How can organisations build a cyber resilient infrastructure in 2023 and beyond (Guest blog from Canon)

Authors: Quentyn Taylor, Senior Director – Product, Information Security and Global Incident Response - Canon EMEA and Mike Korkidakis, Head of Distribution – Wavenet

In today’s digital landscape, businesses face varying IT security threats that can have devastating consequences if not properly addressed. In fact, security breaches have increased for 61% of organisations in the past year alone (Quocirca, The Print Security Landscape, 2023) Among these threats, ransomware stands out as the number one concern, and its growth in recent years has been alarming. Organisations of all sizes are vulnerable, making it essential for all to prioritise their cybersecurity efforts.

Ransomware is now universally acknowledged as a persistent and escalating IT security threat that can severely impact businesses both operationally and financially. Despite a slight glimmer of hope in 2022 with ransomware costs dipping compared to the previous year, there are concerns that 2023 could be the second highest year of ransomware revenue, rivalling high levels observed in 2021. In fact, the overall average data loss has risen from just below $500 million in 2022 to $449.1million in the first half of 2023 according to blockchain data platform Chainalysis, and these figures will only continue to rise.

This rise can be explained by a shift in malicious attacker behaviour. Where previously these actors targeted large corporates and critical national infrastructure for a bigger pay out, cyber criminals are now going after “smaller” targets who are more likely to pay, and who have not invested heavily in cyber defences. As a result, attackers can carry out faster, less complex, and more frequent hits that will likely fly under the radar of authorities, so they can continue to carry out repeated cyber-attacks in the long term. 

One of the best ways businesses can look to combat this growing threat is by developing a detailed understanding of their security perimeter and the assets that need to be protected. Despite 70% of organisations being reliant on printing, over a quarter (27%) of IT security incidents on average are related to paper documents (Quocirca, Print Security Landscape 2023). To tackle this issue, organisations must conduct thorough security assessments to identify potential weak points and bolster their defences accordingly. 

Only by understanding the existing security infrastructure can organisations optimise their resources and implement appropriate preventive measures.

What practices can public and private sector organisations adopt?

Cyber Essentials is a government-backed accreditation, introduced in 2014, and offers businesses baseline cyber security to cover the basic protection from cyber-crime. This scheme was introduced to make it easier for businesses to protect themselves and to encourage good cyber security practices. And with the arrival of GDPR in 2018, businesses and organisations had to show evidence of compliance, cementing the need for cyber essentials.

Cyber Essentials offers protection for small, medium, and large organisations who are often overlooked when it comes to cyber-security protection. It’s a cost-effective way for public and private companies to approach their cyber-security strategy. The certification is universal to organisations of all sizes, regardless of sector or operations and have very minimal cost implications. Cyber criminals don’t hunt for large organisations but rather look for poorly protected IT infrastructures, often found in smaller enterprises.

It’s necessary for public sector and commercial organisations to demonstrate their commitment to cyber security and to their customers and suppliers by equipping themselves with cyber essentials. The UK Government believes that being cyber essentials accredited could prevent “around 80% of cyber-attacks” and is crucial for improving cyber security. 

Accreditation for cyber essentials certification requires an organisation to have put in some measures that shows their dedication to fighting cyber-crime. 

Controlled data

Cyber Essentials highlight gaps in your security and examines ways in which you control your organisation’s data. To be accredited, you must control access to your data through user accounts while ensuring that administrative privileges are given to those that need them.

Use of firewall

To obtain a Cyber Essentials certification, you must use a firewall to protect all your devices, particularly those that connect to public Wi-Fi networks. 

Use of relevant and secure software

To achieve your accreditation, you must demonstrate that you only use the necessary software, accounts and apps needed for your business.

Keeping devices and software up to date

A Cyber Essentials certification requires that you keep all your devices, software, and apps all up to date with the latest versions and patches, so there are no gaps in your security.

Protection from viruses and other malware

You must provide evidence that your business is implementing some form of anti-virus protection that is installed on your devices, whether that is sandboxing, whitelisting or any anti-malware product (these are often included for free with popular operating systems).

For your certification Readiness package, Cyber Essentials Accreditations and Cyber Essentials Plus Accreditation, our cyber team is on hand to guide your organisation through the steps, with minimum fuss. There are three simple options:    

We’ll assist you through the entire process and will be on hand to help you with any questions. Once passed, you’ll be able to display the Cyber Essentials logo on your website and marketing literature.

Authors

Mike Korkidakis

Head of Distribution , Wavenet

Quentyn Taylor

Senior Director – Product, Information Security and Global Incident Response , Canon Europe, Middle East, and Africa