In the dynamic realm of cybersecurity, a shifting threat landscape demands attention.
Join us as we hear industry veteran, Scott Alldridge, explore the evolving cybersecurity landscape, unraveling the threats facing organizations of all sizes and the imperative steps to fortify defenses in an ever-changing digital world.
Who is Scott Alldridge?
Scott is the President of MSSP IP Services and the IT Process Institute (ITPI), an independent research organization that provides benchmarking, research, and prescriptive guidance for IT decision-makers. He has over two decades of experience in cybersecurity.
A Notable Trend in the Industry
We're seeing cybercriminals targeting smaller and smaller organizations, taking advantage of their weaker security postures. From an attacker's perspective, SMEs are often "low-hanging fruit" because they have weaker controls, training, policies, and practices compared to a typical response.
I believe in the next 2-5 years, we'll see an extra layer of cybercrime targeting very small organizations. It's going to be essential for them to start taking cybersecurity seriously.
The Industry's Biggest Threat
The supply chain is a big "opportunity" for threat actors to commit crimes in a way that's practically undetectable. Keep in mind that your supply chain isn't just hardware and software. It's also service providers. Each provider has its own supply chain, and if you're not vetting that when you take on new providers, you're opening your organization to considerable risk.
Scott's Biggest Concern
There's lots of false information circulating about cyber insurance, and many organizations have a false sense of security. Policy providers are getting smarter and learning what fundamental controls organizations should have and not covering claims when they're improperly implemented. I've personally seen companies doing $60-70 million a year in revenue and relying on coverage and "security" their insurer provides... which is often no more than a vulnerability scan.
Top Steps for Cybersecurity Professionals to Take
First, you must have good IT processes.
If you don't know what assets, changes, and releases you're working with, it's not going to matter what tools you've got. As we say in the industry: "A fool with a tool is still a fool."
Second, you need a well-controlled baseline for your IT environment, and nothing should be allowed to change without permission.
Beyond that, the first priority should be basic cyber hygiene, in line with an established standard like the CIS Controls. Organizations doing under $100 million in revenue are often far below the standard of cyber hygiene recommended by industry standards, and that leaves them wide open to basic cyberattacks. It's human nature to want to jump to a shortcut like an anti-ransomware tool or an EDR, but none of that will matter if you don't have basic cyber hygiene covered properly.
Make sure you're in a position to isolate affected assets when a threat occurs and that you have tried and tested processes in place to restore and recover quickly. The ability to respond and recover effectively will dramatically reduce the impact of a cyberattack on your organization.
Finally, get good cyber insurance and read the fine print to understand what level of security you need for the insurer to actually pay out.
Get the Full Cybercrime Story
In our latest report, we provide a detailed analysis of the year's top evolving cyber threats—without unnecessary fluff. The findings implore the critical need for robust cybersecurity measures and how cybersecurity professionals can combat the ever-evolving threats.
Download the report to learn:
- How AI threatens to raise the threat of cybercrime even further than it already is.
- Cybercrime group priorities and how they are reflected in their tactics.
- The four basic ways cybercriminals make money.
- Insights and predictions from industry veterans.
- And more!
