Emma O'Connor The World's Third-Largest Economy

In the wake of major UK retail cyberattacks, ThreatAware's CEO Jon Abbott appeared on BBC Radio 4's Broadcasting House to share insights on the growing cybercrime landscape, which now represents the equivalent of the world's third-largest economy.

Jon highlighted how organisations must prepare their cybersecurity defenses before attacks occur, emphasising that proactive security across every device is essential as interconnected systems create an ever-expanding attack surface.

A Wake-Up Call for Business Leaders

Speaking live on air, Jon emphasised that while the recent attack has captured headlines in the retail sector, the reality is that this threat cuts across all industries. He stressed that with today's interconnected systems, organisations must ensure every control is working across every device.

The Expanding Attack Surface

Jon also explored the hidden vulnerabilities that exist in today's hybrid environments. From fulfilment centres and customer-facing apps to endpoints across warehouses and HQs, every part of a business is now digitally linked.

He explained how this creates a sprawling cyber attack surface and why maintaining strong security controls like antivirus, patch management, and configuration checks across every device is critical. He noted that even something as simple as ignoring a browser update can create an opening for attackers.

Are Organisations Really Prepared?

Emphasising that preparation before an incident is essential, Jon acknowledged the uncomfortable reality that many companies aren't adequately prepared. This blunt reality underscores why proactive cyber asset protection is no longer optional.

The Economic Scale of Cybercrime

Jon closed with a striking comparison: the global cost of cybercrime is equivalent to the world's third largest economy. It's a reminder that the stakes have never been higher—and that cyber resilience underpins business resilience.

Cyber Resilience 101: Five Essential Steps

Based on Jon's insights and industry best practices, here are five critical steps every organisation should take to improve their cyber resilience:

1. Ensure complete device visibility: Maintain a comprehensive inventory of all devices accessing your network, including previously invisible "stealth" devices that might be connecting to corporate data without proper security controls.
2. Validate security controls continuously: Don't assume your security tools are working properly. Implement continuous validation to ensure every control is functioning correctly across all endpoints, with real-time monitoring that alerts you when gaps appear.
3. Review credential policies and implement strong authentication: Enforce robust password requirements and ensure Multi-Factor Authentication (MFA) and Single Sign-On (SSO) areused across all systems and applications to prevent unauthorized access.
4. Implement a comprehensive disaster recovery plan with relevant playbooks: Ensure your organisation has detailed procedures for responding to different cyber incident scenarios, with clear roles and responsibilities assigned.
5. Conduct regular incident response exercises: Practise your response to cyber incidents through tabletop exercises involving both technical teams and executive leadership, ensuring everyone knows their role before a real crisis hits.

By implementing these fundamental steps, organisations can significantly improve their ability to prevent, detect, and recover from cyber attacks.

Listen to the full interview on BBC Sounds here.

Learn more about how ThreatAware protects organisations from cyber blind spots here.