Skip to main content

About the author

Roland Thomas

Associate Director | Corporate Development

Roland is an Associate Director in Thomas Murray’s Corporate Development team. He joined Thomas Murray in 2018 with responsibility for group strategy, partnerships and corporate finance. More recently, Roland’s role has focused on establishing Thomas Murray’s cyber risk business, starting in 2021 with the launch of our Orbit Security platform, and the development of our expert cyber risk consultancy. Roland has a BA in English Language and Literature from Oxford University.

Cyber security measures are becoming increasingly complex in an effort to combat the misuse of rapid developments in AI and machine learning and the rise of state-sponsored cyber warfare attacks.

Here are our three top recommendations for ensuring that your cyber security management plans are focused on the most pressing challenges.

1. Start close to home

Your greatest security threats come from people innocently clicking links in emails, or trying to find ‘work arounds’ that create short-term efficiency but long-term vulnerabilities.

Ensure everyone in your organisation knows about the forms increasingly sophisticated phishing attacks are taking, and knows who to report to when they get a suspicious message. Beyond social engineering, the rise of remote working and greater connection to the Internet of Things mean that your community should also be alerted to dangers posed by things like insecure WiFi connections and unauthorised plug-ins and devices (e.g. ethernet cables and mobile phones with outdated security patches), and spoofs of communication channels like Zoom, Teams and Slack.

Cyber criminals know that the richest pickings come from the worlds of finance, healthcare and pharma, higher education and the not-for-profit sector. All are also particularly susceptible to intentional abuse of their systems. Make sure sensitive platforms and information are available only to those with authorised access to them.

Whether your organisation’s payroll covers dozens of individuals or thousands, make sure that former employees and contractors lose access to your systems the day their relationship with you ends. If you have unpaid people with systems access (e.g. students, volunteers or interns), make sure their access rights don’t continue for longer than necessary either. Automation can help you with this.

2. Make friends with automation and AI

Almost every large organisation will have an enormous attack surface. A university is a classic example: The way these institutions are structured – with different departments spread across multiple campuses, with a vast web of research, teaching and support services – means it’s next to impossible for security teams to manually track all of its network infrastructure, let alone monitor all of those potential entry points for weaknesses. The same will be true for banks and international charitable organisations too.

You will need a security solution that can accurately discover your attack surface and continuously monitor it for breaches and vulnerabilities that could be exploited by threat actors.

Even better, your solution should be able to generate clear, easy-to-read reports that you can use to explain your security posture to non-technical senior stakeholders. This will help your team to secure the resourcing and budget it needs to stay on top of risk management.

3. Keep a tight hold on your supply chain and third parties

Most organisations rely on external service providers to keep functioning. Globalisation and a drive for efficiency have made large-scale outsourcing a normal business practice. ESG risks are driving many boardroom conversations, but don’t overlook the risk that your supply chain creates for your cyber security, either. Robust vendor assessments and ongoing third-party risk management will identify high-risk potential partners before you sign with them, to make sure you are not onboarding unnecessary risk.

Monitor – Assess and Remediate – Mitigate

With Orbit Security, you can continuously monitor the security posture of all your third parties, allowing you to proactively build security into your supply chain. Let us engage with your high-risk vendors to improve their security postures and protect you further. We can also help you with all of your third-party risk management requirements, from onboarding through to offboarding.


Orbit Security

Orbit Security

Security ratings for enhanced attack surface management and third party risk. Monitor for breaches and vulnerabilities that could be exploited by threat actors.
Learn more

Contact an expert

Robert Smith

Robert Smith

Head of SaaS Sales and Customer Success 

Roland Thomas

Roland Thomas

Associate Director | Cyber Risk