The Government has launched its Cyber Security Breaches Survey 2021 results. Since 2016 it has measured how UK organisations approach cyber security, and the impact of breaches and attacks.
The past year has obviously been a difficult one for most businesses and as we have seen this has meant that cybercriminals have upped their game and more sophisticated and regular in their attacks. It is no surprise then to see that the survey found that cyber security remains a priority among management boards with 77 percent of businesses saying that it is a priority (compared to 60 percent in 2016).
While this is an encouraging it seems that the prioritisation placed on cyber security is necessarily reflected in the day-to-day activity of businesses. A rather worrying stat from the Government report is that only 14 percent of businesses train staff on cyber security, with 20 percent testing their employee’s response with mock phishing attacks. With so many of the workforce now sitting outside of the corporate environment and having to make their own decisions as to what looks like a potentially harmful email, education is more key than ever.
Some are turning to intelligent tools to help their employees with that decision making. The solutions recognise a potential phishing attempt and highlight the email to the user, allowing them to make an informed decision as to whether to open it or not.
27 percent of businesses were attacked at least once a week and 23 percent admitted to needing new measures to stop future attacks. More worrying stats from the report include that 35 percent of businesses interviewed used security monitoring tools, down five percent from 2020. Similarly, the monitoring of user activity had also dropped six percent from 2020 (32 percent, 2021 to 38 percent 2020).
The levels of sophistication cyber-criminals were using prior to the pandemic were already rising sharply, however, the circumstances and opportunity has meant that businesses are seeing more and increasingly clever attacks. With resources stretched fewer businesses are installing up-to-date malware. 83 percent have up-to-date malware protection, down five percent from 2020 and 78 percent have network firewalls down five percent from 2020.
The importance of ensuring that you have updated the most recent patches and updates is crucial – a subject we covered recently.
One of the key factors in businesses helping to reduce the risk of being attacked is to prepare for future uncertainties. The report found that in total only 31 percent of businesses have continuity plans that mention cyber security. Only 15 percent have done an audit of their cyber security vulnerabilities.
Even the 15 percent of businesses that are auditing their vulnerabilities may not have a full picture of potential weaknesses. Many of the high-profile attacks over the past year have originated, not from weaknesses in their own defences, but those of partners or third parties. Gaining a 360° view of all potential vulnerabilities is now critical in ensuring that all gaps are closed.
The report seems to point to an increase in the acknowledgement from businesses that cyber-security is crucial in the long-term business success and continuity. The pandemic has certainly exacerbated the situation and people’s realisation of the potential damage of security threats. However, this is not seemingly backed up by actions, with businesses lagging behind on staff education, updating patches and having a full understanding of where potential vulnerabilities lie.
Cyber-criminals are not going anywhere. The nature of their approach will become increasingly sophisticated and businesses need to do everything they can to defend themselves to the best of their ability. Acknowledgement is a first and important step, but more has to be done, and done quickly.