What We Do
How we do it
Resources
SECURITY ADVISORIES
Jul 26, 2021
PetitPotam NTLM Relay Attack
THE THREAT PetitPotam is a variant of NTLM Relay attacks discovered by security researcher Gilles Lionel. Proof of Concept code released last week [1] relies on the Encrypting File System Remote (EFSRPC) protocol to provoke a Windows host into performing an NTLM authentication request against an attacker-controlled server, exposing NTLM authentication details or authentication certificates.…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Jul 12, 2021
Tecala and eSentire Partner to Protect Enterprises across APAC from Business-Disrupting Cyber Attacks
Sydney, 12 July, 2021 - Tecala, Australia’s award-winning technology services and IT consulting provider, today announced it has chosen eSentire, the global Authority in Managed Detection and Response (MDR) cybersecurity services, as their exclusive MDR solution provider in Australia and New Zealand. This partnership will enable Tecala to augment its cybersecurity practice and offer enterprises…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Resources
Blog — Apr 02, 2019

Brexit-sized gap between U.K. firms cyber readiness and cyber threats

4 min read

The recent Cyber Security Breach Survey 2018 Report (sponsored by the Ministry of Digital, Culture, Media and Sports) highlights threats facing U.K. businesses and charities and how they must contend with a growing threat landscape. Similar to cyberattacks on a U.K. Finance group where scammers defrauded bank consumers of more than £1.2 billion in 2018 and on the Police Federation of England and Wales that deleted and encrypted its files, this report reveals that breaches across industries are becoming the norm, not the exception.

The Cyber Security Breach report, which surveyed more than 2,000 U.K. businesses and charities, found that nearly half (43 percent) of firms incurred some form of data breach including personally identifiable Information (PII) and payment details. Interestingly, while three-quarters those surveyed (74 percent) consider cyber security important a critical issue for senior management and boards, only a quarter (27 percent) have a formal security policy.

Considering that almost all (98 percent) of surveyed firms rely on digital information and storage and public websites to collect information and payment details, formal cyber programs and reporting is critical to protecting consumer data and meeting the requirements of GDPR privacy laws.

Leadership Paradox

This U.K. report echoes findings in our FutureWatch survey of 1,250 senior security executives, which highlighted the paradox that cybersecurity is important to senior management and the board, yet less than one-third (30 percent) of respondents have a board member tasked to risk associated with security, and a shocking one-fifth (20 percent) never updated senior management on security events and breaches.

This data also parallels a report that than one-sixth (16 percent) of FTSE 350 boards do not have a comprehensive understanding of the impact of losses or disruptions associated with cyber threats.

Security Gaps

Given the mixed messages from leadership, it is no surprise that this recent U.K. report claims only one-quarter (27 percent) of firms have a formal cyber policy (down from last year!) and only 20 percent mandate staff attend security awareness training. And just 50 percent of companies have implemented any of the based rules recommended by the National Cyber Security Centre (NCSC):

As would be expected, security postures are strongest in heavily regulated industries like financial services and information and telecommunications, with healthcare lagging in the midfield, and hospitality (think Marriott breach).

Privacy Gaps

Only 38 percent of U.K. businesses and charities are aware of the GDPR rules and implications to their businesses. Remember 98 percent collect personal information on customers and employees, which means 100 percent are governed by GDPR! What’s worse, of those aware of GDPR, only 13 percent have amended their policies to meet GDPR requirements that came into effect May 2018. I’m going to go out on a limb here to say that’s about 87 percent shy of how many companies needed to change practices to meet GDPR compliance!

Closing the Gap and Improving Cyber Leadership

As it happens, the NCSC just released its Board Toolkit created to "encourage essential discussions about cyber security to take place between the Board and their technical experts.” Like the National Association of Corporate Directors (NACD) Director’s Handbook on Cyber-Risk Oversight,the NCSC Board Toolkit outlines key obligations and priorities for board members and senior executives.

The first is for boards to familiarize themselves with the information required to make informed decisions about the risks their business faces. This includes establishing a baseline of risks and understanding the implications of cyber security threats. Armed with this information, boards are charged to evaluate and prioritize risks and the complementary risk management programs they require management to put in place, including:

Given the growing threat and necessity to meet legislative obligations, it’s time for U.K. firms to improve their security posture, establish proper security policies and implement core cyber controls. To find out how your company fairs, take a few minutes to complete our Risk Index.

Mark Sangster
Mark Sangster Vice President and Industry Security Strategist

Mark is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations.