As we become ever increasingly reliant on technology for our day to day business needs, it has become more and more important to ensure we take all necessary precautions to ensure our data and systems are safe and secure.
Recently we have undertaken some research to gather some statistics* regarding issues regarding IT security that businesses have encountered and the results make for startling reading, for instance:
- 90% (up 81% from 2014) of large business and 74% (up 60% from 2014) of small business had a security breach of some type.
- The worst security breaches of the year cost large business £1.46m – £3.14m and small business £75k – £311k
- 69% (55% – 2014) of large business and 38% (33% – 2014) of small business – were attacked by an unauthorised outsider in the last year
- 75% (58% – 2014) of larger business and 31% (22% – 2014) of small business – had staff related security breaches in the last year
- Many organisations suffered an infection by malware, with large organisations 84% ahead of their smaller counterparts 63%, this was also an increase in the equivalent 2014 figures of at least 15%.
*Statistics courtesy of PWC 2015
People are seen as the main vulnerability to a secure business. Respondents believe that inadvertent human error (48%), lack of staff awareness (33%) and weaknesses in vetting individuals (17%), were all contributing factors in causing the single worst breach that organisations suffered. Furthermore, 28% of respondents reported that the worst security breach was partly caused by senior management giving insufficient priority to security within their organisation.
Also, a recent study shows that almost 40% of businesses were hit by the popular form of attack, ransomware – attacks that encrypt critical files and demand payment to supply the decryption keys.
More than one third of those hit lost revenue and 1 in 5 were forced to close down as a result.
The report, based on a poll of more than 500 IT leaders in the UK, Germany, the US and Canada, revealed that more than 20% of attacks demanded $10,000 or more, and 1% asked for $150,000 or more.
The UK reported the highest proportion of ransomware attacks, with 54% of the companies polled affected, despite 87.2% of respondents saying they were confident in their ability to stop attacks.
Businesses are unprepared for future strains of more sophisticated ransomware, according to the Cisco 2016 Midyear Cybersecurity Report.
Fragile infrastructure, poor network hygiene and slow detection rates are providing ample time and air cover for adversaries to operate, the report said. UK respondents had the lowest percentage globally in terms of awareness of which device the ransomware had used to enter the organisation, with 22% saying they had no idea whatsoever.
World-wide, more than 40% of victims paid the ransom demands, but 58.2% of the UK firms polled had paid the ransom, the second-highest percentage in the international research base and 21 times higher than their US counterparts. As a result, the UK recorded the highest amount of revenue lost worldwide, with 60% saying the attack cost the company financially, almost 10 times more than their US counterparts.
Surprisingly, despite the report’s findings, UK IT managers were also the least likely to put any kind of ransomware training or awareness in place.
The study revealed that companies are spending a significant amount of time on resolving issues, with more than 60% of attacks taking more than nine hours to put right, and some even taking more than one business day to fix all affected endpoints.
The most popular way of addressing the problem is not through protection, but by backing up data, according to more than 71% of those polled.
“The results from this survey further emphasise that any business in any region is incredibly vulnerable to ransomware,” said Marcin Kleczynski, CEO of Malwarebytes. “Cyber criminals are increasing their use of ransomware in their attack strategies globally, causing business disruption, loss of files and wasted IT man-hours.” To stay safe, businesses must invest heavily in employee education and technology, said Kleczynski.
Businesses across the UK must become more vigilant and follow certain steps so that in the event of a cyber attack, they can mitigate it effectively, says Andy Buchanan, area vice-president for the UK and Ireland at security firm RES.
“This includes educating staff to the point where they understand threats and don’t fall prey to the phishing emails that quite often launch ransomware attacks,” said Buchanan. “They should also ensure proven technology approaches are used – such as whitelisting, permission-based access, read-only blanketing and revocation of access.”
With this in mind, here is our list of six IT security tips to help make you working environment a safer place:
- Employee Awareness & Training. There are countless resources for basic training on good employee practices. Having employees trained and aware of the threats on the internet (and email) is half the battle to keeping your business’s systems secure.
- Website Filtering. Do you control what employees can do on your computers? You should! Filtering out certain sites and blocking certain types of content can greatly reduce the likelihood that employees are able to inadvertently introduce viruses and “malware” onto your network.
- Email & Spam Filtering. Don’t rely on employees to know what is safe or not. Most service providers now offer this for free. By limiting the types of content and attachments which can be sent or received, you can greatly lower the chances that someone accidentally opens a bad file while at work (or home.)
- Antivirus & PC Support. There is no excuse for every PC on your network NOT having Anti-virus and NOT being set to receive automatic updates. Out of date software is one of the most common ways PCs become infected. If you have employees with laptops this is a must-have.
- IT Security Healthcheck. Have a reputable consultant conduct a health check – they review your systems and documentation and can generally give you an action-plan in as little as a week.
- Insurance. Lastly, insurance. Many providers now offer IT Security breach or insurance coverage as a rider to your existing liability policy. Breaches not only cost you money in lost revenue and customers, but can cost enormous sums to clean up.
If you would like to arrange an IT Security Healthcheck or discuss any aspect of computer-related security with us at Deep South, then please contact us via e-mail at firstname.lastname@example.org or by telephone on 020 325 5000.
We look forward to working with you.
© Deep South IT 2016 www.deepsouth.co.uk