Dealing With Security Incidents In The Enterprise Sector 

Cyberattacks are an ongoing challenge for organisations of all sizes across the world with ransomware a particular growing threat.  According to a recent research, ransomware payments totalling almost $450 million were paid in the first six months of 2023, against a complete year total of $500 million in 2022.

Regular stories emerge about high-profile companies impacted. Earlier this year, Royal Mail suffered a ransomware attack when the LockBit group hacked its software, whilst Barts Health NHS Trust was targeted in the summer. 

Ransomware, phishing, or another malware attack, and user account compromise are the most common attack vectors, according to recent Netwrix research which shows that 68 percent of respondents experienced at least one security incident within the last 12 months.

However, the research reveals that the threat landscape for the enterprise sector (organisations with over 1,000 employees) differs from that faced by their smaller counterparts. In particular, large organisations experience greater financial impact from security incidents and suffer more malware attacks. Enterprise IT and security leaders should keep this in mind when conducting risk assessments, forecasting the business impact of attacks, and prioritising their mitigation strategies.

Security Incidents In The Enterprise Sector 

According to the findings for the enterprise sector, 65 percent of enterprises suffered at least one cyberattack within the last 12 months. These attacks targeted enterprises’ on-premises environments more than the cloud. For example, 84 percent experienced phishing on premises and only 64 percent spotted it in the cloud. 

What’s more, the enterprise sector spotted more security incidents than organisations overall. The starkest difference was for ransomware and other malware attacks: 48 percent of enterprises experienced this type of security incident on premises compared to 37 percent among organisations of all sizes. 

This statistic is not surprising. Ransomware operators want to maximise their profits, so they consider which organisations are most likely to pay a ransom to reduce business downtime — and the larger an organisation is, the costlier an operational disruption will be. 

Mitigating The Risk Of Ransomware & Other Malware Attacks 

Addressing the threat of being attacked with ransomware starts with informing internal staff about the issue and providing up-to-date cybersecurity training. Ensuring that all staff understand and follow basic cyber hygiene practices helps prevent malware infections by reducing the risk of users falling victim to phishing campaigns. 

The second step is reducing the organisation’s attack surface by taking control over access rights. One key reason that on-prem environments are more vulnerable to malware attacks than SaaS systems is on-premises privilege sprawl — users often have administrative rights on their computers, there are large numbers of highly privileged accounts, and so on. These excessive rights enable ransomware to spread quickly from an initial compromised endpoint across the entire IT ecosystem. 

With this in mind, enterprises should strictly limit each user’s privileges. For business users, this means enforcing the least privilege principle with comprehensive identity access management (IAM).

For effective implementation, look for solutions that provide automated approval workflows that empower users to request the access rights they need and enable business owners to approve or deny those requests, as well as to regularly review and validate access rights to the data and applications they are responsible for.

The best way to rein in privileged access is to implement effective privileged access management (PAM), ideally through a zero-standing privilege (ZSP) approach. ZSP involves eliminating as many risky standing privileged accounts as possible. Instead, users are granted elevated privileges only when they are required, for only as long as required. 

Third, be prepared for attacks that might get through your defenses with a thorough incident response plan (IRP) that is regularly reviewed and tested. An ideal IRP should include automated controls that can instantly disable compromised user access to sensitive data and terminate suspicious behaviour. This approach can stop an unfolding attack before the organisation suffers a costly data breach.

Cyber Insurance For The Enterprise Sector 

28 percent of enterprises estimate the financial damage from cyberattacks to be $50,000 or more. This is in stark comparison to only 16 percent of organisations overall. To mitigate this financial risk, 58 percent of enterprises already have a cyber insurance policy or plan to purchase one within the next 12 months. 

The process of qualifying for cyber insurance can be quite tricky. The research reveals that 50 percent of organisations with cyber insurance implemented additional security measures either to meet the requirements of the policy they selected or to simply be eligible for a policy at all. An insurance company’s audit of an enterprise’s security posture can provide the IT team with valuable insights that will help them eliminate security gaps. 

An insurance payout can defray the financial impact or even prevent bankruptcy of the organisation — but no policy can restore data or operations.

Enterprises realise this; data security was named the top IT priority for 2023, chosen by 68 percent of respondents.

Dirk Schrader is VP of security research at Netwrix                             Image; Geralt

You Might Aso Read: 

PAM, IAM, Or Both?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 


Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The Slots Fall Silent
The US Space Force Needs Help »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Ampyx Cyber

Ampyx Cyber

Ampyx Cyber (formerly Ampere Industrial Security) is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Drawbridge

Drawbridge

Drawbridge is a premier provider of cybersecurity software and solutions to the alternative investment industry.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.

Lithuanian Cyber Command (LTCYBERCOM)

Lithuanian Cyber Command (LTCYBERCOM)

The Lithuanian Cyber Command is responsible for planning and execution of operations in cyberspace and installation of strategic and operational communications and information systems.