Case Studies

Cyber-attack business survey

by Mark Rowe

One in five businesses (20pc) have fallen victim to cyber-attacks in the past year, according to the results of a survey by the British Chambers of Commerce (BCC). Big businesses are far more likely than their smaller counterparts to be victims of attacks (42 per cent of companies with more than 100 staff, compared to 18pc of companies with fewer than 99 employees).

The BCC says that the results indicate that businesses are most reliant on IT providers (63pc) to resolve issues after an attack, compared to banks and financial institutions (12pc) or police and law enforcement (2pc). The findings suggest that one in five, 21pc of businesses believe the threat of cyber-crime is preventing their company from growing.

The survey also shows:

– Only a quarter (24pc) of businesses have cyber security accreditations in place
– Smaller businesses are far less likely to have accreditation (10pc of sole traders and 15pc of those with one to four employees) than big businesses (47pc with more than 100 employees).
– Of the businesses that do have accreditations, half (49pc) believe it gives their business a competitive advantage over rival companies, and a third (33pc) consider it important in creating a more secure environment when trading with other businesses

From May 2018, all businesses who use personal data will have to ensure they are compliant with the European Union’s General Data Protection Regulation (GDPR) that will update UK data protection law.

Dr Adam Marshall, Director General of the British Chambers of Commerce (BCC), said: “Cyber-attacks risk companies’ finances, confidence and reputation, with victims reporting not only monetary losses but costs from disruption to their business and productivity. While firms of all sizes – from major corporations to one-man operations – fall prey to attacks, our evidence shows that large companies are more likely to experience them.

“Firms need to be proactive about protecting themselves from cyber-attacks. Accreditations can help businesses assess their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online.

“Businesses should also be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties.

“Companies are reporting a reliance on IT support providers to resolve cyber-attacks. More guidance from government and police about where and how to report attacks would provide businesses with a clear path to follow in the event of a cyber-security breach, and increase clarity around the response options available to victims, which would help minimize the occurrence of cybercrime.”

About the survey

The British Chambers of Commerce (BCC) surveyed 1,285 business people from all regions of the UK online in January 2017 to understand how cybercrime is impacting on UK businesses. Of the businesses surveyed, 96pc were SMEs; 22pc operate in the manufacturing sector, and 78pc in the services sector. Visit: www.britishchambers.org.uk.

Comment

Mark Stollery, Managing Consultant, Enterprise and Cyber Security, UK and Ireland at Fujitsu, said: “News that one in five British companies have been subject to cyber-attack illustrates that as a nation we are still failing to get on top of cybercrime. It is interesting however that only one in five businesses have said that they have been hit by a cyber-attack, and begs the question of whether they actually understand what a cyber-attack looks like? Phishing attacks for example hit every business, large or small, and are a primary method of attack to compromise a network, yet if a business doesn’t classify it as a cyber-attack then it will go under the radar and play down the serious and volatile landscape all businesses now reside in.

“Every business has a target on its back in today’s digital currency era and it is imperative therefore that organisations both large and small take a proactive approach when it comes to security. Organisations need to think about what data they need to protect and focus on the integration of threat intelligence and other information sources, to provide the context necessary to deal with today’s advanced cyber threats. They also need to be astute as to what third party organisations they work with and ensure they don’t pose a security threat, as hackers will look for back doors into an organisation through suppliers that might not have as tight security precautions.

“Additionally, there must also be a clear and well-rehearsed crisis management plan for a breach, addressing internal and external communication to ensure swift and effective mitigation occurs; limiting the impact on business availability and integrity and ultimately reducing the cost of a breach on many levels. As the increase in sophistication and regularity of security attacks continues, it has never been more important for organisations to ensure that security is on the boardroom agenda and be confident the challenge is being addressed appropriately.”

Stephanie Weagle, VP at Corero Network Security, said: “Attackers will always find new exploits, and new attack methods of disrupting financial opportunity, extortion, accessing personally identifiable data, and disrupting an organizations online availability. Cyber-attack activity is prevalent today, more than ever – especially when it comes to DDoS attacks.

“While the Internet has been fighting off DDoS attacks for over a decade, these denial of service attacks are taking center stage as the techniques have become much more sophisticated in nature. Coupled with the ease of securing DDoS-for-hire services, access to massive botnets, and unlimited motivations we are seeing a far more dangerous concoction of attacks taking down major institutions.

“This elevation of risk comes at a time when DDoS attacks continue to increase in frequency, scale and sophistication over the last year. 31 percent of IT security professional and network operators polled in a 2017 survey conducted by Corero experienced more DDoS attacks than usual in recent months, with 40 percent now experiencing attacks on a monthly, weekly or even daily basis. To alleviate this problem, 85 percent are now demanding additional help from their ISPs to block DDoS traffic before it reaches them.

“The biggest DDoS risk factor, which was cited by almost half of the respondents (45 percent), was the potential for loss of customer trust and confidence. Lost revenues were also a serious concern (cited by 17 percent), while malware infection (15 percent) was also seen as a potential problem.”

Related News

  • Case Studies

    Green award

    by msecadm4921

    The control room furniture manufacturer Winsted EMEA has gained ISO14001:2004 certification. The company says this shows its environmental responsibility and builds on…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing