What We Do
How we do it
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Apr 02, 2019

Brexit-sized gap between U.K. firms cyber readiness and cyber threats

The recent Cyber Security Breach Survey 2018 Report (sponsored by the Ministry of Digital, Culture, Media and Sports) highlights threats facing U.K. businesses and charities and how they must contend with a growing threat landscape. Similar to cyberattacks on a U.K. Finance group where scammers defrauded bank consumers of more than £1.2 billion in 2018 and on the Police Federation of England and Wales that deleted and encrypted its files, this report reveals that breaches across industries are becoming the norm, not the exception.

The Cyber Security Breach report, which surveyed more than 2,000 U.K. businesses and charities, found that nearly half (43 percent) of firms incurred some form of data breach including personally identifiable Information (PII) and payment details. Interestingly, while three-quarters those surveyed (74 percent) consider cyber security important a critical issue for senior management and boards, only a quarter (27 percent) have a formal security policy.

Considering that almost all (98 percent) of surveyed firms rely on digital information and storage and public websites to collect information and payment details, formal cyber programs and reporting is critical to protecting consumer data and meeting the requirements of GDPR privacy laws.

Leadership Paradox

This U.K. report echoes findings in our FutureWatch survey of 1,250 senior security executives, which highlighted the paradox that cybersecurity is important to senior management and the board, yet less than one-third (30 percent) of respondents have a board member tasked to risk associated with security, and a shocking one-fifth (20 percent) never updated senior management on security events and breaches.

This data also parallels a report that than one-sixth (16 percent) of FTSE 350 boards do not have a comprehensive understanding of the impact of losses or disruptions associated with cyber threats.

Security Gaps

Given the mixed messages from leadership, it is no surprise that this recent U.K. report claims only one-quarter (27 percent) of firms have a formal cyber policy (down from last year!) and only 20 percent mandate staff attend security awareness training. And just 50 percent of companies have implemented any of the based rules recommended by the National Cyber Security Centre (NCSC):

As would be expected, security postures are strongest in heavily regulated industries like financial services and information and telecommunications, with healthcare lagging in the midfield, and hospitality (think Marriott breach).

Privacy Gaps

Only 38 percent of U.K. businesses and charities are aware of the GDPR rules and implications to their businesses. Remember 98 percent collect personal information on customers and employees, which means 100 percent are governed by GDPR! What’s worse, of those aware of GDPR, only 13 percent have amended their policies to meet GDPR requirements that came into effect May 2018. I’m going to go out on a limb here to say that’s about 87 percent shy of how many companies needed to change practices to meet GDPR compliance!

Closing the Gap and Improving Cyber Leadership

As it happens, the NCSC just released its Board Toolkit created to "encourage essential discussions about cyber security to take place between the Board and their technical experts.” Like the National Association of Corporate Directors (NACD) Director’s Handbook on Cyber-Risk Oversight,the NCSC Board Toolkit outlines key obligations and priorities for board members and senior executives.

The first is for boards to familiarize themselves with the information required to make informed decisions about the risks their business faces. This includes establishing a baseline of risks and understanding the implications of cyber security threats. Armed with this information, boards are charged to evaluate and prioritize risks and the complementary risk management programs they require management to put in place, including:

Given the growing threat and necessity to meet legislative obligations, it’s time for U.K. firms to improve their security posture, establish proper security policies and implement core cyber controls. To find out how your company fairs, take a few minutes to complete our Risk Index.

Mark Sangster
Mark Sangster Vice President and Industry Security Strategist

Mark is a cybersecurity evangelist who has spent significant time researching and speaking to peripheral factors influencing the way that legal firms integrate cybersecurity into their day-to-day operations.