The recent MOVEit hack, which has affected over 100 organisations including the University of Manchester, BBC News and British Airways, has demonstrated that further investment in comprehensive security systems should be a priority for organisations of all sizes. 

This should focus not just on addressing common vulnerabilities, but on identifying unsecured endpoints which can act as a point of access for cybercriminals, such as office printers and scanners, according to Kyocera.

A recent Office of National Statistics survey found that only three in ten businesses have undertaken cyber security risk assessments in the last year. From 2021 to 2022, UK losses to fraud and cybercrime totalled over £4 billion with the average time to identify a UK data breach measured at 181 days.

This lack of preparedness is being seen in real time as more and more companies fall victim to the MOVEit hack.

Steve Doust (pictured above), Group Sales Director for Business Solutions at Kyocera UK said: “While businesses’ having a lot of technology at their disposal is clearly good for productivity, it is also clear that security vulnerabilities continue to be a growing concern.

 The more connected devices you have in your organisation, the more endpoints there are through which cybercriminals can gain access to company data. Some of these endpoints – including printers, photocopiers and scanners – are often overlooked by organisations looking to shore up their security. Tools to implement a strong and secure system are readily available, and leading organisations must invest before it is too late.”

Installing SIM (security information management) technology that automates processes and normalises data, instead of IT teams manually sorting data, is a straightforward yet highly effective way of protecting the business, regardless of its size.

Doust continued, “Larger organisations began using SIM systems a decade ago, but the market has boomed, and they are now integral to security at many small-to-midsize businesses too, particularly given the amount of data every business now holds. Robust software to protect endpoints – such as managed endpoint detection and response (M-EDR) must also be considered.

KPIs must be set to monitor the effectiveness of any security system including SIM and M-EDR, and when a breach does happen, comprehensive disaster recovery capabilities must be in place, including backups to ensure data can be recovered in the event of data loss or a ransomware attack. 

Guidance for risk analysis can be found in the multiple standards available, including COBIT, the International Organization for Standardization (ISO) 27000 series and the US National Institute of Standards and Technology (NIST) 800 series.”

Doust concluded, “As technology continues to progress, so does the tenacity of cybercriminals. Organisations must remain aware, never rest on their laurels and ensure they have the latest systems in place to keep their data secure at all times.

It should always be a holistic, proactive process, rather than one where vulnerabilities are patched on a reactive basis. The good news is there are plenty of tools already out there that can make a major difference.”