Last month, e2e-assure collaborated with Raconteur as part of their annual Cyber Security and Digital Threats report which covers a vast range of cyber topics from AI to Zero trust policies. CEO Rob Domain spoke about the needed shift in CISO priorities to ensure the ultimate coverage in cyber resilience.
We broke down our top 5 findings from the report, which is summarised below.
Fancy reading the full report? Download for free through the Raconteur.
Cyber Inequality – The Stats
This years Raconteur report evidence, again, that smaller businesses are twice as likely as high revenue firms to say that their cyber resilience is insufficient. This is reflective of the findings e2e-assure found in our independent research last year.
The report delved into a number of key statics but the most significant show:
-
The Skills Gap
While 95% of high-revenue businesses say that they have the necessary skills to achieve their cyber security goals, only 49% of low-revenue firms say the same. This disparity suggests a need for flexible, lower-cost solutions for smaller businesses.
-
Customer Expectations
While more users have felt their provider is exceeding their expectations over the last 3 years. It is important to highlight the trend that there has also been a 9% increase in those feeling their provisions are insufficient since 2022. This bodes the question – should suppliers be doing more?
-
Bigger is better
The research shows that bigger, high-revenue organisations suffer less from skills gaps and shortages of talent. With only 49% of low-income firms thinking they have the necessary skills. Therefore, it is vital that organisations invest in their cyber provisions in a way that shows Return on Investment, or risk losing large sums to Cyber criminals.
A Shift in CISO Priorities
We all know the role of the CISO continues to mount, with tight cyber security budgets and a higher demand to prove ROI to the board.
But how effective, and flexible, is your current cyber security provider? Traditional security operations centres (SOCs) can be too rigid and reactive, often responding to threats after they have already caused damage.
Modern businesses advocate for modern solutions, which e2e-assure aims to deliver through early detection and proactive measures. Providers like e2e-assure emphasise the importance of flexible, modular services that can be tailored to meet specific business needs which grow with them, all to provide an easier run for CISOs.
This adaptability allows organisations, particularly CISOs, to adjust their security measures as threats evolve. Ensuring they remain resilient and in control, and take pressure off strained IT departments – while keeping the board happy.
The Role of the Government
As pressure continues to mount on CISOs, the report opens with a welcomed reminder of the role of the government in ensuring businesses are adequately protected from threat actors. Research conducted by the government showed that staggeringly, half of all British businesses –and 74% of large companies – have reported a cyber security breach over the previous 12 months (April 2024).
However, changes in an attempt to counteract these figures have occurred over the last 24 months, including:
- A ban on simple, easily guessable passwords on smart devices within the Manufacturing industry (e.g. 12345).
- Launched back in 2022, an 8-year strategy is being implemented to improve public resilience within Cyber.
- Updates to the National Cyber Strategy, which had previously not been updated since 2016.
It is great to see these policies being implemented across the UK, but is it enough? We look forward to seeing what else is to come in the latter half of this year.
Managing Human Risk in the AI Age
AI is arguably the biggest buzzword in the cyber industry in 2024, and this report has plenty to share on the subject.
As artificial intelligence continues to get even more intelligent, managing human risk becomes increasingly important. This piece suggests that the best defence is a good offence: proactively identify weak spots before they become problems and keep your team continuously trained. This is a mantra in which the e2e-assure also believes – by implementing attack simulation, organisations can rehearse procedures from a preventative standpoint and significantly reduce the risk of data exfiltration.
AI also introduces new attack vectors, making it essential to adapt existing cyber security frameworks to secure AI systems effectively. Continuous education and training can significantly reduce the risk of human error, which remains a primary vulnerability in cyber security. Ensuring that your team is aware of the latest threats and best practices is key to maintaining a robust security posture.
However, this article does highlight the viewpoint that although we often blame employees as the weakest part of the puzzle, they are also the element that provides the most protection when properly trained and alert regarding cyber threats. As with any tool, if it is configured correctly, employees can form a ‘human firewall’ around your organisation. An interesting view to keep in mind for CISOs.
Unified Data Security Approach
Keeping sensitive data secure is a challenge, especially when it’s spread across different platforms and environments. Traditional security tools often fall short of providing the necessary protection. Innovative solutions like Forcepoint’s Data Security Posture Management (DSPM) and Forcepoint ONE Data Security offer a unified approach to data security.
These tools provide real-time visibility and control over data across various channels, simplifying compliance efforts and closing security gaps. By centralising the management of data security, organisations can more effectively monitor and protect their critical information.
It’s great to see organisations prioritising the communications between provider and service user, as these relationships become more important as risk increases.
The rise of AI and the continued pressure on CISOs is in conclusion, forcing businesses within the industry to think carefully about how to get the most from their investments. Although automation makes lives easier for many industries, the power of attack simulation and cyber risk training cannot be underestimated to ensure complete protection for modern businesses.
Click to read the full report through the Raconteur.