Paul Conaty, client solutions director, CWSI.

The main route for hackers to get inside an organisation's defences is poor security controls, or security models that need patching or are out of date. Securing identity and endpoints, as well as good endpoint management, is the first line of defence for organisations. The key then is to understand where the vulnerabilities in your system might be and, in turn, where hackers can potentially breach your defences. Regular reviews of your systems and knowing what 'normal' looks like can help to quickly identify any unusual activity. Another common vector of attack is through third-party partners and vendors, so it's crucial for organisations to ensure that their supply chain is secure.

Most organisations focus on external tools, such as endpoint detection and response (EDR) and managed detection and response (MDR) - essentially, tools that will stop hackers getting in. However, external defences aren't much use against internal risks and security vulnerabilities aren't necessarily restricted to gaps in infrastructure. Even as technology becomes harder to penetrate and no matter how smart your security is, human error is the greatest vulnerability of any organisation.

Social engineering is on the rise and password theft is the most common form of attack. Data loss due to malware or ransomware triggered by fraudulent (yet convincing) emails is a growing concern for organisations of all sizes in the decentralised workplace, and user awareness training is paramount in identifying and combating phishing threats. Access controls (and restricting who has access to what) can also help to limit the damage of a potential attack. The key now is to increase cybersecurity investment in the right places, whether that starts with enlisting the support of a third-party provider or building out internal IT teams.

Stuart Jubb, MD, Crossword Cybersecurity

By far the weakest link for any organisation is its supply chain and every business has one: any third party or individual that a business buys from, interacts with or supplies is part of their supply chain.

Supply chain attacks involve targeting an organisation by exploiting weak links in its supply network. They usually entail continuous network hacking or infiltration processes to gain access to a firm's network and cause disruption or outages. The chain reaction triggered by one attack on a single supplier can compromise a complete network of providers.

The basic attack method - to trick a user into opening a file either as an attachment or clicking a web link to release malware into an organisation - has been used for a long time. In the past, these attacks were done with more of a 'hit and hope' strategy for smaller potential gains. Today, they are much more organised and finely targeted. Once inside its target, a hacker can stealthily move through the network, collecting the information it needs to target another part of the supply chain or prepare the ground for a ransomware attack, crippling its host.

The days of focusing only on your own infrastructure and staff training are long gone. Companies need to take a programmatic approach to understanding the risks that might exist in their supply chain. This starts with the selection and onboarding of suppliers, but also needs to be regularly reviewed as part of a supplier risk management framework. Take an interest in your suppliers' cybersecurity practices, share experiences and collectively you can better protect the whole supply chain against attack.

Claus Nielsen, CMO of Holm Security

Organisations have increasingly relied on digital technologies to enhance operational performance as industries continue to reap the benefits of digitalisation. This means there is now an innumerable amount of assets that a business must cover from a cyber security standpoint, from both the technical and human aspects.

All too often, hackers gain access to critical infrastructure through software-outdated internet-facing assets, which need to comply with the latest cyber security techniques and strategies. At the same time, the human factor has become a crucial consideration where security is concerned, as any employee can fall victim to cybercrime, which can result in unwittingly opening the door for hackers to enter and exploit an organisation's systems and data. Whether as a result of a successful phishing attack, through sophisticated manipulation techniques or simply due to a lack of awareness from an employee, a successful hack can cause significant financial and reputational damage to an organisation.

We are currently in the midst of a cyber skills shortage, and rarely does an IT team have the resources and bandwidth available to cover all of the organisation's assets, including the employees. If an organisation doesn't clearly understand what needs to be patched, vulnerabilities cannot be dealt with effectively. Should a gap in an organisation's cyber security make-up be unearthed, hackers will quickly find and exploit any weaknesses. The cybercriminals of 2023 are no longer hackers found in basements; these are now fully-fledged organisations with HR departments where hacking is an occupation, not a hobby. The tools they use are readily available and are being utilised to cause havoc in operations, no matter the industry.

Despite lacking resources, businesses should always understand which business critical assets are under threat. Leveraging 'Next-Gen Vulnerability Management' platforms can help provide organisations with a 'future-ready' solution to cover an organisation's entire attack surface. These solutions can highlight all vulnerable assets and apply threat intelligence to these to ensure IT departments can effectively prioritise their time. As a result, the most crucial threats to operations can be remediated first.

Darren Guccione, CEO and co-founder of Keeper Security:

Insider threats have long plagued both organisations and IT professionals, and unfortunately, they show no signs of slowing down. In fact, our UK Cybersecurity Census report found 80% of IT professionals are concerned about a breach from within their own organisation and 49% of those respondents have already suffered one.

Although financial gain is still the leading motive of malicious insider threat actors, the great resignation has led to a heightened risk of disgruntled employees using their access to maliciously cause a breach. Organisations must also prepare for unintentional insider threats that come from negligence and accidents, such as falling for a phishing email or creating weak credentials that could easily be guessed by a cybercriminal. This is a pervasive problem, as our UK Cybersecurity Census report found that nearly a third of organisations allow their employees to create their own passwords and share passwords.

High-profile breaches must serve as a wake-up call for organisations large and small to implement a zero-trust security architecture, enable MFA, and enforce strong and unique passwords for every user on every account. To achieve this, it is essential to use a password manager as a first line of defence. This will create high-strength random passwords for every website, application and system, and, further, will enable strong forms of two-factor authentication, such as an authenticator app, to protect against remote data breaches.

Matt Malarkey, VP Strategic Alliances, Titania
Network misconfigurations are the sleeping enemy within organisations. It's a simple oversight that allows attackers to access an organisation and laterally move stealthily. The outcome can be catastrophic - from gaining access to proprietary data and reconfiguring networks for their gain. And they can do it without leaving a trace. How does it happen? Network operations teams regularly carry out software updates and apply patches for devices, such as firewalls, switches and routers, as part of an ongoing cyber defence strategy. However, misconfigurations are often overlooked, resulting in persistent and critical risks to network security. Recent research reveals that 96% of organisations prioritise the perimeter and only assess firewalls when validating network device configurations. This means misconfigured switches and routers remain exposed.

Cyber actors are sneaky. Frequently, they are already inside a business, waiting for a door to open, so they can get access to what they want. With misconfigurations, attackers scan for vulnerabilities, change configurations for their purpose, then manipulate or remove the logfiles to evade detection. State-sponsored cybercriminals are particularly well versed in this tactic. Last year, the NSA, CISA and FBI issued a government advisory, detailing how these cyber actors have exploited publicly-known vulnerabilities to establish a broad network of compromised infrastructure. These attacks target and manipulate devices that are often overlooked.

You can't patch away misconfigurations like software vulnerabilities. Today, most organisations rely on sampling a subsection of devices (typically only on the network's perimeter) to identify issues. This is a risky approach and runs counter to Zero Trust best practices. And with 80% of network traffic occurring inside an organisation's perimeter, the exposure is enormous. All devices need to be assessed to prevent lateral movement across the network. In the example of the state- sponsored attack, detecting an unwanted router configuration change would have prompted a network shutdown, so the organisation could stop the attack before malware was planted on target devices. Research reveals that misconfigurations cost organisations millions - an average of 9% of their annual revenue - but the actual cost is likely higher. Detecting the early stages of exploitation is critical to limiting the damage.

AJ Thompson, CCO, Northdoor

Cybercriminals are increasing the regularity and the level of sophistication of their cyber-attacks. Identifying what might be a malicious link has become an issue for employees and IT teams alike, especially for those sitting outside of the corporate network, working from home or in hybrid roles.

Carelessness whilst working at home can sometimes be confused with a lack of under-standing about the nature of the threat. Ensuring teams are fully up to speed and regularly receiving training is critical - too often cyber training only occurs annually. Employees are often considered the weakest link in a business's cybersecurity; ensuring that they are fully aware of new threats will do a lot to keep cybercriminals out. There is a balance, though. Too often, cybersecurity solutions bombard employees with warnings which can lead to security fatigue, which, in turn, can cause employees to become complacent, ignoring all warnings. Only warning employees at the point of danger is important.

The other key weakness is the supply chain. We've seen cybercriminals target partners and third partners to gain access to their victim's data. Whilst this approach negates any investment in front-line cyber defences, there are still ways of keeping cybercriminals out. By gaining a 360-degree view of your supply chain's cybersecurity and identifying vulnerabilities, you can close them down before they are exploited.

The threat from cybercriminals is increasing, but, by taking steps to educate employees and monitor vulnerabilities, you can give yourself the best chance of keeping those criminals out.