CYBERSECURITY
With M & S and Co-op recently hit by cyberattacks, possibly through social engineering, what lessons can organisations learn?
Justin Kuruvilla: We haven’ t seen any official reports yet. If it was spear phishing, have we learnt anything new? I don’ t think so – this has been around for years. With AI, it could have been a voice or video call that made it seem like someone of importance. But hopefully organisations have adopted an assumed breach mentality – train your staff in cyber hygiene, but if the worst happens, how do you contain the blast radius?
It’ s a whole-of-business problem, not just security. The extent to which businesses have digitally transformed changes the attack surface and threat profile significantly.
Stuart Seymour: One aspect of cybersecurity is that everything’ s new. Always. The threat continually evolves – as we shut one door, they open another. What’ s disappointingly not new is ambulance chasing vendors on LinkedIn, assuming the role of‘ director of hindsight,’ claiming they have silver bullets. We can do better.
Nick Godfrey: Fundamentally, attacks enter through technical or human compromise. We have a growing problem with remote IT workers – North Korean actors gaining insider access. technologymagazine. com 105