Credits: NEWS STREAM
The results were released a month ahead of the deadline for the EU’s General Data Protection Regulation, which grants regulators the power to fine organisations up to 4% per cent of their turnover.
Big businesses identified an average of 12 attacks over the last 12 months, according to the survey, with 72 per cent identifying breaches. The average successful strike cost £9,620.
The survey shows that a significant number of organisations are failing to apply basic security measures. A third of businesses are failing to give staff advice about passwords, while one in ten large companies are not carrying out “health checks”, risk assessments or audits.
Organisations process personal data and let employees work on their own devices are more likely to be breached, and attacks are most likely to be launched via email, the survey shows.
Ciaran Martin, CEO of the National Cyber Security Agency, said most campaigns are not highly sophisticated: “Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses.”
Patrick Hunter, EMEA director at One Identity, told NS Tech: “As the report tells us, the attacks target the weakest link: us and our human nature. Why do some people still click on phishing links? Lack of education is the biggest culprit. The “phishers” are getting significantly better at making those emails look real, even making them look like they’ve been sent internally and those people using the technology need to be educated to keep up.”
Javvad Malik, security advocate at AlienVault, added that it isn’t feasible for companies to prevent every attack scenario: “It’s important to deploy robust monitoring and threat detection controls that can alert a company when an attack is underway or a breach has occurred.”
In the first quarter of 2018, attempted ransomware attacks in the UK were up 300 per cent compared to the same period last year, according to SonicWall. This increase was double the global average.