Assessing cyber attack trends through a channel lens

This month we gain a deeper understanding of the security breaches hitting customer bases and their nature, and what channel players are doing to combat and contain cyber crime while establishing security strategies that provide long-term resilience.

DAVE NELSON
PRODUCT LEAD CONNECTIVTY & SECURITY, MAINTEL

There has been an uptick in cyber attacks over the last few years driven by the increasing sophistication of cybercriminals as organisations increase their attack surface. Phishing attacks are proving popular, and these are very convincing when targeting specific employees. Supply chain attacks aimed at compromising a supplier's system also remain a threat. Although the maturity of our customers varies widely, we are seeing more organisations recognise the importance of cyber security. It is important to establish seamless process and workflow alignment to identify and resolve issues fast. As we take care of customer connectivity, network security and cyber security, collaboration is essential. We value supporting customer to build a security strategy for long-term resilience. Being proactive in tailoring security is important.

MARK ALLEN
HEAD OF CYBER, CLOUDCOCO

We predominantly observe email-based cyber attacks, often targeting users through ongoing social engineering efforts. Our customers are showing increasing maturity as they deploy advanced security features to counter these threats effectively. At our level, we see cyber attacks continuing to rise and notice that the attacks appear in waves. Attacks often appear highly opportunistic, akin to testing every car door handle on an entire street. We're resolving issues through a proactive approach, which involves reviewing the security posture and establishing a baseline to build upon. Each organisation has a different view on risk and the damage a breach can cause, balanced with the investment in services and strategies in place to protect them. Initially, building a security strategy is highly proactive. Once the baseline is established, it shifts to a proactive, business-as-usual stance.

ROY SHELTON
CEO, CONNECTUS GROUP

Phishing attacks are the most common attacks we are seeing, preying on companies where staff are poorly trained to identify and prevent threats. Currently one in 323 emails sent globally is malicious. Also growing are physical threats to staff and employees over messaging apps and social media. We are seeing more unsuccessful attempts due to training, awareness and cyber security countermeasures. Resolving issues is expensive so prevention is better than cure. When an attack happens, more SMEs are paying the ransom as well as paying a vendor/ partner for upgrades to prevent recurrence. The right partner should implement a proactive set out countermeasures which are non-intrusive but constantly scan the threat environment to identify stolen information, including specific data breaches that company have been involved in.

NIALL TUOHY
SECURITY PRODUCT MANAGER, VIATEL TECHNOLOGY GROUP

viatel_technology.jpgIn our customer base, which has a varying level of maturity, we've observed a rise in diverse cyber attacks. There has also been a rise in customer awareness of cyber attacks within their environment as they try to become more cyber ready, with a shift towards more sophisticated and targeted threats. A growing trend is Phishing and the exploitation of remote work. We tackle these problems through advanced tools for spotting threats, educating employees, and having plans for responding to incidents. Our focus is on enabling customers to become cyber resilient and prepared. We increasingly focus on proactive strategies, such as threat hunting, vulnerability assessments, and security awareness training. These are tailored to customer’s unique needs. Continuous education and investment remain paramount. Adaptability and agility are also key.

PAUL CONATY
CLIENT SOLUTIONS DIRECTOR, CWSI

cwsi.jpgCyber attacks continue to rise among our customer base, with more variation in type. These include ransomware and sophisticated identity-based attacks, aiming to bypass MFA by stealing tokens or spamming users with notifications. There has also been a rise in data breaches which matches the current trend across the UK and EU. CWSI aims to build security strategies for long-term resilience by assessing gaps in customers’ existing security architecture and providing strategic roadmaps to remediate. Many customers are looking to move their security maturity from basic identity and endpoint security to integrated visibility and management. Meanwhile, we are seeing many SMEs struggling to obtain cyber insurance. It’s a double-edged sword as a lot of common attacks can be mitigated with basic security tools in place, but cyber insurance providers increasingly require that these measures are in place before providing cover.

HARRIET ROBBINS
PRODUCT MANAGER, GIACOM

AI is making Phishing attacks harder to detect. Ransomware and malware defence is crucial, with recovery chances greatly improved by regular data backups and synchronisation. Zero-day exploits are rising due to evolving software and new, untested vendors. Daily threat identification by Microsoft exceeds 65 trillion and will likely grow. SMBs must fortify their cybersecurity defences, from firewalls to human risk management, and everything in-between. Hackers armed with AI create sophisticated threats, requiring comprehensive protection. MSPs should promote wrap-around services like third-party MDR for real-time threat monitoring and ensure all entry points are secure. Automation is the key to profitability while delivering third-party services. AI is a powerful cybersecurity tool, but it can become a threat in AI versus AI scenarios. Managing human risk is vital, educating colleagues and customers about emerging threats, and emphasising AI-human collaboration for optimal defence.

RICHARD MCPHEE
SOLUTIONS DIRECTOR, GAMMA

Phishing attacks remain the most common type of attack for our customers and more sophisticated methods are emerging. Aside from dubious emails we’re seeing smarter methods like leveraging QR codes to steal credentials. In parallel, organisations are transitioning to the cloud which enhances application accessibility and productivity, but also widens organisational security challenges. Building a Cyber Culture and awareness is crucial to help mitigate risk but that alone isn’t enough. Understanding the current cyber-investment landscape is the first step any organisation should take. The next shiny tool won’t help if it’s not utilised correctly, or part of a rounded proactive-reactive strategy. Gamma help our customers understand what they’ve already bought, how to use it correctly and supplement their security teams with services like our Managed SOC to strengthen their security posture.

ANDY SWIFT, CYBER SECURITY ASSURANCE TECHNICAL DIRECTOR
SIX DEGREES

As attacks tend to follow the most used technologies, we are seeing a focus on exploits against VPN endpoints. Attackers are seeking both the reward of access and a reusable route into a target.  An increased threat is also coming from the Play ransomware group, who are targeting organisations using a much more manual attack pattern. These groups are taking the time to understand an environment and its valuable data. We aren’t seeing volume rise so much as sophistication, for example, the growth in hybrid working has introduced a lot of attack vectors. When responding to incidents we are seeing two common failures, forwarding VPN authentication requests to a single sign in source and attack surface expansion. Questions must be asked on whether services are required to be Internet-facing, or if they are exposing more services to attack.

STEPHEN CROW
HEAD OF DEFENCE SECURITIES AND COMPLIANCE, ANS

We are seeing a rise in AiTM (Advisory in the Middle) attacks, where users, credentials, and login tokens are stolen, resulting in MFA/2FA being bypassed. This is successful due to users being susceptible to phishing attacks and can go unnoticed without the right security controls in place. We help users protect against this through implementing conditional access to ensure only trusted devices, or trusted locations, can login to emails or applications. This is underpinned by continuous security awareness training, which helps our customers prevent compromises. Outside of responding to security incidents, we proactively improve customers’ resiliency by conducting a gap analysis using the National Cyber Security Centre Cyber Assessment Framework, allowing us to produce a strategy to strengthen their posture overtime through continual improvement against the indicators of good practice. 

SOHIN RAITHATHA
CEO, REDSQUID

We have observed a relentless surge in cyber attacks marked by their increasing frequency and their growing sophistication. As for discerning trends, we have noted a shift in target industries, with the education sector and government institutions bearing the brunt of attacks, placing massive volumes of sensitive data at risk. We emphasize the importance of proactive cybersecurity strategies. While reactive measures are sometimes necessary, they stress the critical need for organizations to be prepared in advance and always be ready for the worst. In today's world, security risks can no longer be taken lightly. Cybersecurity is at the forefront of every meeting and roadmap we create, ensuring long-term resiliency for our clients.

ADRIAN BARNARD
CEO, STAYPRIVATE

Increasingly attacks have more in common with fraud rather than taking advantage of technical failings in the target. With cyber criminals starting to use AI tools, our customers have reported an increase in both the volume and quality of email phishing attacks. As customers move into the cloud, their cyber resiliency has improved. It’s still a problem, but attacks that take advantage of out-of-date or unpatched software are reducing. We focus on keeping external emails private, reducing the company’s attack surface by making it harder for cyber criminals to gain access to information that would enable a dangerous phishing attack. We believe that this trend towards criminals accessing and exploiting ever-improving AI tools will continue. It will become harder for all of us to differentiate between a fraudulent email and the genuine article.