‘Treat business security like you would home security’

BT’s Tris Morgan on how businesses need to improve their cybersecurity defences and why security ‘isn’t a box you tick once’.

Cybersecurity is one of the most important sectors in the world today, and has become a key consideration for businesses across every industry as cyberattacks continue to grow in frequency and complexity.

Last month, telecoms giant and cybersecurity provider BT held the Secure Tomorrow cybersecurity event at its Adastral Park research centre in the UK. During the event, BT revealed new data claiming that it identifies more than 2,000 signals of a potential cyberattack a second – which amounts to more than 200m per day – across client networks.

“Like opportunistic burglars looking for an open window, hackers are increasingly checking businesses and their devices to find a way in,” says Tris Morgan, managing director of cybersecurity at BT. “And in an increasingly connected world, these scans are on the rise.”

The new data showed that web-connected devices are scanned more than 1,000 times a day by “known malicious sources”, averaging once every 90 seconds.

“While some scans are conducted legitimately for security monitoring, three in four are not harmless – indicating that hackers are looking for weaknesses in the online systems of businesses and essential public services, as smart tech becomes common,” says Morgan.

BT research suggests that in the UK, business tech investment will rise by more than a third (31pc) this year, but Morgan says that without a comprehensive cybersecurity plan, companies that upgrade their systems will be vulnerable to cyberattacks.

Lock your doors

With cyberthreats looming across every industry, how can organisations protect against these attacks?

“My advice is always to treat business security like you would home security,” says Morgan. “You wouldn’t leave doors and windows unlocked at home – and the same goes for your organisation’s networks and devices.”

While he clarifies that this analogy will mean different things for different organisations, he emphasises that it all falls back to the same point: implementing good cyber hygiene at all levels.

“Your network is the digital foundation on which you build your operations, so the first step is to make sure it’s protected from the inside out.

“Think of the defences you layer on top of this foundation as you would locks, safes and alarms at home. Layering up these different security tools provides a higher overall level of security: whether that’s protecting data in the cloud, laptops and phones, or even identities.”

The role of AI

Morgan says that while new innovations in cloud and artificial intelligence (AI) can benefit businesses, organisations need to watch out for the new risks that these technologies introduce – particularly AI.

According to the UK’s National Cyber Security Centre, AI will “almost certainly increase the volume and heighten the impact of cyberattacks over the next two years”.

“In the past, cybercriminals would use hackers to manually harvest information by breaking into company security systems,” explains Morgan. “Today, these criminal organisations use automation and AI to scan for vulnerabilities.”

The new BT data highlights an example of this, stating that the company has observed a 1,234pc annual rise in malicious IP (internet protocol) scanners recorded across BT’s networks in the last year. Morgan says this reflects how cybercriminals are “increasingly scanning for vulnerabilities through automated, ‘one-time-use’ disposable bots” in an attempt to evade security measures.

He also explains that the global ransomware threat is set to increase because of AI, as the tech lowers the barriers to entry for novice cybercriminals.

With AI posing a growing threat, Morgan encourages organisations to “match the hackers’ evolution” by incorporating the tech into their cybersecurity strategies, such as BT’s security platform, Eagle-I.

“Tools like AI provide new routes of attack, but they can also be the first line of defence.”

More than ticking a box

Along with upgrading the tech side of a cyber strategy, Morgan recommends that organisations work with their security partners to stay “one step ahead”, but adds that it’s important to remember that “you can’t outsource accountability”.

“Work together with your partners to understand the consequences of an attack for your individual organisation before it happens – this will help you understand what the best defence mechanisms might be to avoid a breach in the first place,” he says. “Security isn’t a box you tick once; it’s a constantly evolving landscape.

“In a world where connectivity powers commerce, connecting and protecting must go hand in hand: a cyberattack can not only impact your own business or service operations, but it can have catastrophic implications for your people and your communities.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.