Looking back, 2021 was a pivotal year for everyone, and particularly for those of us in the cybersecurity sector. The second year of the pandemic, it consolidated the transition to a new world of hybrid and remote working, along with significant changes in cyberlaws, global initiatives and collaboration between the public and private spheres to combat the rise of threats. Unfortunately, a significant rise in cyber attacks such as phishing, BEC and ransomware, continued to escalate, calling for increased cyber resilience for all enterprises, as we come to terms with the reality that no one is immune from a cyber threat.
Heeding this call, my team at MailGuard have worked hard to continue enhancing our product offerings to ensure that with the support of our partners, we are bringing the very best in email security to customers and teams. Email remains the primary vector for the delivery of cyber threats, and we continue to work hard ensuring that customers and their businesses are protected.
Throughout another turbulent year, with an increase in cyber awareness, I reached out to my network of Infosec professionals and business leaders for feedback on some contentious issues that have kept not only cybersecurity professionals up at night, but business leaders who are at a high risk of being impacted by a cyber threat.
Here are some highlights from the polls that we have conducted:
- Ransomware: To Pay or Not to Pay?
One of the most contentious issues facing businesses is how best to respond to a ransomware incident. From the 4th of July, Kaseya ransomware attack, which impacted so many MSPs, through to the Colonial Pipeline ransomware attack in May that took down the major US gas pipeline, and impacted so many in the US including causing major supply chain disruptions, and then there was the attack on major meat processor, JBS Meats, in April, plus many more throughout the year. Ransomware stole the show as the most feared threat facing businesses everywhere.
In this fraught climate of crippling cybercrime incidents, where the incidence of ransomware attacks and the scale of their impact seems to escalate every month, the question posed to my network was:
If your organisation was struck with ransomware and your files were encrypted bringing business operations to a standstill, would you:
(a) Pay
(b) Not Pay, or
(c) Unsure?
An overwhelming majority (72%) voted that they would not pay – largely aligned with opinions of specialist government departments and legislation who consider it dangerous and fuelling the work of cybercriminals to pay ransoms. Read more here: ‘The pay a ransom? The debate rages on’
Download our free eBook: ‘5 Key Lessons on Ransomware from 2020’ here.
- Cyber risks in the new world of work.
In a new world of work, many employees are remote or in hybrid working environments, meaning greater vulnerability to businesses from cyber attacks. The threat landscape has worsened, with threat actors having more opportunity to an expanded attack surface.
So, the question posed to business leaders was:
Which cyber risk do you fear the most?
The results, given the rise of ransomware attacks and its disastrous impact on businesses, their operations and reputation, were not surprising. 58% voted that a ransomware, system lock out was the most fearful attack they were facing, with hacking, phishing, network breaches, malicious insider attacks and data leakages less pronounced.
Our free eBook, ‘Building Resilience: 6 Practical Ways to Manage a Remote and Hybrid Workforce’ is a great tool to share with customers and their teams to implement some practical tips for a more cyber secure workforce.
- Should Government Contractors Be Legally Accountable If They Don’t Report a Breach or Fail to Meet Cybersecurity Standards?
As cybersecurity attacks continue to rise globally, and particularly in the US, an important announcement from the US Department of Justice makes government contractors, that is, any business contracted to do work for a government entity, accountable in a civil court if they don’t report a breach or fail to meet adequate cybersecurity standards. “The initiative will hold accountable entities or individuals that put US information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches (U.S. Department of Justice).
In effect, this initiative gives the DoJ the leverage to fight cyber threats stemming from contractors of federal agencies who fail to follow cybersecurity standards. An important issue for a lot of customers, whos’ businesses are often contracted to government departments. A majority of respondents agreed that it was necessary for governments to implement this, 83% to be exact, recognising the importance of implementing essential cyber security mitigations and reporting breaches in order to stay protected.
- Should business be allowed to hit back at hackers?
This was our last poll for the year, and potentially the most belligerent, with the community offering valuable insights and reasoning indicative of the complex nature of the question. There has been much discussion recently about the merits of private companies going on the offensive against cybercriminals. Some think it’s long overdue, while others fear a digital wild west, with cyber vigilantes running untethered.
Current laws in the US largely limit companies to playing defense, with federal laws against invading someone’s computer. But some specialist cybersecurity firms say they can pursue criminals without launching their own attacks. Most cybercrimes in the US fall under the Computer Fraud and Abuse Act, a 1986 law that prohibits unauthorised access of computer systems. The law effectively places offensive cybersecurity actions solely in the hands of the federal government. However, with the complications caused by attacks such as ransomware attacks, where businesses are time-poor and stuck between a rock and a hard place when it comes to business continuity and suffering severe financial losses, amidst other dire consequences, the question was asked:
Should private businesses be allowed to hit back at cybercriminals, and ‘hack the hackers’ so to speak?
A complex question, with 48% answering: Yes, go offensive if you can, 33% saying, ‘No, leave it to the lawmakers’ and 20% opting that it was ‘complicated’.
So, there we have it, a recap of the views and opinions from my network on some of the most important issues facing cybersecurity today. I look forward to more valuable insights, food for thought and solutions this year, in 2022, as we continue to engage with our partner community, customers, and their clients, to keep building a more cyber resilient future.
What cybersecurity issues are you interested in knowing about? If you have any ideas, don’t hesitate to reach out.
Keeping businesses protected
Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid being hit by phishing, ransomware, BEC and other zero-day threats in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
Keep Informed with Weekly Updates
