Market Insights: cyber security with Matt Knell, Sophos – part one
In the first part of our new Market Insights series, we sit down with Sophos’ Strategic Channel Team Senior Sales Manager, Matt Knell to explore the latest trends and topics impacting the world of cyber security.
What general market trends are you seeing currently in cyber security?
There are so many things happening and changing in the world of cyber security right now, but for the last couple of years, the prevalence of ransomware attacks continues to be a huge challenge for organisations of all sizes and in every sector. In the Sophos’ report, ‘The state of ransomware 2021’ the average cost of a ransomware breach is £1.5 million (double what it was in 2020), while the average ransomware payment is £150k, making the vast majority of cost downtime, resources, device cost, network cost, and lost opportunity.
Why are ransomware attacks so prevalent?
The reason ransomware attacks are still so prevalent is down to the success of them. Cyber criminals are highly organised and take a sophisticated approach, combining automation and human-led hacking. This makes it harder for already overstretched IT teams to keep pace.
Maintaining IT security hygiene can be a huge challenge without the right resources in place, leaving many security holes for cyber criminals to exploit. In fact, when you look at the list of some of the common security issues IT teams face, you can see why the attacks are so successful. For example, at any one-time IT teams need to:
- Keep on top of unpatched systems
- Maintain, implement, and manage back-up and disaster recovery plans
- Carry out timely updates and patches to operating systems and applications
- Deliver user security training
- Manage conflicting priorities (security vs usability)
- Manage incident response plans and testing
There’s also often a lack of a layered security strategy, leaving IT teams to manage multiple solutions that don’t communicate with one another and aren’t automated.
Compounding all of this, the speed of change to our working environments has also have a massive impact. Security can often be an after-thought to the changes, and again cyber criminals are taking advantage of this with some very high-profile supply chain attacks. Often small businesses feel they are too small to be targeted, but everyone is a target and more and more we’re seeing them going after the most vulnerable sectors.
How should cyber security strategies adapt to keep up with evolving risks?
For a long time, the focus has been on just having protection in place, but this approach needs to change because cyber security needs 24/7 monitoring. Cyber criminals are smart, and they know when to hit for maximum impact. For example, often they will plan an attack for when IT teams are stretched, resulting in many attacks happen at weekends and during the holidays when it’s less likely they’ll be caught, and it takes longer to remediate.
Both the financial and reputational cost of a breach is huge. Every day we see the impact that cyber attacks have, but often organisations only invest in stronger cyber security solutions and processes once a breach has happened. We recommend investing in a strong, proactive security strategy, alongside a managed threat response service for the best protection against attacks.
What is the importance of proactively hunting threats rather than mitigating them once they’ve happened?
Due to the cost, stress, downtime, lost revenue, and loss of reputation and trust, a breach can be devastating, so it’s important to be proactive in your approach to cyber security by investing in the skills and tools to mitigate a breach. Unfortunately, for a lot of organisations we work with, following a breach is when reality hits around capabilities. This is something that hasn’t been made any easier by the Covid-19 pandemic and with many well-publicised supply chain attacks, a more pro-active approach is simply crucial. In fact, over the past 18 months, the Sophos Rapid Response team has been called in to investigate and remediate hundreds of cases, and ransomware was involved in 79% of those incidents.
The key to stopping ransomware is defence-in-depth that combines dedicated anti-ransomware technology and human-led threat hunting technology to provide the scale and automation an organisation needs to detect threats. Human experts are best able to detect the tell-tale tactics, techniques, and procedures that indicate an attacker is attempting to get into the environment, so if organisations don’t have the skills in-house, we highly recommend they enlist support from cyber security specialists.
Is your organisation prepared for an attack?
Chat to our governance, risk, and compliance team about your cyber security approach to find out if your organisation is properly prepared to remediate a cyber security breach. Book your free, one-to-one consultation below.