Early April, the annual ‘Cyber Security Breaches Survey 2019’ was released by the Department of Digital, Culture, Media and Sport.
This shows that in the last year, 32% of businesses in the UK experienced cyber security breaches or attacks, hitting 2 out of every 10 charities across the country and seemingly targeting medium to large business and high-income charities.
Although the number of businesses identifying these breaches and attacks are fewer than previous years (43% in 2018 and 46% in 2017), the companies which have identified them are typically experiencing multiple attacks. There were over 10% of businesses which reported experiencing an attack or breach at least once a day.
This would suggest that Cyber-attack trends are changing from attempting to attack a large number of businesses, to targeting a smaller number of business multiple times in the hope for a higher chance of success. This could also be due to the introduction of the GDPR compliances in May 2018 and thus organisations introducing additional security measures, OR companies being less willing to admit they have experienced a cyber security breach.
According to the survey, 80% of these attacks have been identifies as coming from phishing attacks (81% for charities) then 27% coming from viruses, spyware or malware, including ransomware attacks (18% for charities) which has consistently dropped since this started being recorded by the survey in 2017.
Phishing attacks, as well as being the most common type of attack, were also the attacks which caused the most disruption in businesses and charities through fraudulent emails and companies being directed to fraudulent websites.
On average cyber security breaches or attacks cost between £4,180 and £9,470 to businesses and charities respectively in lost data, time or assets.
It was found that the less common types of attacks such as spyware, malware or ransomware caused more negative effects that the more common phishing attacks. This means that while they are rarer attacks, they have a more significant effect on the company should they occur and therefore should be looked at in just the same importance to prevent.
There are multiple things that companies can do to protect against cyber-attacks across their company, from the policies and procedures that you have in place to the network precautions you implement such as Antivirus, Web Filtering, Firewall, etc.
ESP are able to complete an assessment on your network to identify any areas which could potentially be at risk of being infiltrated or attacked and recommend solutions to improve the security of your network moving forward in the future. If you would like more information on an assessment on your network please contact us on 0330 2020 118 option 1 or email us at email@example.com.