The cyberthreat landscape is rapidly evolving, and organisations can often struggle to keep up with the more sophisticated attacks that are levelled at them every day. Yet, business leaders are still failing to understand the importance of keeping systems secure.
In a recent roundtable hosted by data insights and organisational resilience firm Splunk, cybersecurity experts from different industries discussed how, despite constantly moving threats, some things never change – such as the motivation behind attacks.
“Their motivation - financial gain - is always there, and they’re prepared to keep at it,” says Simon Viney, cybersecurity financial services sector lead at BAE Systems Digital Intelligence. “New groups will spring up and there will be some successes from law enforcement […] But that motivation isn’t going away.”
Another constant is that, no matter how advanced threats become, the targets are still similar – from compromised emails to that weak link in your supply chain. According to Mark Woods, chief technical advisor for EMEA at Splunk, “some things will just be accelerated”. He says: “If you look at the common compromises, it’s still most likely your business email or some low-level system being compromised, or someone being extorted, or the supply chain has messed up.”
Of course, there’s a lot that organisations can do to tighten up security internally and with their direct suppliers and vendors, “but the second and third-line supply chain is vitally important too”, says Rigo Van den Broeck, executive vice president in cybersecurity and innovation at Mastercard.
“Fixing that has been an increasingly important topic, both from a security perspective, but also from a compliance and regulatory perspective, because there are a lot of regulations, especially in Europe, around this in the financial industry,” adds Van den Broeck.
It is not just the private sector facing these indirect threats however. Many public institutions are also at heightened risk of cyber-attacks, with criminals often targeting - or operating from within - businesses further down the supply chain - in what might be called an organisation’s ‘soft underbelly’.
Dealing with threats
Perhaps surprisingly, recent research published by Splunk found that many people believe keeping businesses cyber-secure is actually becoming easier, with 4-in-10 security leaders saying cybersecurity is much or somewhat easier in 2024 than it was in the year before.
On the one hand this may reflect better technology and respondents finding it easier to identify and neutralise threats. However, on the other it’s a finding that may be cause for concern, suggestive of a possible lack of understanding of threats and the levels of disruption that can be sewn across a business.
“One big issue facing organisations today is that the threat landscape continues to evolve, and technology is now so complex, it can feel impossible to find a solution that’s able to deal with all of these disparate problems. This can result in companies not knowing what to do, and lead to decision paralysis in the boardroom,” according to Viney.
“The challenge is you pick any [provider], even with integrations, then 18 months go by, and you need to keep on top of the constant pace of change, and redo your approach all the time. Even in large organisations, doing that effectively is a real challenge,” he says.
“I’ll admit it’s surprising to see a suggestion that cybersecurity is trending easier over time,” adds Woods. “However, it’s key to understand that it’s security leaders who say they’re starting to find security easier. This group is most likely to have good foundations and a consolidated system in place - a company’s cyber posture will clearly benefit from this.”
Convincing the board
Business leaders tend to want a quick fix that will magically protect the entire organisation – one that doesn’t require thinking about. But cybersecurity is something that you need to continuously iterate on, says Woods. “So, you’ve got a two-year transformation programme to make you more cyber-resilient? Great. What happens after that? Well, the central budget suddenly disappears.”
Leaders may want to shut their eyes to an increasingly complex environment, but boards ought to be given a sense of agency in protecting their organisation – and encourage this across the business. In effect, this means the chief people officer should have as much to do with cybersecurity as the chief financial officer does.
One suggestion from the roundtable was to give the board more practical solutions to help them understand the importance of cybersecurity. This may require fostering a sense of what they can do – such as increasing employee engagement so that people feel a stake in the business that they’re protecting.
Encouraging this level of engagement is key to keep the whole business aware of potential threats.
The AI threat
When it comes to artificial intelligence, there’s a fear that generative AI tools are helping attackers stay ahead of the curve, leaving organisations scrambling to keep up. Some may feel that AI tips the scales in favour of the attacker over the defender – though some would speculate that AI has not yet been fully utilised to defend systems, or assist with governance or regulatory burdens.
One thing that would help the fight against cybercriminals using AI is greater collaboration between companies, according to Van den Broeck. Without the open sharing of data, cybersecurity is limited to systems based on what comes in and out an organisation, rather than wider sets of data that can be used to create predictive defence models run by machine-learning.
“Co-operation between industries, between companies, both public and private focused, is so crucial,” concludes Van den Broeck. “Because, if we don’t share data on the defence side, we cannot build AI-based systems to do the defence for us.”
Find out how to help secure your business from cyber attacks with Splunk