to speak) when considered in the context of other answers:
42% struggling to keep up with “new/changing threats”
25% are not sure “where to prioritize spending”
8% unable to recruit or retain “skills we need internally.”
As some of our previous interviews have shown, the breadth of the threat landscape and its ever-changing shape means allocating a budget is a huge challenge.
So we asked the experts: how do you know what to focus on to get board buy-in?
Start with smaller, well-defined projects to reduce risk. And be sure to clearly articulate the benefits of these projects. Build your business case, including risk impact cost and project mitigation cost. Set timescales for when the board sees the benefit. And engage positively with them. Be sure to follow up as you begin to see benefits. Therefore, the board is more likely to entrust you with investments in the future. Use the content and advice of a third party expert in the field, as it will lend some weight to your business case.
Also, understand that every network is different, but every network has vulnerabilities and access points. Therefore, you will need to understand what those vulnerabilities are and assess the risk they pose to your business. Think about how close they are to their critical function.
For example, administrators of a critical function may be using desktop assets to access a critical function. Therefore, securing that desktop is critical. And monitoring activity on that desktop or by that user is just as critical. So you may want to start there. But take comfort in knowing that it will be different for every business, so if your approach is different from someone else’s, that doesn’t necessarily mean you’re doing it wrong.
When was the last time you practiced your cybersecurity incident response?
Another topic we covered during the webinar was simulating a cyber attack and practicing your response. A staggering 92% (not a word I use often, but seems appropriate) said they had never tried their answer or didn’t know when they last tried it. That’s a vast majority, but does it matter?
Once again, we asked the experts…
How often should I test our cybersecurity response? And how is a good test?
A good test should be done by an outside expert to make sure it’s done correctly (of course we’d say that, but we’re not saying it has to be us!). It should include risk owners, system owners, resolution groups, and security vendors (where possible). And it would also be good to involve the board members.
The test should be based on scenarios that are relevant to your organization. And the lessons must be absolutely accurately recorded. There should be no negativity when it comes to gaps and vulnerabilities you expose. Instead, the company must see these as opportunities to mitigate and strengthen. Realistically, most organizations don’t have the bandwidth to run these tests on a monthly (or sometimes even quarterly) basis. But you must test at least semi-annually without board involvement. And of course, annually with board participation.
This is interesting, but I need some more details.
Despite our best efforts, there really isn’t much we can cover in a fully attended webinar. But, if you are curious to ask a few more questions and would like to speak with one of the threat hunting team members, write U.S and we will ask them to get in touch.
Stay tuned for more webinars
We are very pleased with the turnout, along with the great questions we received that day. So we’re looking forward to running more of these in the coming months.
Keep an eye out for more webinars from iomart, or better yet, tell us what you would like us to cover next. See you soon.