Geopolitical tensions make security precautions critical for UK business
Geopolitical tensions are on the rise around the world and global economic structures continue to evolve as a result. Political disruption and unrest can have a far-reaching impact on the rest of the globe. This impact can be seen most clearly in the ripple effects that the current ongoing Ukraine-Russia war has had on the rest of the world in terms of economic volatility, food insecurity, and dramatic price increases.
Businesses are, of course, hyper-focused on ensuring their resilience to geopolitical risk, fragmentation, and uncertainty, which according to McKinsey’s latest Economic Conditions Outlook is at the top of the agenda for CEOs. But, if businesses want to safeguard their resilience during this disruptive time, organizations will need to prioritize their security.
Cybersecurity is already a priority concern for organizations, as data breaches and cyberattacks are irrefutably on the rise and hackers are becoming increasingly sophisticated and persistent. Yet, rising geopolitical tensions also introduce an increased risk of state-sanctioned cyber-attacks that affect both public and private organizations alike.
Cybersecurity has become a key element in nations’ arsenals during geopolitical conflict in order to exploit information, destabilize, and gain a foothold in targeted nation states. While you might think that government and public institutions would be the most obvious, and only, targets of state-sanctioned cyberattacks, this is not true. In fact, the US, Australia, Canada, New Zealand, and the UK released a joint cybersecurity advisory earlier in the year warning organizations that Russia’s invasion could expose organizations both within and beyond the region to increased malicious cyber activity. According to Gartner, coordinated cyberattacks emerged as part of Russia’s offensive since its invasion of Ukraine began earlier this year, impacting organizations worldwide.
Organizations within countries that are a part of, have placed sanctions on, or provided support to a country or nation involved in geopolitical tensions are the most vulnerable to retaliatory cyberattacks that seek to cripple financial and other critical infrastructure. With the increased sanctions that the UK has placed on Russia following its invasion of Ukraine, organizations within the country should be on a heightened alert when it comes to security and protecting their most critical assets.
Essentially, if organizations do not bolster their cybersecurity efforts, they will be left unprotected and exposed to both everyday cybercriminals and cyberthreats.
The cost of a cybersecurity breach
In today’s digital age, data and information have become one of our most valuable commodities. As businesses continue to digitally transform and adopt new and emerging technologies into their organizations in order to better utilize and manage their valuable data, they are also introducing new vulnerabilities that malicious actors can take advantage of.
The impact of a security breach can be immense. A customer data leak can erode trust and scare new business away, while loss of business-critical data could cost businesses heavily in the form of time, money, and potential legal implications which can be extremely damaging.
According to IBM’s 2022 Cost of a Data Breach report, the average total cost of a data breach is US$4.35 million, while the average cost of a critical infrastructure data breach is US$4.82 million. Additionally, 60 percent of organizations’ breaches had led to an increase in prices which was passed on to their customers.
Protecting business-critical applications is vital
To prevent the risks and impact of a cyberattack, organizations in the UK need to relook at their current cybersecurity environment, particularly as it relates to their business-critical applications which are often overlooked.
Business-critical applications are a very attractive target to cybercriminals as they are essential to everyday operations. If interfered with it would impact business continuity and contain sensitive data which if stolen or made inaccessible could have devastating consequences not only for the business itself but also its customers, suppliers and partners.
As such, organizations need to be able to not only detect and respond to threats quickly but also identify and reduce any vulnerabilities to ensure the protection of business-critical data. By adopting technologies that enable unified threat, risk, and compliance management across the entire organization, businesses will be able to take a proactive, instead of reactive, approach to cybersecurity.
This could also help to alleviate the pressures of the cybersecurity skills gap on organizations. The IBM report observes that around 62 percent of organizations’ security teams are currently understaffed, and therefore unequipped to deal with the constantly evolving and more frequent cyberattacks. Additionally, cybercrime is expected to triple the number of open cybersecurity positions over the next five years, and with every IT position also having to be a cybersecurity position, this presents a huge problem in terms of capacity in dealing with the growing risk of cyber threats.
Putting systems and processes in place to prevent a breach
Organizations must also look into developing and implementing comprehensive cybersecurity programs over and above cybersecurity technology that lay out the guidelines and best practices employees should follow. This includes implementing standards and processes that will enable businesses to assess, prepare for, and mitigate these cybersecurity risks.
Cybersecurity awareness across all levels of an organization is also key to helping to combat cyber threats as the biggest security vulnerability of any organization is people. In fact, the IBM report notes that 19 percent of breaches were caused by stolen or compromised credentials. The most common ways that cybercriminals are able to gain access to systems is through phishing scams as well as malware and ransomware that is transferred onto systems through what seems "non-threatening" methods, such as what might look like an employee’s lost USB stick. To avoid these vulnerabilities, organizations need to look at educating and training all employees to recognize risks and potential threats while also teaching them the guidelines and processes that let them know what they should do once they have identified them.
Turning cybersecurity into a collective responsibility shared by everyone, in addition to integrating robust cybersecurity solutions, will be key to ensuring the safety and security of organizations across the UK.
JP Perez-Etchegoyen is CTO of Onapsis.