Why cybersecurity needs to be front and centre of your business plan

Cybercriminals are smart, creative, and ruthless in their search for new techniques to catch people out and find holes in security systems. In our recent webinar, we were joined by Joe Burns, CEO of Reformed IT, and William Taaffe, COO of Lockdown Cyber Security to discuss the biggest (and some surprising) threats facing businesses – and what smart organisations are doing now to reduce the risks of a detrimental attack.

Emerging cyber security trends for 2023

Cracks showing in MFA

While multi-factor authentication (MFA) has been trusted by businesses for identity verification, the reliability of this method is being tested by session hijacking. Rather than requesting victims to enter usernames and passwords on a fake website, hackers access the session itself. This uses the very measures which are intended to protect as a vehicle to gain full access to any account the user has accessed.

Deepfake technology

Deepfake is the creation of audio and video content that’s been faked to pose as an individual. Cybercriminals use this to lure victims in, for example when AI voice cloning was recently deployed to defraud a bank based in the United Arab Emirates for $35 million.

Supply chain attacks

It’s important to consider not only how to protect your own systems, but also those connected through supply chains. Hackers are increasingly going after easier targets like shared supplier resources to reach their end target – attacks can be much more damaging when someone has got in through a trusted channel.

How do I protect my business from the risks?

In every business, there is a demand for innovation – whatever the outcome, leaders are looking to do it faster, smarter and less expensive than the competition. But innovation should never be at the cost of security, and risk must be the priority.

Use and test your plans

Response plans shouldn’t be a tick-box exercise – it could be the difference between recovering from an attack efficiently and it having a detrimental impact on your business. Too often, a cybersecurity plan or strategy is written, then remains untouched until it’s next flagged on a review cycle. Businesses who regularly revisit the plan and include it in day-to-day project work will be more likely to reduce the impact of an attack.

Risk quantification

One of the biggest problems with risk is it means something different to every person – what one person sees as a $10 million dollar risk might only be weighted at $10,000 to somebody else. Proper risk quantification assigns a monetary value to the threat, enabling businesses to elevate risk to the board level and get cybersecurity on the CEO and CFO’s agendas.

Least privilege

Ensuring staff members only have access to the resources or systems they need to do their job effectively is vital in understanding what data people can access. For example, when people move between departments, consider which resources they can access and how long they retain access.

For more practical advice, real-life examples and to find out how you can best protect yourself – and your organisation – from cybercrime, watch the full webinar with William and Joe, or download our cybersecurity playbook for audit, accounting and advisory companies.