Conclusion: This month, discussions regarding critical security issues have continued to be prominent. In particular, an increase in the ineffective management of security threats and incidents was flagged. A high proportion of companies have cited a preference for paying off ransomware demands due to a perception it is a cheaper and less complex resolution to security incidents. These types of short-term solutions often produce other risks and create larger, associated problems in the future. A growing trend to under-report security incidents and a lack of cyber threat intelligence has left many companies exposed. Customers often deprive themselves of opportunities to improve cyber security controls and processes when they do not adopt long-term mitigation strategies to reduce risks and enhance response measures.
Such long-term and consolidated efforts allow customers to take advantage of all resources available to the company, founded in threat intelligence. Accessing a wide range of cyber threat intelligence and establishing ways to obtain this information is particularly critical. Plans must include ways to identify and assess security incidents, how staff communicate and share information regarding incidents, as well as harnessing data from external sources such as service providers and other tailored data specialists. Whilst complex, establishing sturdy threat identification, protection, response and recovery frameworks will improve a company’s capacity to manage security risks, utilising all resources and information available.