Strategies for a safer digital future: How to protect your organisation from cyber threats

As digital technology has evolved in recent years, so have cybercriminals’ tactics. Threats are increasingly sophisticated, with attackers using advanced methods such as social engineering, zero-day vulnerabilities, state-sponsored attacks and even generative AI to enhance their schemes.

One prominent threat is the rise of ransomware, where attackers encrypt a victim’s data and demand a ransom for its release. Recently, they’ve also started exfiltrating (that is, stealing) data for double extortion. In double extortion attacks, the attackers not only steal data and hold it for ransom, they threaten to release personal, sometimes sensitive data to the public, increasing the hacker’s leverage.

These and other trends have given rise to an entire underground industry known as Ransomware as a Service (RaaS), a model in which ransomware developers sell their code or malware to other hackers, who then launch their own ransomware attacks. Longstanding practices are also becoming more sophisticated. Many phishing attacks, for example, are employing personalised tactics to trick users into disclosing sensitive information.

Add to these methods rapidly evolving AI technology — which includes the ability to generate deepfake videos, images and audio — and cyber attackers’ arsenals are only increasing in size, variation and sophistication.

To mitigate these risks, organisations and individuals must be vigilant and nimble and develop and continuously update sound cybersecurity policies and practices. Taking these steps is critical in today’s digitised economic and political landscape, where fortunes and reputations can be made and lost overnight. In this environment, customers, investors and governments are demanding that companies take action to protect sensitive data from cyber-attacks.

Cybersecurity checklist for multinational organisations

Given the financial and reputational stakes, it’s critical for any multinational organisation to effectively manage cybersecurity risks. It’s worth emphasising that these risks are fast evolving. Emerging technologies include not just generative AI but quantum computing and 5G, which can be used effectively for cyber-attacks but also for cybersecurity.

To prepare for emerging threats, organisations need executive support and to invest in comprehensive security programmes. A layered defence approach and readiness to respond are key. While advanced technologies are available for organisations at various stages of their cyber journey, there are fundamental measures every company should adopt to fend off cyber-attacks.

Varun Kakkar, Vistra’s head of information and cybersecurity, points out that taking these measures is not just important for lowering risks, but for creating value for clients, employees and shareholders. “At Vistra, we regard managing cyber risk and supporting our clients in their value-creation journey as inseparable. Effective cybersecurity management is no longer a nice-to-have for us or our clients, and implementing appropriate, robust controls throughout a company’s growth cycle is essential for success.”

The checklist below outlines some of the primary areas an organisation can consider when developing and implementing cybersecurity policies and practices. The list is not intended to be comprehensive, but experience tells us that taking these steps can significantly mitigate cyber risks and help position an organisation to grow safely and securely.

Reinforce internal security culture

• Conduct regular, targeted, bite-sized cybersecurity training sessions
• Implement ongoing simulations to test cybersecurity knowledge
• Organise engaging and empowering cybersecurity awareness campaigns

Implement continuous control governance

• Obtain strong executive support for cybersecurity initiatives
• Keep all stakeholders informed through executive reporting
• Adopt industry standards, including assessment methods for your security posture
• Test security controls on a regular basis
• Frequently test business continuity and incident response plans
• Keep abreast of cybersecurity trends and best practices

Increase efficiency and deliver frictionless security

• Adopt a risk-based approach for security controls
• Prioritise user experience in security control implementations
• Invest in automation to enhance detection and response capabilities, improving efficiency and response times

Fuel compliant business growth

• Secure and maintain relevant industry standard certifications, such as ISO27001 and SOC 2
• Ensure compliance with relevant regulations
• Standardise M&A cybersecurity due diligence practices, if relevant

And don’t forget these essential steps

While there is no one-size-fits-all solution to cybersecurity, we believe the steps below are key controls every organisation (and even individual) must take to lower risk.

• Invest in identity and access management (IAM) technology, treating identity as your perimeter and implementing multi-factor authentication (MFA)
• Invest in endpoint detection and response (EDR) technology software that identifies and helps mitigate cyber threats in real time
• Invest in robust backups of critical systems and data

Final words

As the digital landscape continues to evolve, we believe that our approach to cybersecurity must become more adaptive and proactive to keep our own organisation and those of our clients ahead of potential risks. By prioritising robust security measures and cultivating a culture of awareness and preparedness, organisations can effectively navigate the complexity of modern threats. Working together, we can build a safer digital future where innovation flourishes, and the potential for growth remains limitless.