A large majority of UK companies have experienced an increase in cyber-attacks over the last 12 months—even as the cost of successful incursions doubled.
According to a study from B2B market research company Circle Research, 78% of respondents said that they have been attacked, with two-thirds (64%) of organizations experiencing a security incident in 2015.
But that’s not all: Nearly half (42%) told researchers that they had experienced more than one incident in the year. And on the outlier edge, 13% said that they had been victim to more than 10 separate security incidents over the year.
According to the senior cybersecurity professionals polled (including IT directors, CIOs, CTOs, heads of security and IT analysts), this is a threat that is growing. Increasing availability of attack software and a growing sophistication in the approach used by attackers means that businesses must continually update their approach to cybersecurity in order to keep data protected.
Respondents indicated that there are four key threats facing businesses today: phishing (experienced by 57%), trojans (experienced by 32%), patch exploitation (experienced by 26%) and distributed denial of service (DDoS) attacks (experienced by 21%). Nearly one quarter (23%) of businesses say that they “may have lost customer data” thanks to these vectors. About 44% of companies admitted that they feel particularly vulnerable to phishing attacks that use social engineering.
The aftermath of such attacks is not pretty. Last year, the UK government estimated that average cost of severe online security breaches for big business had more than doubled to £1.46 million.
And there’s more than external threats to consider. Andrew Dalglish, director of Circle Research, noted that insider threats have emerged as an important risk category.
“Not only are security breaches becoming more lucrative for attackers, research highlights that the weakest link in many businesses' security systems often comes from within,” said Dalglish. “Intentional or not, the very people working for a business can pose the biggest threat to its security and the security of customer data.”
Fortunately, most security professionals have a plan to combat the issues. The report found that about 50% of businesses advocate increasing staff training and 20% recommended an internal policy of increased awareness to ensure that staff are updated regularly as threats evolve and develop. And perhaps most importantly, threat intelligence and information-sharing has taken a front-burner position: A full 99% of businesses feel that sharing cybersecurity experiences will become one of the most effective ways to combat the growth and spread of threats.
Photo © Mikko Lemola