UK businesses came under attack every 45 seconds on average in the third quarter, although overall volumes declined by 2%, according to new data from Beaming.
The Hastings-based business ISP claimed UK firms suffered an average of 176,206 attacks each from July to September 2020, the equivalent of 80 per hour.
Once again, the usual suspects of IoT devices like networked printers and security cameras, file-sharing applications and company databases were the most frequent targets.
Almost 350,000 unique IP addresses were used in these attacks, with the biggest number (49,303) traced back to China — an increase of a third (34%) on the 36,842 detected in the previous quarter.
There was also a sharp rise in malicious IP addresses from India (up 159% to 24,149) and Egypt (up 192% to 20,619). However, these are more than likely to have been the location of compromised botnet-based PCs rather than those controlling them.
Beaming managing director, Sonia Blizzard, branded levels of malicious activity over the summer “exceptionally high.”
“With millions of employees still working from home, the risk of human or technological failures leading to serious breaches is now higher than ever,” she warned.
“Small and medium sized businesses can boost their resilience to cyber-attacks by investing in employee training and following their larger counterparts in adopting more sophisticated cybersecurity technologies such as two-factor authentication, network perimeter firewalls and private dedicated networks.”
Back in July, Beaming claimed that the number of UK businesses falling victim to cybercrime had doubled over the previous five years, with around a quarter hit in 2019. The ISP estimated the cost to the UK economy over this time at around £87 billion.
COVID-19 continues to negatively impact cybersecurity efforts, providing both an opportunity for attackers to target distracted home workers and under-protected endpoints, and hindering security teams’ responses.
Over half (56%) of UK business leaders polled recently by Centrify claimed that remote working has made it harder to identify attempts to impersonate staff, via BEC attacks and phishing emails.