Select your country

BelgiumBelgium

ChinaChina

DenmarkDenmark

FranceFrance

GermanyGermany

GlobalGlobal

Maghreb & West AfricaMaghreb & West Africa

NetherlandsNetherlands

NorwayNorway

South AfricaSouth Africa

SwedenSweden

SwitzerlandSwitzerland

United KingdomUnited Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

  1. United Kingdom
  2. Insights
  3. Blog
  4. Cybersecurity
  5. Lessons from the front line: If you can’t secure the basics, you’re not secure at all

Lessons from the front line: If you can’t secure the basics, you’re not secure at all

Share

There’s no getting away from the fact that the cyber threat landscape is more challenging than ever. According to our latest Cy-Xplorer report, the number of cyber extortion victims rose by 77% year on year, with further analysis suggesting the actual number is 50-60% higher than what we directly observe.
 

We work on the front lines of cybersecurity, so we’re no strangers to the trials and tribulations businesses face every day. However, we teach some lessons time and time again…

 

This includes that a comprehensive security approach is needed to thwart the destructive impacts of cyber attacks, which requires security teams to peel back businesses’ many layers to truly understand what’s going on. Without doing the groundwork to secure the basics, businesses are not secure at all.

 

One-size-fits-none

Now more than ever, businesses must lean on the support of experts on cybersecurity matters as each company has unique needs and cyber threats are growing in frequency and sophistication. Security teams must therefore think critically about what type of support they require, especially for their highly sensitive assets.

 

To support this, businesses can’t afford to skip out on educating employees on the basics of cybersecurity. Believe it or not, 37% of cyber incidents originated internally, according to our latest Security Navigator report. With threats ranging from malicious actions to an employee accidentally clicking on a link in a phishing email.

 

Mitigating these risks requires the cultivation of a culture of security awareness in tandem with support and continuous training from the likes of CSOs, CIOs and external experts. Security leaders must be able to clearly demonstrate the consequences of inadequate security measures and effectively communicate their security strategy across the organisation to achieve buy-in from every level.

 

Defining cybersecurity success

Even though it’s tough, it's always better for the experts to deliver the bad news than for organisations to discover it themselves. This ensures businesses don’t take matters into their own hands and dig themselves into even bigger holes, creating more internal pressures.

 

To help achieve this, organisations must define what cybersecurity success looks like for them and communicate this effectively to the experts, trusted partners and their teams. Every business has a right to demand the best solutions out there, but genuine success comes through cooperation from all sides to ensure threats are quickly detected and responded to.

 

Cybersecurity success also requires security teams to hold themselves accountable for any oversights and slip-ups. Security professionals need to look out for each other and more importantly, feel comfortable reporting security incidents without fear of punishment. Adopting this mindset will improve the overall security posture of the business and instil much-needed cyber resilience.

 

Don’t believe the AI hype… just yet

Everyone’s talking about it, but right now, GenAI’s full potential has yet to be realised. Nevertheless, organisations need to build out their AI policies and security processes to stay ahead of the curve as more cybercriminals look to utilise this technology. The rise of AI has evened the playing field, meaning cybercriminals have access to the same AI technology as security professionals and can put it to malicious use. We’ve already seen examples of AI globalising the threat landscape by breaking down language and cultural barriers to make attacks more convincing. 

 

To protect their businesses, security teams must first secure the basics before contemplating running AI-powered tools. It’s too easy for cybercriminals to gain access to company servers through unsecured AI applications, especially when they don’t adhere to company policies. This also includes educating their employees on the AI-based attacks they might encounter and how to prevent and report them.

 

Businesses also shouldn’t use AI to play catch up on their cybersecurity protocols – it’s too risky as businesses are still getting up to speed with this technology, which makes them incredibly vulnerable to AI-enabled attacks. Taking preventative measures, such as relying on threat intelligence and pen-testing, will always prove the most effective.

 

Raising the bar
Until businesses raise internal standards and excel at the basics of cybersecurity, cybercriminals will be able to compromise their infrastructure and disrupt day-to-day operations. This mustn’t be viewed as a burden, but rather an opportunity to adapt to the dynamic and ever-changing cyber ecosystem, which supports the business’ success.

Learn more about how Orange Cyberdefense can support your cyber resilience journey here.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline!