Two-thirds of large UK businesses suffered a data breach or cyber attack at some point in the past year, according to new research by the government.
Released on Sunday, the Cyber Security Breaches Survey claims that a quarter of those firms which suffered a breach did so at least once a month.
The stats are doubly concerning as, in many cases, the cost of dealing with such an incident runs into the millions, according to the government.
However, only half of respondents said they’ve taken steps to identify and patch vulnerabilities in their systems, just a third claimed to have formal security policies in place and only 10% had an incident management plan.
The most common malware attacks (70%) likely to be experienced by firms are preventable if they sign up to the Cyber Essentials scheme, it claimed.
This is a government-backed certification scheme designed to set out a baseline of security suitable for all organizations.
Digital economy minister, Ed Vaizey, claimed in a statement that the government has made cybersecurity a top priority, having committed £1.9 billion over the next five years.
“Too many firms are losing money, data and consumer confidence with the vast number of cyberattacks,” he added. “It’s absolutely crucial businesses are secure and can protect data. As a minimum companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”
Smoothwall head of corporate, David Navin, urged IT managers to start with the basics: firewall, encryption and good security software.
“However security needs to be taken seriously throughout companies by all of their staff. It is common knowledge now that the majority of security breaches occur due to human error,” he added.
“Ensuring a strong security culture is instilled throughout the workforce therefore is vital to ensure staff are constantly vigilant and aware of the threats.”
Rob Lay, customer solutions architect at Fujitsu, argued that firms need to be more proactive.
“Organizations need to focus on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats,” he added. “There must also be a clear and well-rehearsed incident management plan for a breach, addressing internal and external communication in addition to containment and recovery activities.”
ViaSat UK CEO, Chris McIntosh, claimed companies need to review their entire IT systems from “top to bottom.”
“The fact is that many organizations could already have been compromised, and not know till months or years later,” he said.
“Organizations need to assume that they have already been compromised and work backwards on this basis; only then can they trust that the network is secure and behaving as it should be. This will not only protect against the immediate threat of a cyber attack but will also help preserve company reputation and ensure the health of UK industry for the foreseeable future.”
Piers Wilson, head of product management at Huntsman Security, argued that attackers can sidestep traditional AV tools today with ease.
“Rather than using defenses that are on the lookout for just the threats we know about, businesses need to start building systems that harness machine-learning and artificial intelligence to predict what will come next,” he said.
“By baselining ‘normal’ systems activity, businesses can detect in real-time any anomalies that indicate suspicious activity that their security teams need to investigate.”