The top reason UK businesses are ‘up at night’ in terms of cyber security is because of untrained and malicious users, it’s claimed. Next come ‘Insider Threat Detection’ and ‘Credential Compromise’.
Ransomware has grown to include data theft and extortion to increase the chances of successful attack. The use of deepfake audio is now being used to trick users over the ‘phone, and attackers are no longer satisfied with raking in thousands of dollars when millions are plausible.
In response, IT has been tasked with establishing and maintaining a layered security strategy that protects the organisation and its users. But the ever-changing landscape of threats, attacks, and malware has some in IT deeply worried. Ransomware, phishing, business email compromise, and malwareless attacks are becoming greater in frequency, sophistication, and scope. That’s all according to a report by the security awareness training and simulated phishing platform KnowBe4.
As for compliance with data and related security regulations, the survey of some 200 Uk organisations found US-based regulations HIPAA and SOX that have both been around
for decades appear to be as much an issue for UK firms as newer regulations, such as the 2018 GDPR (EU-wide new data protection law).
The 13-page report can be viewed here: https://www.knowbe4.com/hubfs/WhatKeepsYouUpatNight-UK.pdf.
As KnowBe4 point out, almost every initial attack vector – emails, links, attachments, webpages — requires the interaction of a user, whether malicious or (above all) negligent or unwitting. As the survey put it, the C-Suite of UK firms is more concerned with strategy and any business disruption that may keep those initiatives from succeeding. IT generally concerns itself with a more tactical perspective around keeping the business running; hence by and large, IT staff concerns are misaligned with those of their executives.
Comment
Javvad Malik, security awareness advocate, KnowBe4, said: “When it comes to cybersecurity, it can often feel like a game of moving one step forward only to find that you have moved two steps back. Cyber criminals are relentless in their efforts, adapting and altering their strategies for maximum, personal gain. This report clearly demonstrates the many causes of concern, but more importantly, it’s a reminder that no organisation can afford to fall complacent; whether in implementing security policies or building a security culture.”
