Story image

Why cyber threats are draining your resources

01 Oct 2018

Article by Martin Lipka, Head of Connectivity Architecture, Pulsant 

Switch on the news, pick up the newspaper, or log onto the internet and you are faced with a story concerning cyber security. News about large-scale hacks and data breaches are making headlines more frequently than ever before, from the infamous WannaCry incident to the recent BA data breach.

Cyber security is no longer an issue the IT department is solely responsible for – it’s now an organisation-wide priority. And it’s not just the financial element of cyber crime, which costs businesses about $600 billion globally, according to one estimate. It’s also the damage to an organisation’s reputation when it emerges that it has been hacked, or lost customer data.

The sheer number of cyber threats can seem overwhelming, even for businesses with large IT departments. But with planning, clear thinking and the right technology, all businesses can improve their IT security and mitigate the cyber threat.

Not all attacks are obvious

Approximately 19% of attacks are carried out by advanced hackers supported by the state or those involved in corporate espionage. Unless you are a large organisation, they are unlikely to target you. The other eighty per cent of attacks are perpetuated by hackers who simply use known vulnerabilities to exploit the weaknesses in company systems . 

Another misconception is that attacks or breaches are noticed immediately. British Airways experienced a cyber attack in August this year, but it took them over two weeks to notice that their customers’ card payment details had been compromised.  It takes companies 191 days on average to find a data breach, according to global research published in 2017.

It is almost an inevitability that businesses will face a cyber attack at some point, which means cyber security is more about mitigating your risks rather than eliminating them. 

Use a risk-based approach 

•Start by reviewing your IT systems and look for possible vulnerabilities that hackers or a rogue employee could exploit – an unpatched operating system, or a worker’s smartphone containing sensitive commercial data.

•Next, assess the severity of the security threat (i.e. the damage would it cause your business if security was breached). One proven method for assessing IT security is a “risk-based” approach (an in-depth assessment of your IT risks and how to deal with them). Work out how to fix the problem or decrease the security risk. 

•Review your IT security − ideally each year and train your staff in cyber security – not just those in IT. If your business lacks the budget or skills and experience to do all these things, outsourcing part could save you time and money.

•If you work with a trusted partner you can benefit from their industry knowledge, in-house skills and the large investment they have made into all areas of their business.

Look to the future 

As cyber threats multiply and become more advanced, corporate IT security budgets are likely to carry on increasing. The Global Cyber Security Market is accounted for $95.15 billion in 2017 and is expected to reach $365.26 billion by 2026.

The number of attacks is also likely to increase due to demand for “crime as-a-service”  (hackers for hire who can write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials).

We will also see a shift in the devices that are being targeted. While today most attacks revolve around PCs and laptops, this will slowly change to mobile phones, where users typically hold a huge amount of personal data and information. 


The emergence of technologies like AI, machine learning and IoT will undoubtedly change the landscape in new and unpredictable ways, and this is something you need to keep in mind when creating cyber security strategies.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.