×
Environment, Health & Safety
Our Environment, Health & Safety research is designed for EHS professionals seeking to improve the effectiveness of their EHS information management strategies. We also serve the needs of C-level executives at EHS software and services firms who need to keep track of the competitive environment, get insight into buyer preferences and make investment decisions on the basis of reliable data
ESG & Sustainability
Our ESG & Sustainability research improves the decisions of investors, tech providers, financial services firms and corporate leaders. We deliver on this mission by conducting in-depth research on the full range of services and technologies required to succeed with ESG and sustainability strategies
Net Zero & Climate Risk
Our Net Zero & Climate Risk research improves the decisions of investors, tech providers, financial services firms and corporate leaders. We deliver on this mission by conducting in-depth research on the full range of services and technologies required to succeed with net zero strategies
Operational Excellence
Our Operational Excellence research is designed for operations, safety and asset reliability managers in large corporations seeking to improve the effectiveness of operational excellence programmes through the use of innovative technologies. The research also serves the needs of C-level executives at vendors who need to keep track of the competitive environment, get insight into buyer preferences, identify acquisition opportunities and make product investment decisions on the basis of reliable market data
Real Estate & Built Environment
Our Real Estate & Built Environment research supports executives looking to better understand the markets for software firms in the building IoT platforms, IWMS, CAFM, CMMS, and energy management segments; real estate technology vendors as well as leaders of real estate services practices
Risk Management
Our Risk Management research supports corporate decision-makers, software and service vendor leadership teams, insurers and consultants specializing in risk-related areas, and investors of all types, as they broaden the scope of their responsibilities, liaise with new stakeholders and access innovative technological solutions and external expertise.
×
Research
Our team of experts have been analyzing the latest innovations for more than 10 years and are trusted to deliver impartial, evidence-based assessments of technologies that can give you the edge. It’s a rapidly evolving market and they need the most thorough & up-to-date information available

Research overview
Research portal
Vantage
Venture
Advisory
We develop long-term partnerships with our clients to support growth, efficiency and resiliency in their businesses. Our engagements range from market and product strategy with technology vendors, digital strategy development and execution with technology buyers and CDD with private equity
Climate Benchmark
The most comprehensive and robust benchmark available in the market will ensure that you gain an extraordinary level of visibility into your organization's internal processes and disclosures, enabling you to drive transformational climate strategies.
Navigator
Navigator gives you immediate access to the data that drives Verdantix research and analysis, allowing you to answer the specific questions that matter most to your business.

Find out more

Navigator Login
Leadership Networks
Our networks bring together leaders from across the private and public sectors to share news, insights and best-practices to enhance decision-making on climate, sustainability, safety and the application of digital technologies.

Climate Innovation Network
×
Browse by industry
×
×
Our purpose
Find out more about what motivates us and what we hope to achieve
Sustainability
We recognize that all firms and individuals have an important role to play in reducing negative environmental impacts and specifically tackling climate change. You can find out more about our own approach to sustainable business here
Our people
Meet our team and find out more about what makes our culture unique.

Explore our open roles and find out more about what’s it like to work at Verdantix

Our team
Career opportunities
Careers
We’re always on the look out for talented people to join our team. Explore our open roles and find out more about what’s it like to work at Verdantix
Queen's Award
The Queen’s Awards for Enterprise are the most prestigious business awards in the United Kingdom. Verdantix won the Queen’s Award due to its sustained growth in international trade over the last three years – including through the pandemic
Partnerships
We are honoured to be an active partner to some of the world's leading organizations. These relationships allow us to contribute our skills and expertise to global initiatives that make the world a safer, more sustainable and more responsible place
Contact us
We’d love to hear from you.
Through our research we help corporate executives, investors, technology executives and services firm leaders to make robust, fact-based decisions. You can reach us by email, online form or requesting a briefing

Contact form
Request a briefing

[email protected]
Vantage Research portal

How Can Businesses Be Cyber Resilient When A Hacker Only Needs 120 Seconds To Take Them Down?

Daniel Garcia

  • Blog
  • Risk Management
05, March 2024

How Can Businesses Be Cyber Resilient When A Hacker Only Needs 120 Seconds To Take Them Down?

When it comes to cybersecurity, physical borders don’t exist. Attackers can be located anywhere in the world and operate with near impunity, profiting from business and government IT vulnerabilities and exposing confidential information to the public.

For years, cyber criminal gangs have been orchestrating and perpetrating attacks across the entire globe with minimal resistance, primarily through ransomware attacks, coercing firms to pay in order to prevent the publication of stolen data.

Last month, LockBit 3.0 – one of the most notorious cyber criminal gangs – was taken down in an international operation led by the UK National Crime Agency (NCA), the FBI and Europol. This operation represents one of the biggest counterattacks from national security agencies.

Despite one gang being taken down, 34 new cyber criminal gangs were identified in 2023 alone, raising the total to 232 tracked organizations according to CrowdStrike. Additionally, the increasing sophistication of attacks is exploiting what has, until now, been one of the ‘safest environments’ for storing data: the cloud. CrowdStrike reports that cloud-conscious cases doubled last year, with a 75% increase in cloud environment intrusion cases, 84% of which were focused on e-Crime. What is perhaps most impressive – and most troubling – is that it is only taking criminals 2 minutes on average to perpetrate attacks (see CrowdStrike 2024 Global Threat Report).

How to stay ahead of the game
Although cyber security may be an abstract concept for organizations and senior leadership, more often the question is not whether an attack will happen, but when. According to the Verdantix global corporate survey on risk management, cyber security ranks as the one of the top 3 risks for firms around the world, reflecting the figures presented early this year by the World Economic Forum’s Global Risks Report 2024.

Industry standards, such as those provided by the National Institute of Standards and Technology (NIST), are constantly evolving to include new technical elements that firms should take into consideration when defining their security frameworks. However, historically, the primarily focus has been on detection rather than prevention, concentrating almost all resources on reactive elements. From a response perspective, by this time, it may well be too late to contain the damage.

In this context, how can organizations be more cyber resilient – and be prepared for the next attack?
Establishing a proactive approach to cyber security is the answer: allocating resources and attention to prevention rather than just detection. Protecting the business from being identified as a potential target, masking or reducing surface attacks, and fostering a prevention culture are the core pillars of this dynamic approach.

Decision-makers should focus on:

  • Education. In reality, the idea that cyber security programmes are costly pales in comparison to the potential bribes the firm might need to pay, fines from the regulators, and the fallout of reputational damage. Establishing meaningful and practical training across the organization is key to reduce potential vulnerabilities. Criminals are enhancing their social engineering tricks and investigations to find open doors or vulnerabilities to exploit, so every member of the team must be aware of the risks and how to prevent them.

  • Key technical aspects of their cyber resilience programmes:
    • Include threat intelligence capabilities. There are specialized firms that provide services to detect any potential threats close to your assets, making it harder and more costly for criminals to continue with the attack.
    • Reduce the risk of surface attacks. Hackers can’t attack what they can’t see. Understand your IT ecosystem and the level of exposure in the public domain.
    • Adopt a zero-trust approach to supply chain and IT providers. Perform independent security checks and analyses on your providers, especially those considered critical or strategic. No business is exempt from being attacked.

 

Some of the vendors supporting organizations with these capabilities are: CrowdStrike, Dectar, Fortinet, Gen Digital, Palo Alto Networks and Zscaler.

Integrating cyber programmes into your GRC, TPRM and operational resilience ecosystem
Developing a connected and integrated view of risk is essential not just to protect an organization’s reputation, but also its integrity. Over the last five years, technology vendors have been investing in developing different solutions that integrate under the same umbrella with different risk domains, making it easier for businesses to map their risk exposure end-to-end, especially for critical processes.

The vendor landscape is diverse in terms of technical approach and categories. However, firms should start exploring how these technology vendors can support in enhancing risk management and resilience practices. The vendors have three main backgrounds, specializing in:

  • Governance, risk and compliance (GRC). Providers such as Diligent, MetricStream, Mitratech and SAI360 are consolidating the cyber risk view under GRC solutions.

  • Operational resilience. Archer, Fusion Risk Management, LogicGate and Protecht are all including cyber security components as part of overall resilience.

  • Third-party risk management (TPRM). Firms such as ProcessUnity, Aravo, NAVEX, Origami Risk and Venminder are including cyber security risk via supply chain exposure.
Discover more Risk Management content

Daniel Garcia

Senior Manager

Daniel is a risk and compliance subject-matter expert (SME), with over 16 years of global experience, having worked for major financial institutions and consulting firms in Latin America, Europe and Asia. He leads the Verdantix Risk Management practice, where he steers market research intelligence and provides Advisory services on risk and compliance matters. Daniel has a BA in Economics and an MSc in Capital Markets and Financial Engineering.

The Curiosity Applied podcast

Dedicated to exploring the scale, shape and velocity of change in the business world as our economic system adapts to sustainability changes and climate risk.



Listen now
  • blog
  • Risk Management

Key Considerations For Buyers Of GRC Software In 2024

02, May 2024
  • Webinar
  • Risk Management
upcoming08, May 2024

Governance, Risk And Compliance: Your Ultimate Guide To GRC Software Selection

08, April 2024
  • blog
  • Risk Management

State Of The Nation On AI Regulatory Landscape

26, March 2024