Yesterday, the results of the UK Government’s 2022 Cyber Security Breaches Survey were published, detailing the cost and impact of cyber breaches and attacks on UK businesses, charities, and educational institutions.

With the threat level showing no sign of lowering, Keiron Holyome, VP UK, Ireland, and Middle East, BlackBerry, discusses the necessity of building a prevention-first cyber defence to deter threat actors from infiltrating vital supply chains and SMBs, which are currently some of the prime targets for cyber attacks:

“The findings of the 2022 Cyber Security Breaches Survey are reflective of the ongoing global cyber threat posed today. As the risk factor remains unchanged, cybersecurity is rightfully being taken more seriously as a boardroom issue, high on the agenda for government bodies.

In 2020/21, governments in the U.S., U.K., Australia, Germany and more collectively pledged billions of dollars and introduced new measures to strengthen their cyber resilience.  Despite this, senior management still lack understanding of security and risk.

 

Supply chains under attack

With successive and increasing cyberattacks on hospitals, essential services, supply chains etc. the urgent need to protect critical infrastructure, businesses and citizens is highlighted. Supply chains, in particular, remain a popular target due to the sheer impact and spread of an attack. Threat actors know exploiting the trust people place in the integrity and security of their supply chain is easier than compromising fortified targets. Adversaries typically look for the path of least resistance; the supply chain represents the latest evolution in their tradecraft.

This is even more concerning as the survey finds that, of the 10 Steps to Cyber Security the government guidance lays out, around half of businesses and organisations found supply chain security was the least favourable. Threat actors have identified an area of weakness and rely on the negligence of organisations to cause disruption. Bolstering supply chain security is the first preventive step that deters cybercriminals from attempting to attack in the first place.

 

SMBs among most targetted 

The same can be seen in reference to small to medium businesses (SMBs). Despite attacks on large organisations dominating the 2021 news cycle, BlackBerry threat researchers discovered SMBs experienced, on average, 11 to 13 threats per device – a number much higher than that of larger enterprises – due to attackers using service providers such as ransomware-as-a-service (RaaS).

Threat actors are privy to the reduced funding and expertise in regard to cybersecurity at SMBs. In large businesses, 80% update the board at least quarterly regarding cyber security, 63% conducted a risk assessment, and 61% carried out staff training. In comparison, those numbers are 50%, 33% and 17% respectively across businesses of all sizes.

It is clear that some cybercriminal tactics are less complex than thought. Prevention can be increased by creating obstacles for threat actors before they consider attacking. This can be done through AI-based threat prevention, which aids in creating Zero Trust security environments. By validating every transaction, file, click, and action, and flagging potential threats prior to exploitation, organisations can increase their resilience and streamline security management. There needn’t be gaps in security defences amid a frequently discussed, highly alarming global threat.”