CYBERSECURITY
With M&S and Co-op recently hit by cyberattacks, possibly through social engineering, what lessons can organisations learn?
It’s a whole-of-business problem, not just security. The extent to which businesses have digitally transformed changes the attack surface and threat profile significantly.
Justin Kuruvilla: We haven’t seen any official reports yet. If it was spear phishing, have we learnt anything new? I don’t think so – this has been around for years. With AI, it could have been a voice or video call that made it seem like someone of importance. But hopefully organisations have adopted an assumed breach mentality – train your staff in cyber hygiene, but if the worst happens, how do you contain the blast radius?
Stuart Seymour: One aspect of cybersecurity is that everything’s new. Always. The threat continually evolves – as we shut one door, they open another. What’s disappointingly not new is ambulance chasing vendors on LinkedIn, assuming the role of ‘director of hindsight,’ claiming they have silver bullets. We can do better.
Nick Godfrey: Fundamentally, attacks enter through technical or human compromise. We have a growing problem with remote IT workers – North Korean actors gaining insider access.
105
technologymagazine. com