Navigating The Evolving Threat Landscape

When it comes to the threat landscape, cyber criminals are growing in sophistication, and it’s no secret that businesses are battling against increasing cyber-threats. It’s become not a question of ‘if’ an organisation will be attacked, but ‘when’.

It's critical that organisations are able to identify these threats and mitigate against them, without any disruption to business continuity. To do so effectively, the responsibility lies with the CISO to be aware of the nuances within the threat landscape, and changes affecting it.

When assessing this, it becomes clear that prioritising regulation and insurance policies and enforcing operational resilience is key to safeguarding the future.

The Evolving Threat Landscape 

External factors have a significant impact on cybercrime. Uncertainty brought about by geopolitical events, such as the war in Ukraine, create an environment for cybercrime to thrive. Oil, gas and food famine resulting from the war is demonstrating in real time how threat actors will abuse new threat vectors and pull on the strings of a globalised supply chain to cause widespread instability. Similarly, at the beginning of the pandemic, cybercrime soared by 600% as threat actors took advantage of a new vulnerability. 

With geopolitical factors encouraging cybercrime, the costs associated are becoming astronomical. This is causing premiums to skyrocket as insurance companies are struggling to cover the volume and costs of a cyber-attack. Cybercrime is estimated to increase in cost for companies to $10.5 trillion by 2025, which makes it even more important for organisations to have the ability to respond at pace. When it comes to defence against ever-sophisticated cybercrimes, reacting fast is critical to mitigating disruption to business operations and avoiding a serious loss of income. 

In light of this, what should the CISO’s top two priorities be to navigate the evolving threat landscape successfully?

Priority One: Regulation & Insurance 

Regulation sits far behind where we need to be to mitigate risk across all industries. Often, new measures don’t come in until after a world impacting event requires it to do so. The devastating events of 9/11 is a prime example of this, with some companies having one Data Centre in the North Tower and one in the South. Following the event, new regulations mandating data proximity between two sites were introduced, to avoid them being exposed to the same regional risks. This demonstrates why we must be cognisant to the fact that regulation lags behind logical standards to mitigate threats, and why we must educate organisations to advocate action that goes beyond meeting the bare minimum. 

Insurance companies are realising the gap is too big - hence the rise in cyber premiums. Some companies, such as water utility and chip manufacturers, are finding themselves increasingly uninsurable because insurance providers are demanding higher standards, but regulation still sits far behind where it should be. This is a problem because a lot of businesses completely rely on insurance policies to cover recovery costs against these kinds of attacks and some insurers, such as Lloyds London, are even withdrawing their policies altogether because of this. CISOs need to start thinking about how confident they are in their ability to recover and the financial implications they would face from prolonged downtime – which now faces the very real threat of not being covered by insurance.

Priority Two: Operational Resilience 

Resilience needs to become more proactive. Whether it’s geopolitical, cyber, or environmental, businesses need to realise that responsibility for the concentrated risk and operational resilience lies with CISOs, IT Directors and Risk Officers, not with regulators and insurers. Here however lies a critical opportunity to push incremental progress, helping build organisational and industry stability.

It begins with understanding where you are today. Where are the gaps and where do you want to get to? Investing in automating and orchestrating recovery processes, enhancing recovery time and recovery point objectives, while simultaneously mitigating human error in restoring from backups should be a focus in all organisations. Continuous testing and cyber simulation exercises can support this, ensuring you have confidence in your ability to act and recover at pace when the worst happens.

Proactive Action

As the threat landscape continues to expand and the growing volume of attacks are increasing in sophistication, organisations are facing longer downtime and rising recovery costs.

To effectively safeguard for the future, there needs to be a realisation that regulation lags behind where it needs to be for mitigating risk. Insurance policies are shifting that risk and the responsibility is now back into the hands of the CISO. In addition to this, organisations must adopt a culture of becoming operationally resilient to survive the evolving threat landscape, which should be driven by the CISO. 

Tom Goodwin is Business Continuity Specialist at Kyndryl

You Might Also Read: 

Guilty: A Criminal Conviction For One CISO Has Consequence For Others: