It’s no longer a question of if your company will be attacked but when. Cybercrime is one of the fastest growing forms of criminal activity. The latest statistics from the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) highlight that 59% of medium sized firms experienced a cyber-attack in the last 12 months. A figure that rises to 72% in larger organisations.
The Human Threat
Adversaries are constantly looking for new opportunities to attack and threats are getting smarter, harder, and faster to beat. However, the 2022 DCMS Cyber Security Breaches Survey unveils bad actors are still largely targeting people instead of infrastructure. For those medium and large businesses that identified an attack, the most common threat vectors were phishing attempts (94%) and impersonation campaigns (63%).
Phishing campaigns are evolving, and cyber criminals are getting increasingly sophisticated, often using relevant news and trends as click bait. COVID-19, humanitarian efforts in Ukraine and even popular sporting events have all been used to lure victims into clicking a malicious link or opening a corrupted attachment on email.
Are Businesses Losing the Fight?
Our own research of 200 UK mid-market businesses shows that with the prevalence of phishing, spear phishing and business email compromise, mid-sized organisations are exposed. Only half (51%) can block ‘dangerous’ attachments from reaching the email inbox of users. Just over a third (35%) can quarantine suspicious or malicious emails and only 29% can protect against instances of CEO fraud. For example, where attackers compromise an email account and request rapid payment of fake invoices with a simple email.
More worryingly, our research shows that just over a third (37%) can prevent cross-channel attacks. This means organisations are particularly vulnerable if an attack starts over email but then continues over the web or cloud applications. A growing threat given the range of digital touch-points – web, cloud, network, remote access, connected devices and supply chain ecosystems – that businesses are relying on for everyday operations.
Future-proofing Cybersecurity Strategies
The good news is that businesses do recognise the threat from cyber. In total, the DCMS research found that 48% of medium firms and 57% of large firms have a cybersecurity strategy compared to 23% of businesses overall. However, our research shows that nearly half (45%) of mid-market businesses do not believe their current cybersecurity strategy is future ready.
So, What can Businesses Do?
Start by taking back control and protecting users from traditional email threats including spam, viruses, large-scale phishing attacks and malicious URLs. Secondly, close any gaps that exist in existing security postures by integrating attack intelligence across email, web and cloud using identity and context. Finally, prevent cross-channel attacks with an autonomous security engine that can respond to any threats at machine-speed.
The digital world that we live in means cybersecurity will remain a long-term issue. And with the DCMS revealing the average cost of a data breach for a medium or large business sits at £8,040, businesses need to get cybersecurity right. And get it right today.
To find out more about the current threats targeting UK businesses and how to develop effective cybersecurity strategies that eliminate the gaps in defence then read our report: The UK Mid-market on Code Red.