Business Process Compromise (BPC) cyber-attacks are not often covered in the media. Their distant relative — the similarly sounding Business Email Compromise (BEC) — tends to get most of the billing, especially after the FBI branded it the most costly threat of 2018. But the truth is that this broad category of attacks is a major threat to organisations. Last year we revealed that 43% of US and European firms had been impacted by BPC.
Cybersecurity is difficult to get right. On the one hand, CISOs are very much impacted by a highly volatile threat landscape. The tools, tactics and techniques used by cyber-criminals to attack their organisation evolve fast to exploit newly found weaknesses and take advantage of wider trends. The recent spike in crypto-jacking, for example, came about only after the value of digital currencies soared. Yet on the other hand, security leaders must be more measured. Only by stepping back and taking a more considered view of the industry untroubled by immediate threats can strategic, longer term decisions be made in the best interests of the business.
Modern organisations are increasingly dependent on their supply chains to meet key business goals. But as partner ecosystems have grown and become more complex, so has cyber risk. Unfortunately, UK firms are still flying blind when it comes to managing this risk. A new Accenture report out this week claims that as many as 70% may be vulnerable to attack because they don’t have enough insight into suppliers.
It’s time organisations treated supply chain security as an urgent priority. That means vetting, auditing and continuously monitoring third parties according to the same high standards as your own company. Continue reading →
The UK’s National Cyber Security Centre (NCSC) has done a fantastic job since it was launched in 2016 of supporting businesses, government agencies and the public in their efforts to become more secure. Most recently this week it launched a new Cyber Accelerator designed to uncover the most talented UK start-ups in the sector — all with the mission of making the UK the safest place in which to live and work online.
At Trend Micro, we might sit at the opposite end of the industry from the start-up community, but we’re right behind the NCSC’s efforts. That’s why we’re showing our support at the CYBERUK event hosted by the NCSC next week, as a networking sponsor. Continue reading →