Radical changes required as two-thirds of UK businesses suffer cyber attacks

A radical change is urgently needed, if businesses in the UK are to protect themselves from cyber-attacks, Bromium co-founder and CTO Simon Crosby says.

These comments come at a time when new research has shown that two-thirds of large UK businesses have been hit by a cyber-attack in the past year alone.

“The findings confirm that the cyber security landscape in the UK is similar to other advanced nations: We are experiencing sustained targeted attacks that legacy detection technologies cannot see or stop,” he said.

“Organisations need to urgently adopt a new posture that protects endpoint systems by design using virtualisation based security. It is unrealistic to expect that OS vendors or application vendors can stay ahead.”

According to the government research, just half of all firms have taken government-recommended actions to protect themselves. These breaches cost victim businesses millions of pounds.

Phishing Campaigns

"The fact that nearly seven out of ten attacks on all firms involved viruses, spyware or malware doesn't surprise us as it’s what we hear from customers and see in our own research,” said Rohyt Belani, CEO and co-founder of PhishMe.

“The problem for many is that these infections are often spread via phishing campaigns, and nearly all will be successful as they bait users to open tainted emails that often bypass stringent technology layers to reach the user’s inbox. Employees can be too busy, distracted or trusting to give much thought to the possible risks.”

“While any Government backed initiative does help raise awareness of the cyber security risks and rewards, it is not going to magically protect organisations from those threats.”

The government is urging businesses to better protect themselves, saying most common attacks could have been prevented using the Government’s Cyber Essentials scheme.

“Organisations need to accept that technology and frameworks alone are not enough,” Balin added. “It’s essential that companies condition and empower their employees to not only recognise and avoid a phish when they encounter one, but to report malicious emails internally – sourcing a bevy of rich human intelligence essential for improving incident response times and thwarting phishing attacks before they become successful. Since attacks often target groups of people across an enterprise, employees quickly become the last line of defence and should be properly prepared.

"For every suspicious email reported, it helps prevent the rest of the staff by being caught in a malware trap because security operations is aware of what the phishing email looks like and can respond appropriately."

Image Credit: Shutterstock / CobraCZ