Page 95 - Cyber Defense eMagazine April 2023
P. 95

vulnerable. Stolen banking information can also result in indirect monetary fraud when the information
            is used to legitimize phishing emails.

            It is easy to focus the blame on certain individuals, such as data processors, when something goes wrong
            but there needs to be more back-end support from a cybersecurity perspective, as well as support from
            a governance standpoint given how highly regulated this particular industry is.

            Cybersecurity is already considered a grudge purchase given the astronomical costs of running it, without
            an easily demonstrable ROI in the absence of a breach. As with all investment, there needs to be a round-
            the-clock business incentive. However, since cyber-attacks are now inevitable, we can argue the incentive
            already exists. It’s just a case of translating that to the organisation.



            What are the next steps?

            Victim blaming and shaming needs to be addressed as it simply compounds the issue. We need to accept
            shared responsibility with mature accountability in place in order to solve this complex issue.

            At the end of the day, it’s critical infrastructure within the economy that’s being targeted, and even though
            they are private institutions, the impact of a cyber-attack creates devastating ripple effects beyond the
            company itself and its clients, as we’ve seen with attacks on businesses such as the Colonial Pipeline
            incident in 2021. The regulatory and government support (dare I suggest financial rebates and incentives
            for responsible security spending) behind these types of organisations should therefore match the risk
            at a national level.

            When some of the world’s largest and most established organisations are being targeted and breached
            – their security systems armed to the teeth with advanced technology – it’s clear that attack campaigns
            are becoming more sophisticated by the day. We shouldn’t be so quick to assume that businesses are in
            the  wrong.  If  the  necessary  security  practices  are  not  in  place,  the  right  authorities  will  and  should
            address non-compliancy.

            In the meantime, we should be working together as an industry to support these businesses and turning
            our attention to the real enemy that is already planning its next attack.




            About the Author

            Brendan is the CEO of Encore, the unique industry tool that combines Cyber
            Asset  Attack  Surface  Management  and  External  Attack  Surface
            Management. It provides complete visibility over an organisation’s estate to
            present a consolidated view of your security posture.

            Brendan brings more than 13 years of progressive technical and business
            expertise,  and  his knowledge and methodologies  have advanced  through
            years of fundamental network communications work.




                                                                                                              95
   90   91   92   93   94   95   96   97   98   99   100