Looking back, 2021 was a pivotal year for everyone, and particularly for those of us in the cybersecurity sector. The second year of the pandemic, it consolidated the transition to a new world of hybrid and remote working, along with significant changes in cyber laws, global initiatives and collaboration between the public and private spheres to combat the rise of threats. Unfortunately, a significant rise in cyber attacks such as phishing, BEC and ransomware, continued to escalate, calling for increased cyber resilience for all enterprises, as we come to terms with the reality that no one is immune from a cyber threat.
Heeding this call, my team at MailGuard have worked hard to continue enhancing our product offerings to ensure that with the support of our partners, we are bringing the very best in email security to our customers and teams. Email remains the primary vector for the delivery of cyber threats, and we continue to work hard to ensure that customers and their businesses are protected.
Throughout another turbulent year, with an increase in cyber awareness, I reached out to my network of Infosec professionals and business leaders for feedback on some contentious issues that have kept not only cybersecurity professionals up at night, but business leaders who are at a high risk of being impacted by a cyber threat.
Here are some highlights from the polls that we have conducted:
1. Ransomware: To Pay or Not to Pay?
One of the most contentious issues facing businesses is how best to respond to a ransomware incident. From the 4th of July, Kaseya ransomware attack, which impacted so many MSPs, through to the Colonial Pipeline ransomware attack in May that took down the major US gas pipeline, and impacted so many in the US including causing major supply chain disruptions, and then there was the attack on major meat processor, JBS Meats, in April, plus many more throughout the year. Ransomware stole the show as the most feared threat facing businesses everywhere.
In this fraught climate of crippling cybercrime incidents, where the incidence of ransomware attacks and the scale of their impact seems to escalate every month, the question posed to my network was:
If your organisation was struck with ransomware and your files were encrypted bringing business operations to a standstill, would you: (a) Pay, (b) Not Pay, or (c) Unsure?
An overwhelming majority (72%) voted that they would not pay – largely aligned with opinions of specialist government departments and legislation who consider it dangerous and fuelling the work of cybercriminals to pay ransoms. Read more here: ‘The pay a ransom? The debate rages on’
Download our free eBook: ‘5 Key Lessons on Ransomware from 2020’ here.
2. Cyber risks in the new world of work.
In a new world of work, many employees are remote or in hybrid working environments, meaning greater vulnerability to businesses from cyber attacks. The threat landscape has worsened, with threat actors having more opportunities with an expanded attack surface.
So, the question posed to business leaders was: Which cyber risk do you fear the most?
The results, given the rise of ransomware attacks and their disastrous impact on businesses, their operations and reputation, were not surprising. 58% voted that a ransomware, system lockout was the most fearful attack they were facing, with hacking, phishing, network breaches, malicious insider attacks and data leakages less pronounced.
Our free eBook, ‘Building Resilience: 6 Practical Ways to Manage a Remote and Hybrid Workforce’ is a great tool to share with customers and their teams to implement some practical tips for a more cyber secure workforce. Download it here.
3. Should Government Contractors Be Legally Accountable If They Don’t Report a Breach or Fail to Meet Cybersecurity Standards?
As cybersecurity attacks continue to rise globally, and particularly in the US, an important announcement from the US Department of Justice makes government contractors, that is, any business contracted to do work for a government entity, accountable in a civil court if they don’t report a breach or fail to meet adequate cybersecurity standards. “The initiative will hold accountable entities or individuals that put US information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches (U.S. Department of Justice).
In effect, this initiative gives the DoJ the leverage to fight cyber threats stemming from contractors of federal agencies who fail to follow cybersecurity standards. An important issue for a lot of customers, whos’ businesses are often contracted to government departments. A majority of respondents agreed that it was necessary for governments to implement this, 83% to be exact, recognising the importance of implementing essential cyber security mitigations and reporting breaches in order to stay protected.
4. Should business be allowed to hit back at hackers?
This was our last poll for the year, and potentially the most belligerent, with the community offering valuable insights and reasoning indicative of the complex nature of the question. There has been much discussion recently about the merits of private companies going on the offensive against cybercriminals. Some think it’s long overdue, while others fear a digital wild west, with cyber vigilantes running untethered.
Current laws in the US largely limit companies to playing defense, with federal laws against invading someone’s computer. But some specialist cybersecurity firms say they can pursue criminals without launching their own attacks. Most cybercrimes in the US fall under the Computer Fraud and Abuse Act, a 1986 law that prohibits unauthorised access of computer systems. The law effectively places offensive cybersecurity actions solely in the hands of the federal government. However, with the complications caused by attacks such as ransomware attacks, where businesses are time-poor and stuck between a rock and a hard place when it comes to business continuity and suffering severe financial losses, amidst other dire consequences, the question was asked:
Should private businesses be allowed to hit back at cybercriminals, and ‘hack the hackers’ so to speak?
A complex question, with 48% answering: Yes, go offensive if you can, 33% saying, ‘No, leave it to the lawmakers’ and 20% opting that it was ‘complicated’.
So, there we have it, a recap of the views and opinions from my network on some of the most important issues facing cybersecurity today. I look forward to more valuable insights, food for thought and solutions this year, in 2022, as we continue to engage with business leaders, infosec professionals and others, to keep building a more cyber resilient future.
What cybersecurity issues are you interested in knowing about? If you have any ideas, don’t hesitate to reach out.
Fortify your defences
No one vendor can stop all threats, so don’t leave your business exposed. If you are using Microsoft 365 or G Suite, you should also have third-party solutions in place to mitigate your risk. For example, using a specialist cloud email security solution like MailGuard to enhance your Microsoft 365 security stack.
For more information about how MailGuard can help defend your inboxes, reach out to my team at expert@mailguard.com.au.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
