The pandemic has been dangerous and volatile, not just because of the health concerns it’s posed, but also because of what it’s meant for our working lives.
The wide-scale switch to remote working and cloud-based software, in particular, left significant operational gaps that invited cybercriminals into companies’ inner-workings like never before.
Far from addressing this rising threat landscape as necessary, many businesses were so preoccupied with adjusting to a new working normal that cyber threats were left largely unchecked. This is a neglect that’s still now making itself known, with brute force attacks up by 400%, while spear-phishing attacks have increased by an even more worrying 667%.
With 47% of the UK workforce operating remotely and 86% of employees stating that they hope to continue doing so post-pandemic, these new risks aren’t going anywhere. This is why 2022 needs to be about creating an all-inclusive cyber threat intelligence strategy that takes on board evolving cyber security trends and cybercrime trends. Only then do businesses stand a chance at enacting effective cyber security strategies in the face of these new risks. Here, we are going to explore cyber security best practices in the context of the 2022 threat landscape — helping you create better cyber security outcomes for your business.
What the pandemic demonstrates about the unexpected
The ability to shine in the face of setbacks has long been a prerequisite of business success. But 2020/21 taught us that even well-placed survival strategies aren’t enough to weather every storm. In fact, when the unexpected hit, it became obvious just how ill-prepared existing business setups were for a blow of this scale. In particular, the interconnected online systems that were supposed to keep businesses afloat served as rafts that carried cybercriminals from one piece of data to another.
In some respects, facing down this harsh reality has put us in a better position than ever to implement techniques and procedures with all-important adaptability in mind. In keeping with this, 68% of business leaders feel that their cyber security approaches and incident responses are improving to meet new needs, but that is no reason to become complacent. There are still a range of rising threats to consider, including:
- New threat actors: Malware-as-a-service, in particular, has led to a rise in DIY denial of service (DoS) and distributed denial of service (DdoS) attacks carried out by standalone first-time cybercriminals as opposed to organised crime groups.
- Targeted COVID attacks: Around a quarter of all coronavirus domains are thought to be fraudulent, as attackers take advantage of pandemic-based anxiety and updates.
- Remote risks: BYOD landscapes, particularly those that operate within the cloud, make network security harder than ever to achieve, as well as allowing attackers to run riot across a company’s inner-workings once they gain access. Check out our article, Has Remote Working Created a Massive Cyber Security Threat? for more details.
- Increased malicious data collection: Notable increases in spear-phishing (667%), malware, and ransomware (72%,) leave company data more at risk than ever before.
Cyber threat intelligence best practices
In the face of these increasing risks, stagnant security measures simply aren’t enough. Rather, businesses need to improve their understanding across the board so that they can protect against the changing face of breaches in real-time. Cyber threat intelligence is the only way to make this happen, as it provides all-important threat intel that answers fundamental questions which are sure to form the backbone of the flexible and ongoing protection necessary in 2022.
Only once this kind of inclusive tactical intelligence is in place can companies begin to rebuild their security strategies. The types of threat intelligence especially set to make a difference this year include:
- Monitoring threat activity (the cyber security journey): As proven by 2020/21, cyber security is not and never should be a static process or ‘destination’, but is instead a journey that requires monitoring threat activity at all times, either in-house or outsourced. Only then can IOCs (indicators of compromise) be recognised and addressed in moments, leading to the all-important feedback-based improvements that create better outcomes despite uncertainty and ever-arising challenges.
- Integrating intelligence and risk management: Raw data insights off the back of operational intelligence drives on social media and more should very much feature within current risk landscapes, ensuring companies recognise and foresee issues in real-time which they can then integrate into more generalised risk assessment strategies.
- Creating response plans: As much as companies need to understand ever-changing risks, they also need tactics, techniques and procedures to fall back on should breaches happen. This is especially the case in light of increasingly targeted phishing attacks that are practically impossible to avoid. In this instance, well-placed response plans are the only form of defence. Specifically, plans should incorporate inclusive reactive stages including preparation, identification, containment, eradication, recovery, and education. Managed Detection and Response (MDR) services are a great way to improve your flexibility and security outcomes.
- Demonstrating the business value of effective planning (doing more with less): How you frame cyber security has a huge impact on how effective your security strategies will be. In 2022, it’s especially fundamental that you’re able to not only put plans in place but also to demonstrate their value in real terms. Your ability to do more with less, specifically with the help of strategic partners who can help you to access effective intelligence at the planning stage either to shift existing strategies or implement robust systems, can go an especially long way towards demonstrating business value that board members can get behind.
Each of these works together to provide a wide range of benefits within largely cyber security strategies, including:
- Reduced costs
- Enhanced board reporting
- Improved threat classification
- And a great deal more
Ultimately, getting on top with threat intelligence best practices right now is the only way to ensure cyber security solutions that truly withstand the challenges of the unknown.
Creating a more sustainable future
Cyber security threat landscapes continue to change at a drastic pace, and companies need to shift their attention to building sustainable, safe futures that can help them to rebuild internal security strategies and regain widescale client trust. The question is, how exactly can you achieve that goal?
Success here is about looking at the challenges you’ve faced, and considering where the threat intelligence strategies discussed stand within that landscape. Most notably, businesses moving forward need to find adaptive, flexible solutions that allow them prove the value of putting security back at the business forefront.
Unfortunately, in-house restraints can prevent you from reaching these desired levels of threat intelligence. The cyber security skills shortage, especially, could mean that your team doesn’t know how to implement the intelligence that they do gain access to. This is bad news in a security landscape that requires decisive, immediate action like never before, and it’s an issue that many companies are getting past with the help of security-specific service providers who know what’s what in terms of existing and arising threats and, more importantly, how to put that intelligence to good use.
How Six Degrees can help
At Six Degrees, we provide precisely these benefits and more by working with businesses to develop the robust and sustainable security solutions that are more important now than they ever have been. Our Managed Detection and Response services are especially fundamental for monitoring threats in real-time, and acting fast to make sure that they don’t leave you reeling.
Overseen by cutting edge technology and human experts, our flexible solutions are changing all the time to meet new threats, accommodate new devices, and deliver the effective cyber security solutions that are guaranteed to keep you afloat through 2022 and beyond. Get in touch or check out our article The Six Degrees Approach to Cyber Security.
Subscribe to the newsletter today
Our Cyber Security Practice Director Chris Cooper talks