Links within emails are perceived as posing the biggest cyber threat to UK businesses, according to a survey of 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia. When asked what they see as the biggest threat to their organisation, business decision makers ranked phishing emails as the top threat in all four surveyed regions.
Dr Guy Bunker, SVP of Products at info-security product company Clearswift, said: “Email security consistently rears its head as a key vulnerability in UK cyber defences. This highlights that businesses need to change the way they’re approaching the task of mitigating these risks. It is easy for a company to perform mock phishing exercises and physical penetration tests to assess vulnerabilities, however this underhanded approach to catch staff out may not always prove to be the best way forward. The approach should be twofold, focused on balancing education with a robust technological safety net. This will ultimately help ensure the business stays safe.”
A lax attitude by employees to sharing passwords was ranked second, as a source of cyber weakness, with one-third (33pc) of UK businesses listing this as one of the biggest threats. USBs sticks were the next offender, with 31pc of respondents highlighting USB/removable storage devices as a major threat. Ahead of the GDPR deadline in May, 30pc felt that employees not following data protection policies could be one of the biggest threats.
Failure by firms to cut off access to the network for ex-employees was next on the list with more than one in four (28pc) considering this a major threat. Introduction of malware via personal devices was also present on the list, with more than a quarter (26pc) highlighting this as a major threat to their organisation.
Despite some major hacks in 2017, hackers were only the seventh most selected threat, with 25pc of businesses flagging this as a major threat.
Other threats to feature included the use of non-authorised tools/applications for work purposes (25pc), including personal email drives and file sharing platforms. Threats coming from social media platforms, often used as a means of spear phishing, was a concern. UK businesses also saw stolen company devices as one of the biggest threats (23pc), with these devices often containing critical information.
Dr Bunker added: “With the knowledge that most information breaches are inadvertent, technology can so often provide a clear solution. Like our content aware Adaptive DLP suite, the solution should focus on preventing the information from leaking out, but also provide feedback to the sender to inform them that they have violated policy. This way, a business can work towards a safer environment and a more security conscious workforce.”
Business decision makers were asked to choose the threats that they saw as posing the biggest threats to their businesses.
Malicious links within emails – 59pc
Employees sharing usernames/passwords – 33pc
USBs/removable storage – 31pc
Users not following protocol/data protection policies – 30pc
Ex-employees retaining access to network – 28pc
Viruses via malware on personal devices – 26pc
Hackers – 25pc
Employees using non-authorised tools/applications for work purposes (personal email drives/File sharing) – 25pc
Social Media viruses – 24pc
Critical information on stolen devices – 23pc.
