“The cyber threat landscape doesn’t stand still.”
Spend any time reading cybersecurity articles and you’ll soon come across this statement. It’s something of a cliché in the industry today but fundamentally it’s true. In fact, the threats faced by organisations evolve and advance at a quite dramatic rate year on year. Such is the ingenuity of threat actors – whether they are individuals working from a bedroom or state-sponsored hackers – that even the most vigilant organisations can have a hard time keeping them at bay.
Of course, good risk posture and a proactive approach to cybersecurity should be at the heart of every responsible business. But what does this mean in 2024?
At Hicomply, we’ve seen a noticeable shift in organisational behaviour over the past 12-18 months. As we onboard new customers, we always take the time to understand their drivers, requirements and challenges. This provides us with regular, real-world experiences that help us to not only tailor the solutions and services provided on our platform but also gain valuable insights.
Of course, certifications like ISO/IEC 27001 are often pursued by businesses because they are required to meet regulatory requirements or meet the demands of upcoming tendering processes. But more and more, we’re seeing organisations see past industry expectations and appreciate that what they achieve through their ISMS goes far beyond a box-ticking exercise.
In 2024 we have already seen customers identifying areas for improvement in their processes and procedures that aren’t driven by regulations but instead by their own desire to improve their risk profile and mitigate the risk of potentially disastrous breaches . . . breaches they have seen other organisations fall foul of.
It’s perhaps easy to underestimate the significance of this shift. You might think that organisations always take proactive steps to safeguard themselves. But ask any cyber consultant with experience in the industry and they’ll tell you that their business is all-too-often made profitable through a reliance on distress purchases – working with companies looking to pick up the pieces after an incident.
So, what do we do with this insight at Hicomply? We respond by looking at how we can utilise customer feedback to continuously improve our platform.
In 2024, we’ve already introduced a raft of new product updates, including the introduction of AI tools to streamline document management and evidence mapping tasks, as well as introducing a new risk assessment feature and virtual Help Assistant.
Our customers want to ensure that their ISMS isn’t just compliant in time for an annual audit; they want to know that all their high information security standards are maintained all year round, utilising solutions that take out the heavy lifting around evidence collection and minimise demands on internal resource.
The threat landscape right now
To draw on another information security cliché, people are both the greatest strength and greatest weakness of any business. Staff have the ability to contribute to greater resilience and reduced risk when motivated, well trained and empowered. But as we know, employees are also the source of the majority of incidents and issues.
Yet again, 2023 saw phishing attacks top the list of attack vectors in the industry with social engineering playing a key role in gaining access to sensitive data within organisations of all shapes and sizes. According to research by Verizon, 74% of breaches involved a human element last year.
As much as AI is playing a critical role in improving information security practices, it’s also proving to be a valuable tool in the hands of hackers. AI can enable cybercriminals to complete reconnaissance tasks much quicker, helping them to identify and exploit vulnerabilities at a faster pace than ever before.
Closely tied to phishing scams is the ransomware attack, a threat that’s earned headlines on many occasions over the last. From the British Library to British Airways, it’s estimated that over $1bn was extorted in crypto payments in 2023. Ransomware attacks are notable not just for their severity but also their complexity in 2023.
Often aimed at high profile organisations and critical infrastructure such as universities, hospitals and utilities providers, ransomware attacks are now penetrating sensitive data stored in cloud environments as organisations look to digitise their assets.
In conclusion
It is encouraging to see new customers come to us each month with a belief that proactive security is now a non-negotiable part of their organisation. It’s not a nice to have or just a tool to win tenders. Instead, cyber readiness and clear governance is an essential for those we work with. And that commitment to best practice will be important in an environment where cyber incidents are seemingly becoming commonplace.
Want to see what our platform can offer you? Why not book a demo today or ask a question by emailing [email protected].