SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Cyber Threats

Cybersecurity experts urge enhanced defence strategies

Today
Author image
By Kaleah Salmon, Journalist

Cybersecurity remains a dominant concern for businesses, as highlighted during Cyber Awareness Month. Experts in the field are voicing concerns, offering insights into mitigating risks, and boosting organisational defences against burgeoning cyber threats.

Innes Muir, Regional Manager for Managed Security Service Providers (MSSPs) at Logpoint, outlined several persistent challenges organisations face. He highlighted that although Cyber Awareness Month marks its 20th anniversary, fundamental issues remain unchanged. "Most attacks are opportunistic in nature – they exploit a lack of basic cyber hygiene," making it imperative for organisations to implement effective measures, such as password management, multi-factor authentication (MFA), and software updates.

Muir pointed out the results of the Cyber Security Breaches Survey 2024, painting a concerning picture. While a significant 72% of businesses reported having a password policy, only 54% had established a protocol for handling fraudulent emails or websites and a mere 39% employed two-factor authentication. Security updates within 14 days were only being managed by 34% of firms. These statistics indicate a worrying gap in cybersecurity practices, particularly among small and medium-sized businesses (SMBs) that struggle with budget constraints and a shortage of cybersecurity professionals. "It's a picture that only worsens when it comes to SMBs," he noted.

Muir suggested integrating automated systems for threat detection and response to address these challenges. "Automating threat hunting, detection and incident response can dramatically improve the ability of the enterprise to spot and stop attacks using a Security Incident and Event Management (SIEM) platform." Using Security Incident and Event Management (SIEM) technology, organisations can respond to real-time threats, a technology once reserved for larger corporations but now accessible to smaller enterprises. Alternatively, he advocated for Managed Detection and Response (MDR) services, which involve outsourcing these responsibilities to third-party providers, offering a 24/7 security solution that integrates SIEM capabilities alongside a dedicated response team.

Meanwhile, Yousef Hazimee, Head of Security, Risk and Compliance at LearnUpon, emphasised the importance of engaging employees with updated and relevant security training. Hazimee cautioned against repetitive and monotonous training programs, which risk losing effectiveness if not regularly revised. "If you keep serving up the same content every year, employees will lose interest, and the training will lose its value, which can become a big cybersecurity risk." Effective training must consider the audience's current knowledge and technological competence, ensuring materials are pertinent and accessible. "My best advice would be to start with something manageable and design the program with your audience in mind," he recommended.

LearnUpon tackles this by conducting annual company-wide security awareness programs, thus keeping their staff informed about new and emerging threats while reinforcing existing security protocols. This approach suggests designing tailored training that aligns with employee capacities, such as short video modules for more mobile learners or foundational courses for less tech-savvy individuals. Hazimee asserts that evolving education standards should reflect the advancing security awareness of employees over time. "Focus on your learners, and try to build a program that feels relevant and realistic to them."

Both Muir and Hazimee underscore businesses' need to remain vigilant and adaptive in their cybersecurity strategies. Leveraging technological innovations like SIEM and MDR can markedly bolster organisational defences, while thoughtful and dynamic employee training can elevate awareness and competence, fortifying businesses against the sophisticated threat landscape. As cyber threats continue to evolve, it is clear that both technological and educational measures must advance in tandem to maintain effective defences.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Edinburgh tops UK demand for encrypted messaging apps
Kaseya survey finds human behaviour a top cyber threat
VIPRE earns 'Strategic Leader' status in 2024 AV report
BeyondTrust forecasts cybersecurity shifts by 2025
It’s time for API edge security
Top stories
Upwind Security unveils feature for safeguarding APIs
Socket raises USD $40m to enhance open-source security
Socket secures USD $40m series B to combat supply threats
Reltio unveils AI enhancements for customer 360 platform
Paladin appoints Nazo Moosa as UK Managing Director