UK Firms Suffered 230K Cyber-Attacks Each in 2016

UK businesses each suffered 230,000 cyber-attacks on average last year, according to new data from business ISP Beaming.

The Hastings-headquartered firm made the claim based on its monitoring of thousands of UK-based businesses over the past 12 months.

It claimed the volume of attacks faced by its customers last year doubled from 2015, exceeding the 1000-per-day mark in November.

A third of attacks in the first quarter were apparently focused on compromising corporate databases. However, attacks against IoT devices subsequently spiked 310% between Q1 and Q4 2016 as hackers looked to take over networked cameras, building security systems and other internet-connected devices.

As a result, “remote control” was by far the most popular targeted ‘application’ - accounting for nearly 1000 attacks per business per day by the end of the year.

By the end of the year more than 90% of attacks were focused on taking control of connected devices, Beaming said.

A spokesman told Infosecurity that this includes “any device that has a web or command line interface accessible over IP.”

However, the ISP was unable to clarify to what ends such devices were being targeted.

“Our analysis monitors the frequency and types of attacks hitting company firewalls. We don't have any figures showing what happens when devices are infected,” he claimed.

Beaming managing director, Sonia Blizzard, argued that attacks against UK firms are growing in volume and sophistication.

“The majority of internet cyber-attacks are computer scripts that search the web for weaknesses and probe firewalls constantly for a way in. With the Internet of Things, businesses are punching holes in their own firewalls to provide suppliers with access to devices on their networks. This can open the door to criminals too if not done properly,” she said in a statement.

“It is imperative that companies regularly review their firewall policies to ensure they are as restrictive as possible and prioritize security over convenience. Once inside, it is relatively easy for hackers to take over connected devices and lie dormant before misusing those assets as part of a bigger hack or distributed denial of service attack at a later stage.”

Firms should look to invest in next generation firewalls, intrusion detection and unified threat management to mitigate these threats, Blizzard concluded. 

What’s Hot on Infosecurity Magazine?