With 2023 coming to an end, IPM experts have taken stock of the evolution of the threat landscape in recent months and concluded that it has been a particularly complicated year in which companies, both in the public and private sectors, have been targets of cybercrime.
Around six out of ten companies acknowledge having received a more significant number of cyber attacks throughout the year, and the average number of weekly attacks is around 533, according to various studies. These are just two examples of data showing the complexity of the scenarios organizations face to protect their systems and data.
We are at a time when cybersecurity is one of the biggest challenges for companies worldwide. The threat landscape has been impacted by the growth of cybercriminal groups, protected by the legal loophole in international laws and the profit margin it brings them.
IPM specialists have monitored the significant cyber incidents of recent months, which have put the operations and data of organizations in all sectors in check, from Health and State and Local Administration to private entities in verticals such as Telecommunications and Media. , and even large IBEX companies. This highlights that no company is exempt from suffering a cybersecurity incident.
Tips that will help improve companies’ cybersecurity postures
- Cybersecurity governance: The current challenges in this area require a good governance model that facilitates the management of the security of systems and networks since cybersecurity is a discipline that cuts across the entire organization and must be an essential part of its risk control and management strategy. It is about optimizing security controls and measures and articulating management policies that must be continually reviewed and improved to guarantee adequate defence against threats. The model must define roles and responsibilities, the necessary resources and capabilities, action measures and incident management, cyber intelligence, and all the necessary elements that guarantee business continuity.
- Risk identification, vulnerability analysis and 24×7 monitoring: To be prepared for possible incidents, decisions must be made based on the risks of threats materializing on the organization’s assets. This means that companies must be able to identify them and have continuous monitoring systems through threat intelligence and, very importantly, vulnerability analysis, which will also allow them to have an adequate patch management policy to prevent them. from being exploited.
- Backup is not enough: According to Veeam’s 2023 ransomware trends study, 93% of these attacks target cybersecurity copies, and three out of four are at least partially successful. In this context, it is critical to have a trusted backup accessible at any time and from anywhere. It is part of a cyber resilience strategy that facilitates recovery as quickly as possible in case of a stoppage of activity or data loss.
- Training for management teams and employees: Cybersecurity concerns everyone, and, furthermore, the human factor is the weakest link in the chain. Promoting awareness and training is the only way to achieve a safety culture throughout the company. All staff must know safety habits and practices when preventing and mitigating risks.
- Attention to the supply chain’s resilience: It will be critical to gain visibility on security threats from suppliers and partners, developing clear cyber guidelines that should govern relationships with the corporate ecosystem. They will also have to create controls that allow risks to be managed.
- Increase in budget items dedicated to security: Today, data is the main asset of companies, and accessing it is a very lucrative business for cybercriminals. Any incident has repercussions, not only because it can paralyze operations or because of the economic losses it entails, but also at a reputational and regulatory compliance level. Furthermore, stolen data is the basis for new cybercrimes. Businesses must invest in establishing comprehensive security strategies if they want to be protected from threats.
In a threat scenario like the current one, marked by the increase and severity of threats, companies must choose technological partners with the necessary knowledge and experience to help them articulate a solid cybersecurity strategy.
