Recent surveys have once again highlighted the urgent need for UK business to focus on cyber security more seriously. A number of surveys, concentrating on user awareness management and cyber attack preparedness identify significant management challenges in many organisations. And, as if to prove the point, a survey of cyber attacks shows that nearly half of UK businesses have been hit by a cyber attack – indicating that these shortcomings are having real consequences. Surveys of management practices point to a lack of employee awareness to be the biggest single contributor to cyber attacks and data breaches
65 per cent of companies don’t have any security solutions deployed onto their mobile devices, and 68 per cent of companies do not have an awareness programme aimed at employees of all levels to ensure they are cyber aware.
In addition to this, 76 per cent of companies still don’t have controls in place to detect and prevent zero-day/unknown malware entering their organisations, and 74 per cent don’t have an incident management process established to respond to cyber incidents and prevent reoccurrences.
Scott Dodds, CEO, Ultima says, ‘It’s shocking that in 2017 so many companies are still failing to protect their businesses appropriately from cyber-attack. We know from research by Check Point the average enterprise downloads unknown malware every 4 seconds, and yet a third of UK companies by their own admission are woefully underprepared for such attacks.
‘What’s more, they are not educating their employees who are often the first line of defence with regard to cyber threats.
‘Without the right cyber security in place companies risk being held to ransom or could face going out of business. Not many businesses can survive catastrophic data loss, particularly in light of the forthcoming GDPR legislation
Surveys have also identified that 49 percent of institutions take between 3 months to a year to patch and manage vulnerabilities on critical systems. And only 40 percent of organizations said they have fully-automated cyber threat intelligence processes.
A new survey by cloud computing firm ServiceNow has revealed that the majority of chief information security officers (CISOs) are unable to keep pace with data breaches.
ServiceNow commissioned Oxford Economics to survey 300 CISOs and found that more than 80% believe data breaches in their company are going unaddressed.
Survey respondents were based in Australia, France, Germany, Singapore, the UK and the US. They represent companies ranging in size from $500m in revenue to over $10bn.
About 78% said they are concerned that they don’t have the ability to even identify data, and when they are able to detect potential cybersecurity events, 70% admit they struggle to prioritise the security events depending on business criticality.
More than one in 10 CISOs reported that their organisation suffered a significant breach within the past three years that lead to reputational or financial loss.
Just 19% rated their company as being highly effective in avoiding security breaches and only 38% of CISOs believe they are highly effective at protecting against breaches of customer credit card or financial data.
Manual processes and a lack of resources were cited as barriers by more than 25% of CISOs to their organisation’s ability to identify and respond to security breaches.
Only 7% of CISOs said their employees have developed the skills required to successfully prioritise security threats.
Cyber Security Failings Hit Nearly Half UK Businesses
The number UK businesses that suffered a cyber attack doubled last year with almost half of firms detecting a breach in 2016, according to an official report.
As many as 46pc of companies suffered from a cyber attack or breach of their computer systems last year compared with just 24pc the year before, according to figures from the Department for Culture, Media and Sport.
The figures come as the Government has warned that a “sizeable proportion” of businesses do not have the necessary protections in place to prevent attacks that could result in the loss of customer data.
The survey of 1,523 British businesses by DCMS revealed that the average cost per attack was £1,570 for all companies, rising to £19,600 for large ones. Larger companies are targeted more often: 68pc of those with more than 250 employees and 66pc of those with between 50 and 249 were victims of attacks.
The most common type of attack identified in the report was fraudulent emails, which affected 72pc of companies that experienced a problem. One large wholesale business reportedly receiving 340,000 such emails in a year.
Other incidents involved viruses and malicious software being downloaded onto companies’ computer systems, and employees’ identities being stolen and used in emails or online. The outcome of such attacks for businesses included the temporary loss of files or network access, and systems breaking.
Companies in the communications, real estate and scientific and technical services industries were all identified as being common targets for breaches.
The news comes after a year in which cyber attacks regularly hit the headlines, with high profile breaches at companies including Three Mobile and Tesco Bank and resulting in the loss of swathes of personal information and millions of pounds.
Ciaran Martin, the chief executive of the National Cyber Security Centre, urged businesses to treat security risks as a “top priority”.
“The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage,” Mr Martin said. “By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.”
The Government’s figure is significantly higher than those in a separate report earlier this week from the British Chambers of Commerce, which found that one in five British companies has suffered a cyber attack in 2016, with 42pc of larger firms having been victims.
But experts suggest the figure could be even higher, with one cyber security executive saying as many as 100pc of businesses could be under attack.
“This is probably an underestimate if anything,” said Anton Grashion, managing director at Cylance. “Firstly, this assumes they even know they have been hit. Secondly, people are more likely to under-report.”
The report revealed that only a quarter of companies that experienced a breach or attack reported it to someone other than their security provider. This was in part due to a lack of awareness about who to report such events to and why.
Separate research from security company Flashpoint into the methods employed by cyber criminals showed yesterday that they tend to work in large groups, emulate Russian methods, and frequently communicate via Skype.
38% Of All Cyber Attacks Completely “Avoidable” – Business Owners Blamed For Failing To Warn Staff
A further report has shown a rise of 78% in cyber claims from 2015 to 2016, with 90% coming from businesses with less than £50m in revenue.
According to a report by CFC Underwriting, 38% of all cyberattacks on businesses in 2016 were completely “avoidable” and would have been prevented if staff has been trained properly
The survey of 254 UK small firms revealed that a significant number of attacks made by cyber-criminals were “phishing scams” – where hackers send emails to businesses purporting to be from a reputable company in order to extract sensitive data like credit card numbers.
A relatively mundane attempt at fraud, fingers are being pointing at business owners for failing to educate and warn staff about such risks.
Indeed, 27% of respondents admitted to never training their staff on issues of cyber security because they “didn’t know where to start” – suggesting business owners themselves are in need of more education on the matter.