Attacks on UK Firms Fall for First Time in Three Years

Recorded cyber-attacks against UK businesses have fallen for the first time since 2018, although hybrid working practices represent an ongoing risk, according to new data from Beaming.

The business ISP has been analyzing malicious traffic targeting its customers since 2016, in order to better understand the threat landscape.

It claimed that threat volumes dropped by 9% year-on-year in the second quarter of 2021, bringing them down to levels similar to Q1 2021 when businesses suffered just over 157,000 attacks each on average.

However, businesses should not let their guard down: Beaming customers were each hit by an average of 160,610 attempts to breach their systems in Q2 2021, which amounts to an attack every 49 seconds.

Although these will largely be low-level, automated threats, there’s still the potential to cause damage if defenses aren’t configured correctly — especially as organizations adapt to a new hybrid way of working.

Beaming managing director, Sonia Blizzard, explained that a surge in cyber-attacks early last year coincided with the first lockdown, indicating threat actor efforts to exploit under-protected home workers.

“Attacks have fallen to near pre-pandemic levels as more people returned to their workplaces, but businesses are still in the firing line and face new attacks every minute. We continue to urge caution,” she warned.

“Home and hybrid working remains a permanent fixture for lots of firms. Many of their people will access company data and IT systems via personal devices and unmanaged domestic internet connections. These new normal working practices are inherently insecure and increase the risk of a breach.”

Blizzard urged businesses to revisit their security strategy if they allow home working to minimize cyber risk.

Phishing emails designed to trick distracted home workers, exploits for unpatched software including VPNs, and hijacking of RDP endpoints protected by weak or breached passwords have been common tactics used to target remote working staff over the past year.

Most attacks from Q2 2021 were traced back to computers in China, followed by the US, India and Russia, Beaming said.

What’s Hot on Infosecurity Magazine?