CloudGuard AI https://cloudguard.ai Fri, 30 May 2025 12:13:18 +0000 en-GB hourly 1 https://wordpress.org/?v=6.8.1 /wp-content/uploads/2023/10/cloudguard-icon-50x50.png CloudGuard AI https://cloudguard.ai 32 32 Issue 67: Cloudflare Tunnels Abused, OneDrive File Picker Exposes Full User Access & APT41 Hides Malware in Google Calendar https://www.linkedin.com/pulse/issue-67-cloudflare-tunnels-abused-onedrive-file-picker-exposes-wxx6e/?trackingId=aa0fZ8V0E3pEiURMG08%2BDQ%3D%3D#new_tab&utm_source=rss&utm_medium=rss&utm_campaign=issue-67 Fri, 30 May 2025 12:13:18 +0000 https://cloudguard.ai/?p=14858 How to Calculate Cyber Risk Reduction and Why It Could Save Your Business https://cloudguard.ai/resources/how-to-calculate-cyber-risk-reduction/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-calculate-cyber-risk-reduction Wed, 28 May 2025 13:02:49 +0000 https://cloudguard.ai/?p=14827 You wouldn’t insure half your office. So why leave half your business unprotected from cyber threats?

50% of UK businesses were hit by cyber-attacks in 2024, costing medium-sized firms an average of £10,830 each time. Yet most of these losses were avoidable. In fact, 97% of successful attacks could have been prevented with better cybersecurity.

So how can you assess if your cybersecurity investment is truly worth it? The answer lies in calculating your cyber risk reduction.

This post explores how to do that, using insights from CloudGuard’s 2025 Cybersecurity ROI Business Case.


What is cyber risk reduction and why it matters

You know that cybersecurity is more than a technical concern, it’s a strategic business issue. Attacks disrupt operations, damage customer trust, and hit your bottom line.

Real-world example: When a UK-based SME in financial services suffered a phishing attack, their portal was down for 9 days. They lost two major clients and took a £200,000 reputational hit. Had they tested their incident response plan, they could have recovered in just 5 days and saved over £170,000.

The stakes:

  • 53% of businesses suffer reputational damage after a breach
  • 24% experience long-term financial losses not covered by insurance
  • Market value can drop 14% in two weeks post-attack

Despite this, cybersecurity budgets in 2024 remained flat. Most SMEs are maintaining, not scaling, their defences. That’s a risk.


Cybersecurity ROI: The stats every CFO needs to see

The basic risk formula is:

Risk = Likelihood × Business Impact

But CloudGuard goes deeper, classifying risks into:

  • Known Knowns – predictable, measurable risks
  • Known Unknowns – known risks with unclear probabilities
  • Unknown Knowns – ignored or underestimated risks
  • Unknown Unknowns – emergent threats like zero-days

Inspired by Donald Rumsfeld’s framework, the “Known and Unknown Matrix” helps businesses categorise cyber risks based on their awareness and understanding, ranging from clearly defined threats to unforeseeable vulnerabilities that emerge without warning.

CloudGuard also identifies key risk areas:

  • People: Human error is the top vulnerability. From phishing scams to poor password hygiene, employees are often the first point of failure in a cyber incident. Ongoing training and a culture of security awareness are critical.
  • Processes: Impersonation and workflow gaps allow attackers to exploit weak verification steps or lack of oversight in digital transactions. Businesses need clearly defined, secure workflows—especially in finance, procurement, and HR.
  • Systems: Inadequate data classification & access controls lead to unmonitored exposure of sensitive information. A structured approach to data governance, including encryption and strict role-based access, is essential.
  • External: Supply chain attacks surged 300% in 2023. Vendors, partners, and third-party services must be held to the same security standards, with contracts including cybersecurity clauses and periodic audits.

The true cost of doing nothing

67% of UK small businesses feel they do not have the in-house skills to manage cybersecurity issues.

Here’s what happens when cyber risk is ignored:

  • 61% of SMEs fail within 6 months of a cyber incident
  • Only 57% of UK SMEs have cyber insurance
  • Average downtime: 12 days x £2,949/day = £35,388
  • Tested IR plans reduce downtime by 45%

Even with cyber insurance, many claims fail due to gaps in security posture or untested Incident Response Plans.


Risk reduction ROI: The numbers that matter

Using CloudGuard’s risk calculator:

  • Average incident exposure: £506,000
  • Likelihood of attack without investment: 38%
  • Likelihood with investment: 8%
  • Risk reduction: 30% = £151,800

Cost scenarios (150-employee SME):

Investment Option Cost ROI (%) ROI vs Managed
Managed Service £41,949 261.8% Best ROI
Internal Recruitment £63,073 140.5% 46% lower
External Recruitment £95,927 58.2% 78% lower

A managed service model offers the highest ROI with the lowest complexity.


Phishing, downtime and reputational risk

Phishing is still the most common threat, accounting for 83% of cyber attacks.

This prevalence is due to the human element, it only takes one employee clicking a malicious link to compromise an entire organisation. The cost ripples into customer trust, operational continuity and even market valuation.

Successful cyber strategies account for this by addressing both technical safeguards and human behaviour. A layered approach builds resilience across every level of the business:

  • Cyber training every 6 months to refresh awareness and recognise evolving tactics
  • Formal, tested incident response (IR) plans to reduce recovery time and regulatory exposure
  • SaaS account audits to revoke access for all leavers and reduce the risk of insider threats
  • AI-enhanced detection systems that provide real-time alerts and automate first-response actions

A strong response posture consists of minimising impact, rapid detection, coordinated containment and informed response. These are the pillars that determine whether a cyber incident is a hiccup or a headline.


Want to know your own risk profile?

cybersecurity roi

The question isn’t if you’ll face a cyber incident, it’s when. The only real question is: how prepared will you be?

Download the full CloudGuard Cybersecurity ROI Business Case Guide to:

  • Build your own risk model
  • Calculate your risk-based ROI
  • Access templates and planning frameworks
  • Benchmark your cybersecurity maturity

Or reach out for a no-obligation consultation with CloudGuard experts.

]]>
Issue 66: Trump axes key cyber advisory boards, hackers exploit spoofed IT calls and fake Chrome extensions to breach networks & steal data https://www.linkedin.com/pulse/issue-66-trump-axes-key-cyber-advisory-boards-hackers-exploit-i4yve/?trackingId=QDQCXjjqAXdkMycPt6iL%2Bw%3D%3D#new_tab&utm_source=rss&utm_medium=rss&utm_campaign=issue-66 Fri, 23 May 2025 12:27:00 +0000 https://cloudguard.ai/?p=14817 The Ultimate Cybersecurity ROI Playbook /resources/cybersecurity-roi-guide/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-build-a-successful-cyber-business-case-whitepaper Mon, 19 May 2025 10:37:42 +0000 https://cloudguard.ai/?p=14767 Issue 65: Retail and Luxury Giants Hit by Wave of Cyberattacks – More on the Marks & Spencer, Dior & Co-op Breaches https://www.linkedin.com/pulse/issue-65-retail-luxury-giants-hit-wave-cyberattacks-more-qbvwe/?trackingId=pR7aUEg69er3TvdRL%2BEhDg%3D%3D#new_tab&utm_source=rss&utm_medium=rss&utm_campaign=issue-65 Fri, 16 May 2025 11:46:44 +0000 https://cloudguard.ai/?p=14740 When Your Vendor Gets Hacked: The Third-Party Incident Response Plan for Financial Services https://cloudguard.ai/resources/third-party-incident-response-plan-finance/?utm_source=rss&utm_medium=rss&utm_campaign=third-party-incident-response-plan-finance Mon, 12 May 2025 13:17:01 +0000 https://cloudguard.ai/?p=14645 Small financial services firms increasingly depend on cloud platforms, fintech solutions, and third-party IT providers to run their operations. But when a security breach originates outside their own infrastructure, knowing how to respond quickly and effectively becomes just as critical as protecting their internal systems.

Why having a plan matters

Third-party breaches are rising, and spreading faster. Did you know 98% of Europe’s largest companies have reported a third party breach? Now, if that’s happening to the big guys, the question isn’t just “Are we secure?” but “What happens when our vendors aren’t?”

On top of this, only 22% of UK businesses have a formal Incident Response plan, a significant gap in preparedness. 

From DORA’s new ICT supply chain requirements to real-world breaches like MOVEit and SolarWinds, regulators and customers now expect preparedness even when the compromise happens externally.

Spotlight: Secure File Transfer Under DORA
The MOVEit breach highlighted a huge gap, where secure file transfer tools are often overlooked as third-party risks. Under DORA, financial firms must ensure the resilience of data in transit, not just at rest. This includes assessing managed file transfer (MFT) platforms, SFTP services, and cloud-based file exchanges. Many mid-sized firms use such tools daily without formal vetting, monitoring, or breach response plans, despite the fact that data transfer outages or compromises can directly impact regulatory reporting obligations and customer trust.

Key challenges for mid-sized financial firms

  • Low visibility into vendor infrastructure
  • Dependency on partners for updates, logs, and timelines
  • Lack of predefined response workflows for third-party incidents
  • Pressure to communicate quickly, without all the facts

Readiness Self-Check

Answer Yes/No:

  • Do you have a documented and tested IR plan?
  • Do all key responders know their roles?
  • Can you isolate a compromised machine within 5 minutes?
  • Is there a predefined plan for stakeholder comms?
  • Have you tested the plan in the last 6 months?

Score 4–5 Yes: You’re in a good place — refine and rehearse. Score 2–3 Yes: Prioritise improvements now. Score 0–1 Yes: Start with this toolkit and build.

5-phase plan for third-party incident response

1. Detection & Awareness

  • Subscribe to vendor status pages or threat intel feeds (some free ones include AlienVault & VirusTotal)
  • Monitor for abnormal outbound connections or broken integrations
  • Encourage staff to report unexplained vendor outages or degraded services

Red flag: MFA outage on SSO provider, SaaS tools timing out, or sudden webhook failures

2. Immediate Containment Steps

  • Disable integrations or API keys to affected vendor systems
  • Restrict outbound traffic/IPs related to vendor connections
  • Review and rotate any shared credentials (API keys, SSO tokens)
  • Force logout users and initiate session revocation if needed

Bonus: Pre-build automation to revoke shared tokens or disable integrations in one click

3. Internal Escalation & Activation

  • Alert your IR lead, legal/regulatory liaison, and executive sponsor
  • Review your contract or SLA for vendor breach obligations
  • Determine if a regulatory threshold is crossed (see below)
📢 Regulatory Triggers (UK)

You may need to notify regulators within 72 hours if:

  • Customer data was exposed (GDPR)
  • Operations were significantly disrupted (FCA/PRA)
  • Systems supporting payment or financial transactions were impacted

4. Coordinate Communication

  • Request a timeline and impact statement from the vendor
  • Draft internal FAQs for customer support and sales
  • Align messaging with vendor PR and status page updates

Message template (internal):
“We’re investigating a possible security issue involving [Vendor X]. While our systems are currently stable, we’ve paused integrations and initiated our IR workflow. Please route any client questions to [Channel X].”

External Customer Update Template:

“We are aware of a potential incident involving one of our service providers. While our systems remain secure, we’ve taken precautionary measures and continue to monitor the situation closely. We will provide updates as we learn more.”

5. Post-Incident Review & Remediation

  • Document timeline, vendor responsiveness, and decisions made
  • Conduct a risk reassessment of the affected vendor
  • Ensure recovery steps were fully executed (access, logs, tokens, backups)
  • Update your vendor breach playbook accordingly

Vendor criticality matrix (simplified)

Risk Category Criteria Priority Action
High Access to sensitive data + operational impact Playbook required + contract clause review
Medium Access to internal systems but no PII Alerting + response workflow needed
Low No access to critical assets or data Periodic review

Must-have table: Who does what

Action Responsible Party
Disable integration/API Internal IT/security
Communicate with vendor Procurement or security
Notify regulators/customers Legal + Compliance
Log incident timeline & decisions IT / Incident Manager
Update customer support comms Marketing / CX

Third-party breach checklist

✅ Vendor contacted and response underway
✅ Shared credentials (API keys, SSO) reviewed/reset
✅ Integration disabled or traffic restricted
✅ Leadership, legal, and customer support informed
✅ Comms approved and published (if needed)
✅ Vendor’s remediation reviewed and logged
✅ Risk score and playbook updated

Make This Easy CloudGuard AI helps mid-sized financial firms prepare for the breaches they can’t control with expert guided Incident Response workshops. Because when it comes to breaches, it’s not a matter of “if” but “when.” Make sure you’re prepared.
]]>
Issue 64: LockBit Falls, AirPlay Exploits Spread, and Zero-Days Dominate https://www.linkedin.com/pulse/issue-64-lockbit-falls-airplay-exploits-spread-zero-days-a3bre/?trackingId=qFRE8woV1kNMzkQ28AcqZw%3D%3D#new_tab&utm_source=rss&utm_medium=rss&utm_campaign=issue-64-lockbit-falls-airplay-exploits-spread-and-zero-days-dominate Fri, 09 May 2025 11:55:51 +0000 https://cloudguard.ai/?p=14642 Issue 63: AirPlay Hacks, TheWizards’ Ransomware and M&S Under Siege https://www.linkedin.com/company/67117492/admin/page-posts/published/#new_tab?utm_source=rss&utm_medium=rss&utm_campaign=issue-63-airplay-hacks-thewizards-ransomware-and-ms-under-siege Tue, 06 May 2025 10:59:14 +0000 https://cloudguard.ai/?p=14623 Issue 62: Hackers Exploit Zoom and Chrome in Social Engineering Attacks, While Microsoft Resolves Entra https://www.linkedin.com/pulse/issue-62-hackers-exploit-zoom-chrome-social-engineering-attacks-dcjwe/?trackingId=WTZNWdsJqjMKIfKvh9LeFQ%3D%3D#new_tab&utm_source=rss&utm_medium=rss&utm_campaign=issue-62-hackers-exploit-zoom-and-chrome-in-social-engineering-attacks-while-microsoft-resolves-entra Mon, 28 Apr 2025 09:34:25 +0000 https://cloudguard.ai/?p=14545 Issue 61: Sonic Wall SMA Exploited, Critical Apple Security Updates & Increased Scanning of Palo Alto GlobalProtect https://www.linkedin.com/pulse/issue-61-sonic-wall-sma-exploited-critical-apple-security-w6oxe/?trackingId=UQ69cGzmTVGWw%2FVASCZiOQ%3D%3D#new_tab&utm_source=rss&utm_medium=rss&utm_campaign=issue-61-sonic-wall-sma-exploited-critical-apple-security-updates-increased-scanning-of-palo-alto-globalprotect Tue, 22 Apr 2025 07:17:32 +0000 https://cloudguard.ai/?p=14503