Over the past three years, over 50% of large organisations around the world have suffered from a cyber-security breach. While increasing security is a top priority for most businesses, squeezed budgets and inadequate cyber training are creating opportunities for determined criminals.
Hacked Off! 2019 by Bitdefender surveyed large organisations across the US, Europe, Middle East, Africa and Asia-Pacific to determine their biggest threats, how they rated their cyber-security and what barriers were preventing them from improving.
The report asked cyber-security professionals which type of attack they felt posed the biggest threat to their business. The most popular answer was a mixture of phishing and whaling attempts with 36%, followed by Trojans with 29% and Ransomware with 28%.
The National Centre for Cyber Security describes whaling as:
“A highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.”
While cyber-security skillsets have grown in effectiveness over the past 5 years, the threat landscape has only become more dangerous and complex, meaning even the smallest gaps can be exploited.
As new avenues emerge for cyber-attacks, plugging every hole isn’t always an option. However, InfoSec teams can assess the biggest threats to their systems and begin there.
Bitdefender’s report explains how organisations can strengthen their security:
“No organisation is impervious to a data breach, but by understanding how both cybersecurity professionals and IT departments view risk, some clear weak spots start to emerge — both on an organisational and individual level. Highlighting areas for improvement can only happen through increasing visibility.”
While many high-profile businesses around the world have fallen victim to cyber-attacks, the report found a decrease in the number of companies suffering from a data breach. 39% of companies in the report admitted they’d been a victim in 2017, while in 2019 this dropped to 24%.
However, 36% of InfoSec professionals believe their company could be facing a cyber-attack without knowing about it. So, while the figures are showing an overall decrease, it could be due to the latest breaches becoming more advanced and harder to detect.
As expected, different industries have different views on what they believe the main consequences of a cyber-security breach to be. In the manufacturing sector, 52% saw business interruptions as the main issue. Meanwhile, most of the retail sector believed it to be a loss in revenue.
Surprisingly, only 27% of all respondents saw legal fees and penalties as the main consequence. Considering the introduction of GDPR can see organisations paying up to €10 million or 2% of their annual turnover, this would have been expected to be a higher concern for companies.
In October, the legislation showed how serious it is when it comes to the security of data and the latest case saw a Swedish secondary school fined roughly £16,000 for misusing sensitive, personal data.
As cyber-security threats continue to evolve and adapt, it can seem like businesses are permanently on the back foot. However, the decrease in breaches over the past 3 years shows that progress has been made. While smaller companies have greater challenges, a mixture of automation and greater awareness throughout a business are helping the world prepare.
At Senitor, we’ve been working throughout the IT sector for over 20 years. In this time, we’ve seen the role of cyber-security professionals change to meet new demands. So, if you need to add InfoSec talent to your team, or you’re looking for the next challenge, then get in touch today and see how we can help.