In this vlog filmed at University of Oxford Saïd Business School, where Teichmann International (IT Solutions) AG was born, our Chief Technology Officer and Member of Board of Directors Rowland Corr reflects on recent trends in cybersecurity and their strategic implications for organizations.
The cyber threat landscape today is more perilous than ever as activities supporting daily life, the conduct of business, the functioning of societies and countries, rely ever more on digital services and infrastructures.
A reported 97% of IT professionals believe that cyber threats are growing, yet with almost half of enterprises also reportedly failing compliance audits, it seems clear organizations know they must take adequate measures to protect themselves, yet it is equally clear that many struggle to do so. Reporting also shows a strong correlation between the level of compliance and an organization's ability to protect data, underscoring the strategic utility of security auditing and its vital importance in ensuring effective implementation of management measures as well as security controls today.
It is as much about navigating the solution landscape for enterprises today, as it is about the security landscape. For this, many organizations will need guidance from a trusted provider with the expertise to understand their needs and objectives, and to optimize their cyber security posture in alignment with those.
Cyber attacks continue to rise and continue to evolve. Attackers are faster, harder to detect, and more determined than ever in their efforts to compromise the devices, systems, services and infrastructures that we rely on.
With technology, telecoms, and finance the most targeted sectors, there's no doubt that the threat is systemic in nature, and that the data driving innovation is often the goal. If data is the goal however - humans are the gateway to that objective for attackers.
Rowland Corr, CTOThe number of enterprises experiencing ransomware attacks has surged in the past year and despite this escalating threat, less than half of organizations report having a formal ransomware plan in place. At the same time, an uptick in recourse to stealers by attackers suggests an increased focus on targeting personal data and financial information especially. Addressing this risk is not just about building awareness however, it’s also about board agendas, and building ownership at board level of the requisite prioritization, planning, and preparation.
Cyber security should not be viewed or treated as something separate from business activities but rather as supporting the achievement and the attainment of business objectives, securing their pursuit and realization by protecting people, assets, and processes against compromise.
Rowland Corr, CTOThe most potent malware threat continues to be Remote Access Trojans (RATs) through which attackers can gain remote access and complete control of infected devices. These are used in a wide range of attacks including espionage. Another notable recent trend is the exploitation of legitimate tools by attackers and increasing use of same especially for Command and Control (C2) purposes.
Such exploitation is not confined to tools however. We must also consider the potential for exploitation and hijacking in similar ways of services. Indeed, we must expect advanced attack groups to find ways to achieve this not only ‘outside the box’ of conventional tools, but beyond the scope of conventional approaches to IT security. Legacy technologies providing interconnection for mobile networks, for example, used in 2G up to 5G networks not only present security risks in the form of long known vulnerabilities, they also continue to prove fertile ground for the development of new attack techniques, that is, for threat actors with the requisite expertise and capability to execute them.
Individuals presenting strategic targeting value to attackers, whether as gateways to their organization's data or as targets in their own right, are exposed to an ever widening of attack vectors which cannot be covered by any single framework or approach, certainly by no single off-the-shelf tool or solution.
Rowland Corr, CTOStrategic cyber security is not just a reactive activity of course, indeed it is ever more important today that it be proactive in nature in terms of the approaches that we adopt. On average, companies experiencing a data breach underperform the NASDAQ by over 8% and this grows over time, and there are other implications as well. A perception of inordinately high cyber risk for an organization can make it more difficult, more costly for them to secure financing.
Enterprises must be equipped to protect assets, processes, and personnel with an aligned, effective, fit-for-purpose cyber security posture. All firms need to be able to manage their level of risk, to be able to identify it in the first place, and at the heart of this is being able to evaluate the effectiveness but also strategic relevance of the measures they have in place and need to have in place. This holds whether we're talking about an organization with limited passive protection in place or fully fledged Security Operation Centers (SOCs).
While complete elimination of risk is simply not possible, effective risk management striving for substantial risk reduction over time is imperative and is achievable for organizations. This will increasingly rely on the strategic alignment between an organization's objectives and its cyber security posture especially in a business environment increasingly fraught with cyber risk today.
Rowland Corr, CTOThis blog post is a summary of the longform vlog. Catch the full talk on our Youtube channel here: https://www.youtube.com/watch?v=ULTkYxoZY0U
We provide 360° protection of your assets & people against strategic cyber risk.
+41 58 458 7788 E-MailAt Teichmann International IT Solutions we help to ensure relevance, responsiveness, and resilience of measures implemented by bringing to bear our broader expertise in identifying, designing, and delivering strategic cyber security for our clients. Contact us to find out how we can help you secure your assets, processes, and people against evolving cyber threats.
Rowland Corr is Chief Technology Officer and Member of the Board of Directors at Teichmann International (IT Solutions) AG (TI IT). With a background in defence, strategy, and cybersecurity, Rowland brings the leadership and vision to innovate at the intersection of technology and strategic risk to his roles at TI IT.
As CTO, he shapes the technology direction of the company, leading the development of our cybersecurity solutions and services in alignment with client needs worldwide.
