Bridgeway Insights

How cyber resilient are you?

Posted by Lisa Higgins 22 May 2019

You know the drill. An email pops into your account from “HMRC”, your bank, Amazon’s “CustomerCare” or another familiar company. The sender format is identical to something you would associate with such recognisable organisations, but you smell a rat. Yep, it’s another phishing scam waiting for you to take their bait and click on a link. Report, delete and you’ve dodged another bullet from the murky world of cyberattacks.

But these scams are not going anywhere; they are relentless and becoming more and more sophisticated. In 2018 two fatal malware outbreaks Petya and WannaCry (aka WannaCrypt0r) occurred within a month of each other and seized hundreds of thousands of systems across 150 countries and all kinds of industries from healthcare to government to transportation. 

Attackers are after more than just your money. Many want to get their hands on corporate data, credentials and other valuable intellectual property, such as taking your business offline or putting your system into lockdown or just destroy your good reputation. Of course, you may be more conscious of scams as an IT professional, but can you say the same for every department in your company? Every staff member, freelancer or contractor?


Attacks like Petya and WannaCry are preventable with the right strategy in place to protect your organisation. And the world is changing so rapidly, the days of just having basic antivirus software running are gone. It’s time to start thinking holistically about protecting your business operation and implement a cyber resilience strategy to safeguard against email-borne threats and mitigate risk.

But why email? The goal of most cybercriminals is to get in and around your organisation as quickly and quietly as possible, and email is a very effective system to do so. In the vast majority of cases, mostly without their knowledge or understanding, your staff play an integral role in these attacks. According to the Verizon Data Breach Investigations Report 2018, 99% of malware, such as ransomware, was delivered via malicious email attachments or via the web.


Many organisations think their current email security systems are up to the task of protecting them. Unfortunately traditional email security strategies fall short and do not keep organisations safe. Helen Rabe, Head of Information Security - Strategy, Risk and Compliance at Costa Coffee said at the 2017 RSA conference in California: “Cyber resilience is not taken seriously enough, despite the published evidence identifying the growing impact of cyber risk. There is a notable gap between perception and reality when it comes to the impacts of poor cyber resilience planning.” 

How about you? Does your organisation think cyber secure, or cyber resilient? Do you respond to an outage crisis, or prevent it from the beginning? Is it time to rethink?

cyber security training offer