Ed Bartlett, Chief Executive Officer at information security software business Hicomply discusses the need to set goals and stay committed to information security in 2024.
The phrase ‘the cyber threat landscape doesn’t stand still’ has become something of a cliché in the cybersecurity industry, but sometimes cliches exist because they are based in truth. Today’s organisations are having to deal with cyberthreats that advance at a dramatic rate every year.
Even the most vigilant organisations struggle to keep threat actors at bay, whether they are state-sponsored hackers or shrewd individuals operating from their bedroom. A secure framework and a proactive approach to cybersecurity are paramount to keeping businesses safe, but what does this look like in 2024?
Over the past twelve months, we’ve certainly witnessed changes in business behaviours at Hicomply. Understanding the requirements, drivers, and challenges of our customers is key to our onboarding processes, allowing us to gain valuable insights and provide tailored solutions and services.
Businesses often pursue certifications like ISO/IEC 27001 in order to meet the demands of tendering processes and regulatory requirements. However, recently we’re seeing businesses look beyond mere expectation, setting goals for their ISMS that deliver more than box ticking.
Cybersecurity for cybersecurity’s sake
In 2024, we’re seeing businesses identify areas for cybersecurity improvement based on their own wish to mitigate their risk of data breaches and improve their risk profile. It’s easy to underestimate this change’s significance, as in an ideal world, businesses would always take proactive steps to protect their data.
But ask any cybersecurity expert with industry experience, and they’ll confirm that the vast majority of cyber investments are distress purchases – organisations needing to pick up the pieces after disaster has struck.
At Hicomply, we respond to this change by asking how we can utilise customer feedback in order to continually improve our platform.
Already this year, we’ve introduced several new product updates, including AI tools to streamline evidence mapping and document management. Our new risk assessment feature and virtual Help Assistant also make things simpler and more secure for our customers.
We understand that our customers want their ISMS is secure all year round, rather than reacting at the last minute for an annual audit. We utilise solutions that minimise internal resource demands and do the heavy lifting for you.
Understanding today’s threat landscape
The greatest strength and weakness of any business is its people. An organisation’s staff have the power to boost resilience and reduce risk when motivated, empowered, and well-trained, but they are also the largest source of data disasters.
In 2023, phishing attacks were once again the most common kind of cybercrime, with social engineering used to grant access to sensitive data across organisations of all sizes and sectors. In fact, 74% of breaches involved a human element last year, according to Verizon.
AI must answer for some of this. As much as it is helping to streamline and security IS practices, it is also a valuable tool for hackers, enabling them to complete breaches much quicker and helping them exploit vulnerabilities at an ever-more rapid pace.
Ransomware, like phishing, is a growing threat, earning headlines on many occasions over the last twelve months thanks to British Airways, the British Library, and more. In fact, an estimated $1 billion+ was extorted in crypto payments last year, highlighting how ransomware attacks are growing not just in severity, but in complexity too.
Ransomware attacks often make targets of high profile businesses and critical infrastructures like hospitals and universities, but we’re now seeing them also penetrate the sensitive data stored in organisations’ cloud environments.
Final thoughts
It’s promising to see that, in 2024, customers are taking a proactive approach to cybersecurity. We’re seeing organisations view data protection as a non-negotiable part of their infrastructure, not something that’s nice to have or a way to tick a box.
Clear governance and cyber readiness are essential for those we work with, and that commitment to security excellence will only grow in importance as cyber incidents become more and more commonplace.
Hicomply is a digital information security management system (ISMS) developed to help businesses gain and maintain business critical compliance standards like ISO 27001, PCI DSS, SOC2 and NIST. For more information or to book a demonstration, visit www.hicomply.com.
