Dealing With Security Incidents In The Enterprise Sector 

Cyberattacks are an ongoing challenge for organisations of all sizes across the world with ransomware a particular growing threat.  According to a recent research, ransomware payments totalling almost $450 million were paid in the first six months of 2023, against a complete year total of $500 million in 2022.

Regular stories emerge about high-profile companies impacted. Earlier this year, Royal Mail suffered a ransomware attack when the LockBit group hacked its software, whilst Barts Health NHS Trust was targeted in the summer. 

Ransomware, phishing, or another malware attack, and user account compromise are the most common attack vectors, according to recent Netwrix research which shows that 68 percent of respondents experienced at least one security incident within the last 12 months.

However, the research reveals that the threat landscape for the enterprise sector (organisations with over 1,000 employees) differs from that faced by their smaller counterparts. In particular, large organisations experience greater financial impact from security incidents and suffer more malware attacks. Enterprise IT and security leaders should keep this in mind when conducting risk assessments, forecasting the business impact of attacks, and prioritising their mitigation strategies.

Security Incidents In The Enterprise Sector 

According to the findings for the enterprise sector, 65 percent of enterprises suffered at least one cyberattack within the last 12 months. These attacks targeted enterprises’ on-premises environments more than the cloud. For example, 84 percent experienced phishing on premises and only 64 percent spotted it in the cloud. 

What’s more, the enterprise sector spotted more security incidents than organisations overall. The starkest difference was for ransomware and other malware attacks: 48 percent of enterprises experienced this type of security incident on premises compared to 37 percent among organisations of all sizes. 

This statistic is not surprising. Ransomware operators want to maximise their profits, so they consider which organisations are most likely to pay a ransom to reduce business downtime — and the larger an organisation is, the costlier an operational disruption will be. 

Mitigating The Risk Of Ransomware & Other Malware Attacks 

Addressing the threat of being attacked with ransomware starts with informing internal staff about the issue and providing up-to-date cybersecurity training. Ensuring that all staff understand and follow basic cyber hygiene practices helps prevent malware infections by reducing the risk of users falling victim to phishing campaigns. 

The second step is reducing the organisation’s attack surface by taking control over access rights. One key reason that on-prem environments are more vulnerable to malware attacks than SaaS systems is on-premises privilege sprawl — users often have administrative rights on their computers, there are large numbers of highly privileged accounts, and so on. These excessive rights enable ransomware to spread quickly from an initial compromised endpoint across the entire IT ecosystem. 

With this in mind, enterprises should strictly limit each user’s privileges. For business users, this means enforcing the least privilege principle with comprehensive identity access management (IAM).

For effective implementation, look for solutions that provide automated approval workflows that empower users to request the access rights they need and enable business owners to approve or deny those requests, as well as to regularly review and validate access rights to the data and applications they are responsible for.

The best way to rein in privileged access is to implement effective privileged access management (PAM), ideally through a zero-standing privilege (ZSP) approach. ZSP involves eliminating as many risky standing privileged accounts as possible. Instead, users are granted elevated privileges only when they are required, for only as long as required. 

Third, be prepared for attacks that might get through your defenses with a thorough incident response plan (IRP) that is regularly reviewed and tested. An ideal IRP should include automated controls that can instantly disable compromised user access to sensitive data and terminate suspicious behaviour. This approach can stop an unfolding attack before the organisation suffers a costly data breach.

Cyber Insurance For The Enterprise Sector 

28 percent of enterprises estimate the financial damage from cyberattacks to be $50,000 or more. This is in stark comparison to only 16 percent of organisations overall. To mitigate this financial risk, 58 percent of enterprises already have a cyber insurance policy or plan to purchase one within the next 12 months. 

The process of qualifying for cyber insurance can be quite tricky. The research reveals that 50 percent of organisations with cyber insurance implemented additional security measures either to meet the requirements of the policy they selected or to simply be eligible for a policy at all. An insurance company’s audit of an enterprise’s security posture can provide the IT team with valuable insights that will help them eliminate security gaps. 

An insurance payout can defray the financial impact or even prevent bankruptcy of the organisation — but no policy can restore data or operations.

Enterprises realise this; data security was named the top IT priority for 2023, chosen by 68 percent of respondents.

Dirk Schrader is VP of security research at Netwrix                             Image; Geralt

You Might Aso Read: 

PAM, IAM, Or Both?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The Slots Fall Silent
The US Space Force Needs Help »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

Invest Ottawa

Invest Ottawa

The IO Accelerator Program is designed to rapidly and systematically accelerate the development and commercial success of high growth technology firms.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

Aspire Technology Solutions

Aspire Technology Solutions

Aspire is an award-winning IT Managed Service and Cyber Security Provider. We specialise in cyber security, cloud, connectivity, managed services, unified communications and IT support.