Are confident companies at risk from a ‘false sense of cybersecurity’?

New research from insurance company, Beazley, has revealed that cyber is the highest ranked concern across a broad range of technology risks for business leaders in 10 different industry sectors. Of particular interest is that compared to the risks posed by disruption, failing to adapt to changing technology developments and threats to Intellectual Property, companies also feel “better prepared to manage [cyber risk] than any other.”

The report points out that: “In the US, almost two thirds (65%) of retail leaders and over two thirds (69%) of financial and professional services leaders feel very prepared to anticipate and respond to cyber risk.”

Is there a danger, however, that given the huge increase in a range of incidents, such as a ‘stratospheric’ growth in ransomware attacks, these findings could also reveal a false sense of security? As Cybersecurity Dive pointed out in its analysis of the study, “With layers of protection, including cyber insurance coverage, business leaders might feel insulated from threats. However, with sophisticated threats mounting, it’s difficult to predict where and how an attacker evades protections.”

As the Beazley report illustrates, confidence levels are by no means consistent. It states: “In the UK, for example, where data privacy regulation has been in place for a shorter period of time, these industries are notably less confident. Less than a third (28%) of financial and professional service leaders and only 32% of retail leaders feel very prepared to manage cyber risk in the UK.”

Ultimately, proactive protection remains key if organizations the world over are to build long-term confidence in their cybersecurity. The challenge is that most security strategies are actually designed to react to security risks, and many remain highly vulnerable to the dangers presented by a wide variety of threats, and particularly by the billions of files and documents being sent and shared across the world every day.

For example, zero-day vulnerabilities can remain active and undetected for anything up to 18 days before antivirus and sandboxing technologies are updated to mitigate the risk or software fixes emerge. During that ‘window of risk’, unprotected infrastructure remains open to attack and as a result, zero day exploits have become a preferred way for cybercriminals to gain access to networks or deliver malware.

Given that approximately 1 in every 100,000 files contain malicious content, with 98% unknown to antivirus solutions, security teams need to be given advanced tools so they can take a proactive stance against the risks posed by zero day vulnerabilities.

Glasswall’s Content Disarm and Reconstruction (CDR) technology identifies and removes risky, zero-day file-based threats from all files in moments – minimising downtime and disruption often caused by traditional antivirus or sandboxing solutions.

To read more about Glasswall CDR, click here.

‍