Demystifying Cyber Security for Directors

The IoD has teamed up with Gemserv, an expert provider of professional services, and a leading management consultancy listed by the Financial Times in their 2022 Special Report, to deliver C-suite level insight and awareness training in order to clarify and remove the misconceptions of cyber security and risk against the growing scale and sophistication of cyber security breaches.

Gemserv has been selected to deliver C-suite level training and workshops detailing – from a cyber perspective – how cyber is now a business enabler, and how the effective use of cyber security facilitates business agility, innovation and growth.

In order to harness this potential, the cyber function needs to align with the overarching businesses strategy and objectives. The tactical cyber initiatives can be linked to these overarching objectives using differing management tools, such as a balanced scorecard. In this way, cyber initiatives can build from the bottom-up addressing personnel and training, operational processes and agility, innovation in customer engagement and ultimately financial performance and growth.

Andy Green, Gemserv’s award winning Chief Information Security Officer (CISO) is a highly experienced CISO and Cloud Security specialist with over 20 years of industry experience.

Andy said “the key maxim in security for 2022 and beyond will be agility. Ensuring agile security strategies are in place that allow for organisations to adapt and respond to the uncertain periods ahead will be paramount.”

“We will see cyber-attacks continue to evolve. Supply Chain attacks will continue to be a key attack path of choice for malicious groups. Hybrid working has also increased the potential attack surface as new applications are being used for conducting business such as cloud apps and collaboration platforms. This combined with the proliferation of hacking tools may lead to an increase in the number of exploits, including zero-day exploits, used to compromise systems. 2021 saw almost double the number of zero-day exploits compared to 2020, and the highest number ever on record.”

“Another trend that is almost certain to continue is the evolution and prevalence of ransomware attacks. 2021 saw exponential growth in ransomware and this is set to continue well into 2022. Multi-staged attack chains will become more prevalent in the delivery of ransomware, for example phishing attacks, leading to malware loaders, to secondary loaders and information stealers and onto ransomware. (i.e. Phishing – Emotet – Trickbot – Ryuk). In the face of this increased number of infections and ransoms, we can expect to see cyber insurance premiums continue to surge – we saw increases of over 50% last year as insurers seek to keep pace with the claims.”

Mandeep Thandi, Gemserv’s Director of Cyber and Digital Consultancy said:

“We are delighted to be working with the IoD to deliver cyber security insight and digital innovation training for SMEs and businesses. As the ever growing landscape of Technology, we need to ensure that our business and organisations, particularly the CNI sectors are robust in their approach to Cyber Security, particularly the challenges we face in the current Geopolitical space”

A recent poll (https://informationsecuritybuzz.com/expert-comments/experts-responses-cyber-security-predictions-2022/) of industry leaders and experts asked what the most important cyber security predictions for 2022.

Ransomware – will continue to evolve and converge with hacktivism, where companies are being hit with ransomware due to the hacker’s perceptions of a businesses’ values, industry, or actions. In these situations, the hackers are not even requesting a ransom or offering to decrypt the data. We also see that ransomware gangs now have the funds to purchase zero-day vulnerabilities that previously were only accessible to nation states.
Advance Intelligence (AI) – Just as organisations and businesses are using AI to provide predictive rules, attackers, terrorist groups and political activists are going to be using advance technological capabilities to progress their agendas and carry out more sophisticated and widespread attacks. In the coming year, we’ll see more of this taking place, cybercrime is an iterative process; just as our solutions and technologies get smarter, so do the very criminals who seek to take down corporations and governments for ransom.
Zero Trust Architecture and Hybrid working – the trend towards greater decentralisation it set to continue into 2022, so what does this mean for security? wo of the key security models that will meet the new hybrid working paradigm and consequently will see significant traction in 2022 are Zero-Trust Architectures (ZTA) and Secure Access Service Edge (SASE). Zero-Trust Architectures are designed to focus security on per-request access decisions and is particularly well suited to architectures that have significant cloud services.
Cyber Security professional shortage – In the current environment, organizations of every type are being hurt by the shortage of Cyber professionals confirmed by the surging demand in cybersecurity vacancies now three times greater than the overall IT market, even though cybersecurity accounts for just 13% of all IT jobs. Main risk associated to this are, single point of failure where an employee holds a skill set or critical information about a process or procedure specific to their organisation.
Cyber Insurance – Cyber insurance became increasingly critical: and it wasn’t just for large enterprises anymore. Small and medium sized enterprises invested, many for the very first time. Yet, confusion and frustration over what it does and does not cover continues.