The cyber security landscape in 2024 is fraught, and less secure than ever. The well-worn phrase of “It’s not if your business experiences a cyber attack, but when” remains true, and is unlikely to change. Those overseeing cyber security are aware of the risks, according to a study last year by e2e-assure, the Managed Threat Detection & Response provider, with over a third (29%), revealing that resilience was a top priority for them.  

Cyber decisions makers, and CISOs, otherwise known as “cyber risk owners” across organisations were asked about their frustrations with cyber security, with many revealing that their existing set up wasn’t effective, and their investments weren’t paying off. Indeed, 42% shared that their operations were underperforming. 

To mark its presence at ICE 2024, e2e-assure is revealing the findings of its survey: “Cyber Resilience 2024: Futureproofing AI adoption.” As part of this, it has looked at where investments have been made into people, processes and technology over the past year, and whether this has impacted resilience. 

e2e-assure has also looked again at the frustrations of cyber risk owners. But this time, it’s also looked at the frustrations of those on the other side of the coin - general workers across UK businesses. The report reveals the discrepancies between both parties, when it comes to perception, understanding and priorities, around cyber security.  

What’s clear is that the fragmentation of IT, through new tech adoption such as AI, is a cause for alarm, generating confusion, and a huge storm on the horizon.  

The advent of AI enables cyber criminals to increasingly act at pace, taking on a lot of the heavy lifting that would have been previously managed by the attackers themselves. This makes an attack less expensive, offering more scope and choice. More people are brought to hackers’ attention, and firms which may have previously taken a more reactive approach to cyber security, are having to take a proactive stance to defend themselves instead. 

However, as e2e-assure's report reveals, the threat of AI also comes from the inside. It delves into the mismatch between the knowledge of cyber risk owners and employees around AI policies – which has the potential to unravel years of hard work in shoring up cyber defences. With employees being on the front line, e2e-assure wants to stress that although cyber risk owners have a role to drive change, navigating new challenges is a collective responsibility. It’s essential businesses build resilience from the ground up, which can be done with the right assistance.  

While cyber risk owners look at how they consistently build this within their employees, it’s also vital to take an Attack Disruption approach, pulling on the expertise and technology of the right provider, to stop a threat actor as soon as possible, when employees make inevitable mistakes. 

The way SOC-as-a-service has traditionally operated is to be reactive, rather than proactive. For example, traditional services function by responding to the encryption, or a ransomware event. This is far too late. Instead, CISOs should ensure providers are using the latest automation technology, isolating incidents first and investigating them immediately.  

This makes an organisation’s environment increasingly difficult to bypass as attackers must take an entirely new approach, and operating model, to have any hope of going undetected. When it comes to resilience, Attack Disruption is the final layer of armour – providing holistic protection.