Two new cybersecurity studies graphically illustrate the growing online threats facing UK companies, as they report that businesses are now attacked every minute, and identify the finance sector as the top target for hackers.
Both studies agree that employer education is absolutely key in minimising the threats posed by online attacks.
Beaming, an Internet Service Provider for UK businesses, has been carrying out a Cyber Threat Report for the past three years, with the latest edition covering the first quarter of 2019. The results make for worrying reading: UK businesses were subject to 119,659 internet-borne cyber-attacks each, on average, during this period. To put this into context, it equates to one every minute, which is more than double that experienced in the first three months of 2018, when companies were attacked online 53,981 times on average.
Between January and March 2019, Beaming’s cyber security analysts identified 442,091 unique IP addresses that were being used to launch cyber-attacks over the internet on UK businesses.
In terms of origin, 51,004 of these could be traced to locations in China, a large amount of attack activity originated in Brazil (32,386) and Russia (31,131).
Sonia Blizzard, Managing Director of Beaming, warned business leaders to be wary of the high rate of attacks, advising them to “take cybersecurity seriously, educate employees and put in place security measures such as managed firewalls to ensure they don’t expose themselves to undue risk”.
Meanwhile, NTT Security’s 2019 Global Threat Intelligence Report reveals that the finance sector is currently the victim of 30% of all cyber-attacks in EMEA, knocking business and professional services off the top spot, which was last year’s most attacked sector at 20%.
Education and government are both new to the top five most attacked sectors, due to continued long-term activity against those sectors, whilst the other sector in the top five is technology. Together, these five sectors account for 66% of all attacks, supporting trends suggesting that attackers continue to focus on specific sectors.
The same report also found that web application attacks are the most common, almost doubling over the past year from 22% to 43%. Web attacks combined with reconnaissance, service-specific attacks and brute-force attacks actually account for 73% of all hostile activity.
Both reports highlight the importance of employee education as a tool for combating cyber threats. In particular, organisations should:
• Train employees to be aware of the most common threats that may target them, and how to handle those threats
• Teach employees to report anything that ‘just doesn’t seem right’
• Help employees to be ambassadors for the security program, making it part of the culture rather than a task.
Finally, architecture is the key to success and this not only applies to the technology side of managing risk, but also to implementing and enforcing appropriate policies and procedures to drive successful deployment, improvements and maintenance.
European Product Manager