Cyber security is often seen as a game of whack-a-mole as you try to keep up with new threats and vulnerabilities. To some extent, it’s true: the threat landscape continues to change at an alarming rate – just look at the rise in phishing attacks in the first quarter of this year alone (1,025,968 – an all-time high). As companies look for ways to boost their cyber security posture, there is a lot of focus on high-value assets like IT systems and data centres. But what about all of the low-hanging fruit? What are they? And why are they so important?
First, let’s explain what we mean by ‘low-hanging fruit’. In simple terms, low-hanging fruit refers to anything that can be easily accessed or exploited by cyber criminals. The term comes from the analogy of picking up fruit that is easily accessible. In the context of cyber security, it refers to the easy targets within an organisation’s network. These are often something that can be fixed quickly and easily. For example, if your organisation has an unpatched vulnerability in its internet facing web server, it would be considered low-hanging fruit because it is easy to find and exploit… or fix.
Low-hanging fruit is a serious problem for many organisations because if cyber criminals are able to make minor compromises, they can often use this as a steppingstone to carry out further attacks on the other systems within that network.
High-value assets like sensitive information, financial and health records, intellectual property, employee, supplier and customer data can and should be looked after well. However, when they are not, an attacker can move laterally across the network to access this information as ‘low-hanging fruit’. Due to the critical nature of high-value assets, they are more likely to become targets for hackers looking for ransom money or intellectual property theft. The impact of a breach can be devastating for companies that rely on these types of data for their business models.
If you want to gain access to a network, for example, it’s much easier if you can target an executive with access privileges than it is if you have to go through several layers of security. The same is true for data theft or fraud. Low-hanging fruit here could be reflected in the executive’s ability to detect phishing scams, password strength and device security (both in a digital sense through its environment and its physical location).
Often, low-hanging fruit is problematic because organisations don’t know enough about these risks or there isn’t enough budget available for upgrading defences against them (or both). It is important to have a plan in place for how you deal with low-hanging fruit when it comes up.
When it comes to addressing your low-hanging fruit to stop it from being picked, there are two sides of the coin that must be addressed. Your people and your technology.
Understandably, humans are the weakest link in cyber security. No one is perfect and human error is expected. However, with 9 in 10 cyber attacks being fault of the people within an organisation, the human element of cyber security can come at a hefty price. Although human risk cannot be eliminated, it is important to find ways to reduce it wherever possible.
A great place to start is to implement behavioural-based cyber security training, online or through in-person training sessions (contact us to arrange this). By educating staff on best practices, the specific risks facing them and the indicators of an attack, the chance of falling victim to a social engineering attack like phishing can be greatly reduced.
When installing a cyber-security vigilant culture within your organisation it is important to remember that change doesn’t have to consume a lot of time or effort. Even minimal changes like adopting strong password security practices (with MFA) across critical systems can go a long way to protecting an organisation.
Technology is frequently exploited by cyber criminals in the form of low-hanging fruit. Why? Because it is so easy to get it wrong. It is no shock that people rely on technology for everything in their daily lives – especially when it comes to setting-up and running a business. However, in business (particularly in the start-up phase), securing the infrastructure that your everyday technology sits on is often not viewed as a priority.
Poorly configured networks with outdated and unpatched software/devices are the leading cause for a network compromise. Weak passwords with insecure security configurations are vulnerabilities ready to be exploited. Common examples of network vulnerabilities (which amplify the severity of a vulnerable low hanging fruit) include vulnerable/OoD mobile/IoT devices, misconfigured firewalls, single-factor authentication, unsecure email services (no email security) and the risk of an insider threat actor (as knowledge of poor infrastructure can be leaked to or exploited by a malicious actor)
Whether you are an organisation with 10 staff, or 10,000, It is important to water your fruit trees to avoid any vulnerabilities from falling into a criminals reach. By this, we mean adhering to the cyber security policies and standards that your company sets and ensuring that all employees follow best practices (e.g., through cyber security training). This will bolster the security posture of the organisation and harden internal infrastructure, thus leading to no easy attack vectors for the malicious actor.
Depending on the size and needs of your business, a bespoke approach can be taken to minimise your risk and prevent any fruit from being picked (exploited) by a criminal.
Government-backed certifications like Cyber Essentials and IASME Information Assurance work by assuring security against typical low-hanging fruit like ‘firewalls’ and ‘end encryption’. If you need some help tackling your low-hanging fruit by ‘gardening’ your cyber security ‘orchard’, or if you aren’t sure where to start, speak to one of our experts directly:
Get your free cyber consultation today
Stay updated with the latest threats and industry news.
Kurt Schrauwen is a Director of the Riela Group of companies which includes Riela Yachts, Riela Cyber and Riela Tech.
Kurt brings more than 20 years of leadership experience having been an early part of the global success of Microgaming in becoming a market leader. Kurt was responsible for the commercial, contractual, and technical sales for Microgaming and with this experience will complement the company’s growth strategy.
Kurt is passionate about business optimisation and prides himself in having an intrapreneurial outlook to maximise staff potential, reduce inefficiencies as well as identifying and maturing revenue growth opportunities.
Paul Cocker joined the Riela Group in late 2021, after spending just under 20 years with his previous employer.
Paul is responsible for the Riela Tech service levels, working on both the dispatch function and SLA management. Paul carries out a variety of duties across the Network Operations Centre and works closely across the wider team to deliver professionally tailored solutions for our Riela Tech clients.
Something isn’t Clear?
Feel free to contact us, and we will be more than happy to answer all of your questions.
Murat Guner joined the Riela Group in the Summer of 2021 as an Infrastructure Engineer.
Murat began his career in Turkey as a computer teacher for primary and secondary schools before migrating his skills into IT infrastructure. After honing his IT experiences throughout a colourful career path, Murat gained numerous qualifications which he is now excited to apply to the management of our Riela Tech infrastructure.
Andy is a qualified Network Engineer with in-depth knowledge of architecting, implementing and supporting networking solutions in the SMB, Enterprise and Service Provider environments.
He has over 20 years of experience working across multiple vendor operating systems, including Cisco, Juniper, Linux and Microsoft, and has also been responsible for implementing a variety of large scale network services deployments, taking projects from design to rollout and support.
Andy also has experience of deploying and migrating a range of virtualisation technologies including VMWare, Hyper-V and KVM based systems.
Marc is our Group’s Infrastructure and Managed Services lead with over 18 years’ experience in delivering infrastructure projects across multiple industry verticals and international jurisdictions. From projects in Aerospace and Engineering through to Banking and Insurance, from Europe, China, Africa and Australia.
This experience is matched with a varied list of certifications from leading industry vendors such as Hp, Cisco, Microsoft, Ruckus, CompTIA and more. As a qualified technical trainer Marc is comfortably able to take complicated technical concepts and deliver them in simplistic terms to key decision makers and end users alike.
Most of Marc’s experience has been gained working for managed service providers, both large and niche and as such is able to take real world experience and blend it with industry standards to help align our service delivery with our clients values and processes.
As a Marketing Executive, Alex is responsible for all marketing duties spanning the Riela Group.
Alex joined the Riela Group in August 2020, shortly after graduating with a Psychology degree from Nottingham Trent University.
With past work experience in content marketing, event management and web design, Alex is able to apply her creative and analytical skills into the Riela strategy.
As the Head of Group Sales at the Riela family of companies, Matthew leads the company’s sales strategy, execution, and growth.
Matthew has a successful record building trusted client relationship and delivering upon set expectations. An accomplished sales leader, he delivers a sales process that provides clients with the information and support they need to make the right decisions for their organisations and their constituents.
Matthew has significant experience within the maritime industry having previously worked across various sectors including insurance, security, satellite communications and managed IT. Matthew’s most recent experience encompasses almost 5 years spent with the leading satellite communications and managed IT provider in the maritime industry, focusing on their superyacht clientele.
Christian is involved across the Riela family of companies with particular attention to the technology businesses, Cyber and Tech.
Christian gained a postgraduate Master in Finance degree at the University of Neuchatel, Switzerland and completed his MBA at the University of Chicago Booth School of Business.
Before joining us, Christian worked for six years at Argosy Capital, an Isle of Man-based private equity and venture capital business focusing on early-stage growth businesses. At Argosy, he focused on managing investment companies, research and financial analysis and served as a director on several boards.
Robert Tobin is the Managing Director of the Riela Group of Companies and is responsible in overseeing our business operations, our people and driving excellence in all we do.
Rob brings over 25 years’ of successful leadership and entrepreneurial experience across a range of industries including Family Office, corporate services, construction engineering, Superyachts, cyber security and information technology development to our Group, and to our customers.
In the past 15 years Rob has gained a prominent reputation within the Superyacht industry for his passion, integrity, innovation and achievements to date.
“Being part of an awesome, capable and forward thinking team that have a shared passion for Superyachts, people and the environment is the highlight of my career and puts a smile on my face and a spring in my step everyday”.
Peter is an experienced technology consultant with a demonstrated history of working in the IT and cyber security industry. Skilled in Search Engine Optimization (SEO), IT Strategy, Start-ups, Regulations, and Online Gaming. Strong consulting professional with a DPhil focused in Natural Sciences from ChristChurch, Oxford.
Tim Bliss, Managing Director of Riela Tech since the company foundation in 2015 and Director of Riela Cyber, brings over 20 years’ of successful leadership experience across a range of industries including finance and banking, software development, and manufacturing, as well as cyber security and information technology. Prior to forming the company he led the technology for Manx Financial Group PLC, where he was instrumental in business systems transformation.
“It is our hugely capable team of experts that drives our business – it is fantastic and rewarding to be able to use technology, intelligence, and great customer service to help make our clients’ business and staff progressively more efficient resilient and secure”