Business Technology

The evolution of cyber threats – and the CEO disconnect

4 min read

22 February 2018

Cyber threats are only going to get worse from here, experts claim. However, bosses seem to currently be investing in the wrong areas.

Cisco’s 11th Annual Cybersecurity Report suggests cyber threats are reaching unprecedented levels of sophistication – and the prize isn’t always ransom, but the obliteration of systems. It has led to over £358,550 worth of financial damages, with 17 per cent of UK companies having received between 250,000 and 500,000 security alerts a day in 2017 alone.

Their impact on companies have likewise increased. Bryan Campbell, senior security researcher at Fujitsu UK & Ireland, explained that the protection of data is now only part of the equation. “The entire operation of a company is on the line,” he said. “Cyber threats can now lead to the paralysis of organisations at a national and international scale, creating havoc, and resulting in a complete shutdown of services.”

The report echoed his sentiments, revealing that supply chain attacks are increasing in velocity and complexity. Attackers are also making use of the gaps between products to infiltrate systems – 25 per cent of the 3,600 experts cited in the report claimed to know companies using up to 20 vendors.

Talk about encryption filled the report’s pages, deeming it a double-edged sword. While meant to enhance security, “it also provides malicious actors with the ability to conceal command-and-control activity, affording them more time to operate and inflict damage.” The use of encryption by hackers in 2018 is allegedly set to increase.

Cisco’s host of experts hailed tools making use of AI and machine learning as game-changers. But while Campbell agrees, he explained that companies shouldn’t just “throw technology at the problem. Upskilling users and making them more cyber aware is vital. Today the number one way of compromising an organisation’s security is a phishing email sent directly to an employee.”

Centrify research, however, believes it’s easier for ever-evolving cyber hackers to infiltrate companies due to a “CEO disconnect.” Having studied 800 senior executives, from CEOs to CFOs in the UK and US, it concluded that the C-suite is confused as to what cyber threats are and how to prevent them.

Some 44 per cent of respondents said malware was the biggest threat, with 24 per cent pointing to default, weak or stolen passwords. Privileged user identity attacks was cited by 29 per cent.

“Of those organisations that experienced at least one significant security breach in the past two years,” Centrify said, “just 11 per cent admit it was due to malware, while almost twice as many put it down to either a privileged user identity attack or the result of stolen or weak passwords.”

Despite these findings, bosses were gearing up for malware investment over the next 12 months, with only 26 per cent planning to place investment priority on, what the report claimed, “cyber threats that currently mattered.”

The company’s EMEA CTO, Barry Scott, chalked it down to “sensational headlines, which bosses see and react to.” It’s led bosses to mistake current and future trends, leaving them unprepared for cyber threats that are only growing in complexity.

“What’s worrying is that they then look to invest money in protecting against malware, when in fact they should be using it to prevent other cyber threats. Business leaders need to rethink their strategy – cyber threats are only going to get worse from here.”