“Ransomware attacks have evolved into a really amazing degree of sophistication.”
Cyber attacks have hit almost all organisations across the UK in the last year, with 96% of companies reporting that a breach has negatively impacted their business.
The eyebrow-raising statistic comes from a new report, The Rise of the Business-Aligned Security Executive, published by cyber exposure company Tenable.
The figures come as no surprise to Jose Maria Labernia, who is CISO for the EMEA region at LafargeHolcim, Europe’s biggest supplier of concrete and other building materials: “The reality is all organisations face cyber-security attacks, whether they’re automated or APT or some other kind,” he said.
“Ransomware attacks have evolved into a really amazing degree of sophistication. Hackers can see the impact they can have and the profits there are to be made when the core of a company’s business is attacked.
“This is what happened when Garmin was attacked a couple of weeks ago – they had to stop production for a couple of days and it led to millions of IoT devices not working. You need to be very well protected with different layers of security and back-ups, as well as a comprehensive response strategy.”
The damaging effects of cyber attacks are laid bare in the paper, which was carried out by Forrester on behalf of Tenable, and polled 851 business and security leaders. It says 44% of organisations surveyed lost employee data to hackers, while 36% were hit by financial loss or theft, and 34% reported customer attrition.
Operational technology features prominently in attacks, with 65% of respondents revealing they had suffered an OT-related breach.
Renaud Deraison, chief technology officer and co-founder of Tenable, said ensuring that security measures were aligned with wider business objectives will be key to successfully stopping attacks.
“In the future, there will be two kinds of CISO -those who align themselves directly with the business and everyone else,” he said.
“The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment.”
Jose Maria agrees: “Security is not an IT topic, it’s a business topic that IT can support and drive, and as such businesses need to own it. Business leaders need objective information so that they are able to define their risk appetite, and there is a growing awareness among senior managers about the importance of cyber security. That in turn is passed down through their organisations.”