www.riskcompliance.biz
Open in
urlscan Pro
136.144.171.244
Public Scan
Submitted URL: https://email.riskcompliance.nl/t/j-l-siidkuk-itjljhirlh-y/
Effective URL: https://www.riskcompliance.biz/news/navigating-the-uks-cybersecurity-tempest-riding-the-storm-of-employee-risks-expanding-attac...
Submission: On December 21 via api from ES — Scanned from NL
Effective URL: https://www.riskcompliance.biz/news/navigating-the-uks-cybersecurity-tempest-riding-the-storm-of-employee-risks-expanding-attac...
Submission: On December 21 via api from ES — Scanned from NL
Form analysis 3 forms found in the DOM
POST https://www.riskcompliance.biz/wp-comments-post.php
<form action="https://www.riskcompliance.biz/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<p class="comment-notes">Your email address will not be published. Required fields are marked *</p>
<div class="form-group comment-form-comment">
<label for="comment">Comment</label>
<textarea class="form-control" id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea>
</div>
<div class="form-group comment-form-author"><label for="author">Name <span class="required">*</span></label> <input class="form-control" id="author" name="author" type="text" value="" size="30" aria-required="true"></div>
<div class="form-group comment-form-email"><label for="email">Email <span class="required">*</span></label> <input class="form-control" id="email" name="email" type="text" value="" size="30" aria-required="true"></div>
<div class="form-group comment-form-url"><label for="url">Website</label> <input class="form-control" id="url" name="url" type="text" value="" size="30"></div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="46036" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="ae555aecdf"></p><button class="btn btn-primary btn-lg" type="submit">Submit</button>
<p style="display: none;"></p> <input type="hidden" id="ak_js" name="ak_js" value="1703156145720">
</form>POST
<form method="POST" class="cm_ajax_widget_form" id="cm_ajax_form_2">
<input type="hidden" name="cm_ajax_action" value="subscribe">
<input type="hidden" name="cm_ajax_widget_id" value="2">
<p><label for="cm-ajax-name">Name:</label>
<input class="widefat" id="cm-ajax-name" name="cm-ajax-name" type="text" placeholder="Name:">
</p>
<p><label for="cm-ajax-email">Email:</label>
<input class="widefat" id="cm-ajax-email" name="cm-ajax-email" type="text" placeholder="Email:">
</p>
<p style="width: 100%; text-align: center;">
<span style="display: none;" class="cm_ajax_success">Great news, we've signed you up.</span>
<span style="display: none;" class="cm_ajax_failed">Sorry, we weren't able to sign you up. Please check your details, and try again.<br><br></span>
<span style="display:none;" class="cm_ajax_loading"><img alt="Loading..." src="https://www.riskcompliance.biz/wp-content/plugins/ajax-campaign-monitor-forms/ajax-loading.gif"></span>
<input type="submit" name="cm-ajax-submit" value="Register">
</p>
</form>GET https://www.riskcompliance.biz/
<form role="form" action="https://www.riskcompliance.biz/" id="searchform" method="get"><label for="s" class="sr-only">Search</label>
<div class="input-group"><input type="text" class="form-control" id="s" name="s" placeholder="Search.."><span class="input-group-btn"><button type="submit" class="btn btn-primary">Search</button></span></div> <!-- .input-group -->
</form>Text Content
Contact Nederlands | English | Français | Deutsch | Italiano | Polski | Română | Български | česky a slovensky Toggle navigation * News * Events * Whitepapers * Education * Jobs * Books * Knowledge base NAVIGATING THE UK’S CYBERSECURITY TEMPEST: RIDING THE STORM OF EMPLOYEE RISKS, EXPANDING ATTACK SURFACES AND LIMITED VISIBILITY 18 December 2023 Knowledge Base -------------------------------------------------------------------------------- by Curtis Simpon Much like Shakespeare’s final play, which begins with the spectacle of a storm-tossed ship at sea, UK organisations have also found themselves engulfed in a tumultuous cybersecurity tempest. At the eye of the storm is a paradox that highlights the challenges of the digital age. As organisations embrace technological advancements, they inadvertently open themselves up to an ever-growing array of cyber threats. With each new asset or system introduced, the attack surface expands. Coupled with the fact that the cyber landscape is always changing, becoming more sophisticated by the minute, organisations are struggling to keep up. The tempestuous waters of these cyber threats are raging against the sides of the ship. Yet, as new vulnerabilities emerge, one constant remains – employees are commonly still the weakest link in the cybersecurity chain. In fact, 67% of employees are downloading software and applications without the prior consent or knowledge of IT or security teams. This is nothing new. IT and security teams have known about the perils of employee behaviour for years. So why is it still creating problems? And how can organisations now weather the storm before it’s too late? The eye of the storm There are five fundamental obstacles preventing organisations from truly managing their evolving attack surface. These include scale, a lack of visibility, absence of policy enforcement, human effort and an increasingly complex regulatory environment. First of all, the scale of an organisation’s attack surface makes it difficult to monitor for and mitigate threats. On any given business day, an average of around 45,000 assets are connected to an organisations’ networks. These assets present organisations with a whack-a-mole style dilemma, which sees them tackling a threat in one network area only to find another emerging simultaneously elsewhere. Next, there’s a drastic lack of visibility. The sheer volume of assets, combined with siloed legacy technology, means organisations lack complete network visibility. In fact, more than a third (39%) of UK IT decision-makers noted a lack of complete visibility over company-owned assets connected to the business environment. This lack of visibility and management does not stop with devices. Human error plays a big role in hindering attack surface management. Whether it’s through the assets they introduce into a network or how they handle existing devices and processes, employees pose a major risk to their employers. Yet, little has been done to equip them with the knowledge to act in a continually secure manner. Beyond training, there’s a severe scarcity of policy enforcement. As it stands, only one in two (51%) of organisations have a Bring Your Own Device (BYOD) policy for all employees. A BYOD policy establishes guidelines on how employees use their own devices within the business environment, such as phones and laptops with access to the corporate network and data. Overall, 69% of UK IT decision-makers agree their organisation needs better policies and procedures to deal with security vulnerabilities. Although the majority of organisations understand the necessity of these changes, a paralleled optimism at actioning them is nowhere to be seen. The complex regulatory landscape has halted many organisations in their tracks. In fact, 39% of IT leaders admit to feeling challenged by the UK’s increasingly complicated regulations and governance requirements. For example, 2023 saw the second iteration of the Network and Information and Security (NIS2) directive launch, which modernises the existing legal framework governing cybersecurity standards in the EU. Yet, those UK businesses that operate within it are also bound to the directive, while also being tied to other UK regulations. Before, organisations received a fine following a breach. Now, this new directive rules entities will be fined based on failing to meet new basic security regulations, regardless of whether there’s a breach or not. Weathering the attack surface As it stands, existing legacy technologies and processes aren’t fit for purpose. In a world of ever-increasing connectivity, there’s no space for an isolated approach to security. Often it can result in a complex, fragmented landscape, with neither complete visibility nor a single source or trusted piece of information that can lead to human errors or inaccurate data. Now, organisations must shift away from what they have known and embrace a new approach. But, where to start? First and foremost, visibility and management. You cannot protect what you cannot see. Organisations can safeguard their environment by ensuring comprehensive asset visibility across all devices, whether managed or unmanaged. This approach allows them to discern the entire attack surface and take proactive measures in asset security management. By consolidating data from various sources, essential network insights can be derived, aiding in the detection of breaches and anomalous behaviours. Truthfully, organisations cannot eliminate all potential risks or mitigate all attacks. But prioritisation and subsequent monitoring can put them on the right path. It can identify, analyse, evaluate and address threats, which are then prioritised based on the potential impact and level of exploitation risk. But, with dwindling security budgets and 50% of all UK businesses reporting a basic cybersecurity skills gap, and a further 33% experiencing this at an advanced level, how can workforces reach the necessary levels of security? In light of financial and workforce limitations, introducing automation can bridge this skills gap, as well as manage security posture. With 51% of cybersecurity teams feeling overwhelmed by the volume of threat information they currently receive, implementing automation can provide real-time threat response without requiring human intervention. Battening down the security hatches Organisations face constant cyber threats, and the growing attack landscape provides numerous entry points for attackers, be it through assets directly connected to the network like IP cameras or printers, or via third-party providers. By focusing on strict policy enforcement, employee security training and truly understanding the attack surface through asset visibility, prioritisation, monitoring and automation, organisations can embed a holistic security approach as opposed to a siloed security approach. These factors will ensure organisations are creating a fit-for-purpose strategy, which actively embeds insider risk and employee support at its core. In doing so, organisations can batten down the security hatches and navigate the tempestuous waters of the cybersecurity storm. The author, Curtis Simpon, is CISO at Armis. Armis, the asset intelligence cybersecurity company, protects the entire attack surface and manages the organisation’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world Armis ensures that organisations continuously see, protect and manage all critical assets. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7. Armis is a privately held company headquartered in California, USA. Leave a comment Facebook Google+ Twitter Linkedin RELATED ITEMS -------------------------------------------------------------------------------- Financial watchdog fines Equifax Ltd £11 million for role in one of the largest cyber-security breaches in history Continue reading... Top four compliance trends to watch in 2024 Continue reading... Risk in Focus 2024: Hot topics for internal auditors Continue reading... -------------------------------------------------------------------------------- LEAVE A REPLY CANCEL REPLY Your email address will not be published. Required fields are marked * Comment Name * Email * Website Submit NEWSLETTER Name: Email: Great news, we've signed you up. Sorry, we weren't able to sign you up. Please check your details, and try again. RISKCOMPLIANCETV EVENTS 14 Mar Chief Litigation Officer Summit The Las Colinas Resort, USA 14 Mar US General Counsel Summit The Las Colinas Resort, USA 11 Apr European Corporate Counsel Summit 2024 Fairmont Le Montreux Palace, Switzerland 11 Apr IP Law Europe Summit 2024 Fairmont Le Montreux Palace, Switzerland 21 Oct Sibos 2024 China National Convention Centre, China OUR BLOGGERS * Lieve LowetEU Affairs consultant and lobbyist * Elina Karpacheva Chair of the European Compliance Centre based in Sofia, Bulgaria * Ahsan HabibSenior Analyst, AML Operations * Michael AmadoLawyer in Paris / Lawyer in Canada * Alex MovchanAlex Movchan CIA CICA CFE is the President of the Institute for Internal Controls - Central and Eastern Europe * Elena PykhovaElena Pykhova is a thought leader, influencer and founder of a think tank, Best Practice Operational Risk Forum. * Daniel VaknineCEO and Partner of Visslan * Nancy MehradAuthor and the CEO and Founder of Registrant Law Professional Corporation * Ajay KataraConsulting Partner and Head the RegTech Portfolio in Banking Risk Management area at Tata Consultancy Services (TCS) WHITEPAPERS * 1 How to find the right whistleblowing solution for your organisation The message is clear: organisations must be held accountable for their social and environmental footprint. Therefore, it’s inevitable that speaking up becomes the next social… Download whitepaper * 2Risk in Focus 2024 Economic uncertainty has driven the perfect storm of interlocking risks described in last year’s Risk in Focus in new directions in 2023. Organisations are now… Download whitepaper All whitepapers Search Search All rights reserved © 2023 Risk & Compliance Platform Europe | * Disclaimer