“Nothing is certain except death, taxes, and cyber attacks.”
An insightful talk, presented by GRC Senior Consultant Shepherd Gonera, explores the evolving cybersecurity landscape and the strategies businesses need to adopt to stay ahead. Referencing Benjamin Franklin’s famous quote, “Nothing is certain except death and taxes,” Shepherd playfully adapts it to today’s digital reality: “Nothing is certain except death, taxes, and cyber attacks.”
Watch the full presentation below or read on for the summary.
Current CyberSecurity Trends
The presentation opened with a snapshot of the current threat landscape, including these critical statistics:
Cyber attacks have surged by 40% in 2023, with supply chain breaches being the most significant contributor
64% of companies that experienced cyber attacks had never conducted a cyber tabletop exercise
In the Asia-Pacific region, the average cost of a cyber attack is estimated at $4.5 million
20% of businesses targeted by cyber attacks over the last year shut down due to financial and reputational damage
Cyber attacks have surged by 40% in 2023, with supply chain breaches being the most significant contributor
64% of companies that experienced cyber attacks had never conducted a cyber tabletop exercise
In the Asia-Pacific region, the average cost of a cyber attack is estimated at $4.5 million
20% of businesses targeted by cyber attacks over the last year shut down due to financial and reputational damage
Cyber attacks have surged by 40% in 2023, with supply chain breaches being the most significant contributor
64% of companies that experienced cyber attacks had never conducted a cyber tabletop exercise
In the Asia-Pacific region, the average cost of a cyber attack is estimated at $4.5 million
20% of businesses targeted by cyber attacks over the last year shut down due to financial and reputational damage
Cyber attacks have surged by 40% in 2023, with supply chain breaches being the most significant contributor
64% of companies that experienced cyber attacks had never conducted a cyber tabletop exercise
In the Asia-Pacific region, the average cost of a cyber attack is estimated at $4.5 million
20% of businesses targeted by cyber attacks over the last year shut down due to financial and reputational damage
The Need for Preparedness
Shepherd underscored the limitations of traditional annual ransomware tabletop exercises. He noted that these static approaches fail to keep up with the evolving threat landscape, including AI-driven attacks and deepfakes. To counter this, organisations must involve all departments in cyber preparedness, as incidents often disrupt the entire organisation – not just IT.
#1 Conduct Frequent, Immersive and Evolving War Rooms
Shepherd proposed dynamic and regular training exercises to ensure playbooks stay relevant:
- Conduct quarterly tabletop exercises to maintain an up-to-date playbook
- Rotate focused war-room exercises tailored to specific departments or threats
- Immediately refine and adjust playbooks after each exercise based on findings
Remarking how many tabletop exercises tend to revolve around ransomware attacks, Shepherd pointed out that AI-related attacks, and attacks on third party partners and vendors in a supply chain are significant real-life threats, and should thus be included in scenario training.
#2 Foster a Culture of Automatic, Cross-department Cyber Resilience
Effective incident response relies on organisation-wide preparedness. Shepherd recommended cyber awareness training for all staff, from reception to executives:
- Include all departments and staff in incidence response training, even the receptionist
- Have smaller cybersecurity table top exercises across business units, such as Finance and HR – not just IT
- Ensure every department and team is aware of their critical role in incidence response
With relation to the third point, Shepherd gives examples of how successful resolutions of incidents could include pro-active collaboration between HR or even the call-centre, depending on the particular circumstance.
#3 Stay Ahead
Shepherd emphasised the importance of updating response strategies to reflect modern challenges:
- Incorporate AI-driven threats like deepfake, phishing and automated ransomware attacks
- Simulate third-party supply chain breaches and vendor compromises – for example, go through the formulation of a joint-incident response team
- Continuously evolve exercises to reflect emerging real-world cyber challenges
In addition, Shepherd also talked about the importance of involving the executive leadership, engaging them in board-level tabletop exercises, so they know their role in an incident.
Learn how Sekuro’s Strategy & Architecture team delivers clear, realistic, beneficial, and actionable strategies tailored to your organisation’s needs.
Shepherd Gonera
Senior Consultant, GRC, Sekuro
