Today's report that two-thirds of British businesses have been hit by a cyber attack in the last year has again highlighted just how seriously cyber security needs to be taken by businesses of all shapes and sizes.
Following the news, various industry professionals have offered their thoughts on the current security landscape and what businesses can do to protect themselves.
David Navin, Head of Corporate at Smoothwall:
“It is astonishing that half of UK businesses are not tackling the ever growing threat. It is now not about if a cyber attack occurs, but rather, when. In this digital age companies must have a robust security system in place in order to protect themselves once they fall victim to an attack. It is essential that they start with the basics. Beginning with a firewall, encryption and good security software, if companies have those measures in place and continue to layer on top of that, then it will reduce the chances of a data breach or attack.
“However security needs to be taken seriously throughout companies by all of their staff. It is common knowledge now that the majority of security breaches occur due to human error. Ensuring a strong security culture is instilled throughout the workforce therefore is vital to ensure staff are constantly vigilant and aware of the threats. Security needs to be taken seriously at all points of the organisation, to ensure that all employees understand the risks of their actions and know the security processes in place should an incident occur to mitigate the risks.”
Simon Crosby, CTO and co-founder, Bromium:
“The findings confirm that the cyber security landscape in the UK is similar to other advanced nations: We are experiencing sustained targeted attacks that legacy detection technologies cannot see or stop. Organisations need to urgently adopt a new posture that protects endpoint systems by design using virtualisation based security. It is unrealistic to expect that OS vendors or application vendors can stay ahead. A radical change is urgently needed.”
Rob Lay, Customer Solutions Architect in UK & Ireland at Fujitsu:
“The fact that two thirds of businesses in Britain have been targeted by cyber-attacks in the last year should come as no surprise. You just need to take a look at the amount of companies being hit by attacks to see the rapid growth of fraud, malicious intent and attack capabilities. What is more shocking is that half of firms are still not tackling this issue. According to Fujitsu’s predictions report, we can expect a growth of DDoS attacks, insider threats and also phishing in the next year, and as such everyone should be doing more to prevent theft.
“Because of this, it’s vital both consumers and organisations take a proactive approach when it comes to security. Organisations need to focus on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats. There must also be a clear and well-rehearsed incident management plan for a breach, addressing internal and external communication in addition to containment and recovery activities.
“As the sophistication and regularity of security attacks continue to increase, it has never been more important for both consumers and organisations to protect their assets appropriately.”
Lee Meyrick, Director of Information Management at Nuix:
"Information transparency can have huge impact on how secure an organisation is from data breaches - whether these are internal or external - and how effectively it can respond to incidents.
"The key principle is making sure the only people who can access high-risk data are those who need to for day-to-day work. In order to achieve this, information security, information governance and records management specialists need to become “good shepherds” of their data. They should know where all their sheep are, segregate them into separate fields, make sure the fences between fields are sound and regularly check to ensure the sheep are healthy. In this way, even if a wolf manages to get into one of the fields, most of the flock will be safe.
"Information governance technology can locate data “in the wild” and move them to controlled, siloed repositories protected with encryption, access controls and retention rules, and apply policies to ensure only authorised staff members have access to important information using devices appropriate for the type of data."
Piers Wilson, head of product management, Huntsman Security:
“The UK Government’s survey findings should be a bit of an eye-opener for all businesses, but in some respects it’s just the tip of the iceberg. The timeframe between when businesses are breached and when they detect the intrusion is getting a lot wider, so in all likelihood there are a lot more breaches and attacks out there that the victims don’t know about. As such, the reality is that the two-thirds figure we see here is probably optimistic – that number is actually a lot higher.
“The problem is that attackers are getting so much more sophisticated in how they launch attacks, deliver malware and access their victim’s data. It is now relatively easy for those in the know to sidestep antivirus software or intrusion detection systems (IDS) and access or steal data without anyone realising. The only way we’re going to turn the tide is if we evolve the way that we protect ourselves.
"Rather than using defences that are on the lookout for just the threats we know about, businesses need to start building systems that harness machine-learning and artificial intelligence to predict what will come next. By baselining ‘normal’ systems activity, businesses can detect in real-time any anomalies that indicate suspicious activity that their security teams need to investigate.”
Chris Boyd, malware Intelligence analyst at Malwarebytes:
"Providing a secure, layered approach to business networks is becoming increasingly difficult, especially once you factor in elements that exploit the human angle such as social engineering, and business email scams which target employees with fake missives from the CEO.
"While the National Cyber Security Centre is a good idea, one of their first projects will be providing advice to the financial sector, which is arguably already a lot more secure than the SMEs across the country, which often possess little to no resources - or, indeed, any idea about the types of threats attacking them on a daily basis. It remains to be seen if the areas of business selected for help initially are the right choices to get the ball rolling."
Matthias Maier, Security Evangelist, Splunk:
"This research shows that organisations need to improve their early detection and effective response capabilities. The ability to answer any question about what happened in your environment will allow you to spot a breach early, fully understand how it occurred and take action to make sure the attack pattern doesn’t happen again.
"Big businesses carry a goldmine of data and will continue to be targeted by attackers. Only if an attack or breach is fully investigated can an organisation properly communicate the impact to the boardroom, and execute security optimisations to improve their security posture overall.”
Image source: Shutterstock/alexskopje