A new survey report looking into cyber security awareness, attitudes, approaches and impacts has revealed alarming new figures around heightened cyber attacks, in particular that 2 in 5 UK businesses (around 39%), reported a cyber attack or breach in the last 12 months.
According to the Department for Digital, Culture, Media and Sport’s (DCMS) Cyber Security Breaches Survey 2021, Covid-19 has caused unprecedented challenges for businesses – although that shouldn’t come as a surprise to IT professionals.
Direct security and monitoring has become harder with remote working, as has upgrading systems. Endpoints are causing headaches, particularly in the beginning when laptop shortages blurred the lines with BYOD/UYOD. In-house IT resources were stretched and tested, often having to choose between prioritising business continuity and cyber security.
Within the report are key findings around types of attacks, how businesses are being affected and how they are protecting themselves.
The most common attack vector
When this question was first asked, back in 2017, direct malware was more prevalent. But overtime this has been knocked off it’s top spot by phishing and impersonation attempts. Between 2017 and 2021, phishing attacks have risen from 72% to 83%.
Phishing attacks are widely considered the most disruptive type of attack an organisation can face. Hardly surprising considering they can allow much worse in.
It’s interesting to see that ransomware is only at 7% considering that a total of 199.7 million ransomware attacks had been reported globally in the third quarter of 2020.
|Around a quarter of businesses experience breaches or attacks at least once a week|
How businesses are being affected by breaches or attacks
Reportedly 1 in 5 attacks or breaches result in a negative outcome, like loss of data or stolen assets – but why would you play Russian roulette, especially when you can see what other companies have shared what they’ve been through.
If you are one of the lucky ones that manages to escape one of the many nasty implications listed, you’re not immune to any impacts. New protective measures would need to be evaluated immediately, staff resources would be diverted away from other projects to remediate the breach, reputation can take a hit and customer complaint will need handling.
How businesses are identifying and minimising cyber risks
This graph displays the activities that business have carried out in the last 12 months. It’s unsettling to see that around half of businesses have done none of these actions.
The survey has also explored the attitudes towards cyber security - the majority of senior management sees cyber security as a priority, but it’s still not a 100%. One business reasoned that from the directors’ perspective, it was more important to keep the business running during unprecedented challenges, whereas the survey respondent felt that there still needed to be a layer of security that would prevent them from being more vulnerable.
It’s good to see that staff training has appeared on the list of activities business are using, although more should be adding it to their cyber defence strategy. Your Human Firewall is the first line of defence to block outside threats, so make it a priority.
It can also be an easy win. For example, one business cited in the report carried out a mock phishing exercise and found that 15% of employees fell for the mock phishing email. When the findings were presented to the management board conversations and actions around new user training and technical rule changes happened.
How businesses are preventing future breaches or attacks
In terms of prevention, most businesses that have previously been breached or attacked have taken good steps to prevent any further breaches. Shockingly around a 3rd of businesses haven’t taken any action since their attack. In order to keep up with the evolving threat landscape, businesses need to invest in new technologies and solutions to keep their business protected from further breaches.
The top 3 actions taken in light of a breach were:
1) Providing additional staff training
2) Installed, changed or updated antivirus and anti-malware software
3) Changed or updated firewall or system configurations
As threats continue to evolve, our cyber security services mature and strengthen with it to protectively respond to new and evolving threats. If you’re looking for more information on how you can keep your business protected, our cyber security experts are here to help!