The Cat-and-Mouse Game of Cyber Security

Gone are the days when cyber threats were sporadic and easy to contain: every 11 Seconds a business falls victim to a ransomware attack. 

When Not If

It’s no longer a case of if, but when your organisation will be hit by cybercrime. With a 48% increase in cyber attacks globally last year alone, it’s no wonder that firms are investing more than ever in cyber security technologies, increasing their YoY spend by 11%. We know IT and security leaders are trying to do the right thing - pouring time, money and energy into trying to protect their organisations. So why are threats still slipping through the gaps? 

According to Forrester, despite increased spend on defences, nearly 70% of organisations have been breached by cyber-attacks at least once in the past year. Businesses are clearly getting a negative return on that investment.

The unpleasant truth is that cyber risk is accelerating at a higher rate than investment. The sheer scale and pace of development have turned cyber security into a cat-and-mouse game, leaving IT teams struggling to defend against 24/7 threats. The rise in cyber-attacks has been fuelled by easy-to-use tools for attackers and Ransomware-as-a-Service (RaaS) models. Now continued geopolitical and economic instability, AI-driven developments and cloud vulnerabilities are all exacerbating the problem.

• 2 in 5 businesses are overwhelmed by security alerts
• 55% of businesses ignore cybersecurity issues to prioritise other business activity
• 1 in 5 businesses ignore security alerts
• 73% of in-house teams are unable to fend off cyber threats

The Impact of Cyber Crime 

Cybercrime organisations have become a global business operating on an enterprise-level scale, often with a corporate departmental layout mirroring a technology company, with external support and customer service functions. These carefully managed corporate entities are investing billions in growth, research, and development to ensure they stay ahead of stretched cyber defences and reap huge financial rewards. Every business is potentially vulnerable to their attacks.

• In July 2023, hackers exploited a software vulnerability in Revolut’s payment systems and stole US$20million.  It took several months to close the weakness.
• On July 14, Microsoft was forced to admit that it was the victim of a “China-based threat actor with espionage objectives.”  Amongst the effects of the attack, was the loss of emails from multiple US agencies.
• HCA Healthcare suffered a data breach that impacted 11 million patients.  Data stolen included patients' names, addresses, contact details, locations and the dates of upcoming appointments.

Besides finding and fixing a security breach, the real cost of an attack includes the time and resources a company needs to get back to normal operations.  It’s also important to factor in the daily erosion of both reputation and revenue that a business experiences while under attack.

It's Time for a New Resilience Playbook

It’s a common and outdated misconception that cyber threats will always land or target on an endpoint device. When reviewing data from all security incidents across our Customer Security Operations Centre throughout 2022, 45% of breaches either started or resided in the victim’s public cloud or cloud-based user identity technologies. Only 15% of all security incidents started or resided on a victim’s endpoint in the attack chain. 

Relying on traditional EDR, Managed EDR or even “XDR” solutions leaves many organisations blind to cracks elsewhere in their cyber defences. IBM and Ponemon’s Cost of a Data Breach report (July 2023) found the average time for an organisation to detect to identify a breach was 204 days – with a further 73 days taken on average to contain the breach. In total, this means an organisation takes over nine months to respond and contain a potentially critical security incident.

This isn’t to say that endpoints aren’t a great source of high-fidelity alerts - they are a core part of cyber risk mitigation. But would you rather start your investigation if/when the endpoint gets hit, or at the first point of the intrusion? 

The modern response needs to start beyond the endpoint, giving IT teams much broader, holistic visibility across the entire corporate estate - so that they can detect and investigate breaches sooner. In today’s evolving threat landscape, the question should no longer be “Will my firm face a cyberattack?” but “When in the kill chain will I detect it?”

It’s well known that the difference between an attack failing or succeeding largely depends on the speed of action. Insufficient spending on cyber security tooling is clearly not the reason for many successful attacks. Tools alone are not enough. It’s time to start building proactive security operations running 24/7/365 staffed with cybersecurity expertise empowered to lead the response. Combining technology, people, and processes seamlessly together, but also being consistent and continuously improving is the best way to mitigate cyber risk by reducing likelihood and impact.

Companies are often reluctant to shoulder the financial burden of maintaining a team of cybersecurity experts, not to mention the complexities of cyber insurance, compliance issues, and the ongoing need for system updates and patches. Bridging the gap between current cyber security measures to reach the desired state of true business resilience can seem impossible.

Partnering with a specialised Security Operations Centre (SOC) provider helps you to see and handle threats faster and more affordably. They offer a worldwide view of risks and can see across your whole system.  Working this way enables your in-house teams to find and fix breaches faster, day and night, all year round.  Using expert knowledge and the latest technology, you’ll also have the best advice to make your security more resilient for the long term.