• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events Digital Marketing Solutions Summit | Forum Events

Posts Tagged :

cyber security

Is your data safe? 80% of global organisations expect breaches of customer records

Trend Micro and the Ponemon Institute have revealed the findings of a study which discovered that 86% of global organisations expect to suffer a cyber attack in the next 12 months.

The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the first half of 2021 the CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.

The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk.

Organizations ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.

Key findings from the report include:

  • 86% said it was somewhat to very likely that they’d suffer serious cyber-attacks in the next 12 months, compared to 83% last time
  • 24% suffered 7+ cyber attacks that infiltrated networks/systems, versus 23% in the previous report.
  • 21% had 7+ breaches of information assets, versus 19% in the previous report.
  • 20% of respondents said they’d suffered 7+ breaches of customer data over the past year, up from 17% in the last report.

“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Jon Clay, vice president of threat intelligence for Trend Micro. “To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”

“Trend Micro’s CRI continues to be a helpful tool to help companies better understand their cyber risk,” said Dr. Larry Ponemon, CEO for the Ponemon Institute. “Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.”

Among the top two infrastructure risks was cloud computing. Global organizations gave it a 6.77, ranking it as an elevated risk on the index’s 10-point scale. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.

The top cyber risks highlighted in the report were as follows:

  • Man-in-the-middle attacks
  • Ransomware
  • Phishing and social engineering
  • Fileless attack
  • Botnets

The top security risks to infrastructure remain the same as last year, and include organizational misalignment and complexity, as well as cloud computing infrastructure and providers. In addition, respondents identified customerturnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks for organizations globally.

The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organizations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.

Ransomware

47% of employees in Marketing lacking cyber security skills

Cyber security remains one of the most challenging issues for business owners – large and small. And it seems data breaches cost UK enterprises an average of $3.88million per breach – according to IBM. 

And considering much of the global workforce is now remote, it has never been more important for employees to be cyber aware. 

Specops Software recently found that Clickjacking is the most common form of hacking in education at 66%. Whilst Phishing was extremely prevalent among other key industries at 71%.

This prompted the company to investigate the industries without sufficient cyber security training by surveying 1,342 businesses across 11 sectors across the UK. 

On average, just 41% of employees across all sectors surveyed have not been provided adequate cyber security training. 

It is perhaps unsurprising that those working in Travel and Hospitality have not been adequately trained against cyber threats (84%). It comes after EasyJet was recently targeted in a serious cyber-attack whereby email addresses and travel details for around 9 million customers was breached. 

In second place is Education and Training. 69% of respondents who work in this industry claim they have not been trained sufficiently against cyber threats – a worrying statistic as breaches compromise student and staff safety. In fact, cyber attacks have been increasing year-on-year as more instances are reported, with four key reasons attackers target educational institutions: DDoS attacks, Data theft, financial gain, and espionage. 

Other key industries that have not provided sufficient training include Marketing, Advertising and PR (47%), Medical and Health (42%) and Charity and Voluntary Work with 29%. 

Understandably, the sectors with far more stringent cyber security training processes include Legal Services (16%) and Recruitment and HR (19%). 

Specops also sought to find out if the level of cyber security training had changed since the beginning of COVID-19.

Out of the 1,342 respondents, the results revealed the following:  

  • I have been trained a lot more since COVID-19 – 21%
  • I have been trained a little more since COVID-19 – 37%
  • I have not been trained since COVID-19 – 42%
Business Sector% of businesses that have since implemented cyber security training sessions since COVID-19 
Education and Training76%
Medical and Health65%
Computer and IT39%
Travel and Hospitality37%
Customer Service23%
Creative Arts and Design22%
Charity and Voluntary Work15%
Marketing, Advertising and PR13%
Legal Services13%
Accountancy, Banking and Finance10%
Recruitment and HR8%

Specops Software found on average just 29% of business sectors have initiated additional cyber security training. 

94% of respondents claimed it was the responsibility of their company to keep them up to date with cyber security training, whilst 79% could not identify if they were hacked.

To further complement the survey, Specops Software’s Cyber Security Expert Darren James has provided some expertise:

  1. Why is it important for all employees to be trained?

The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved. Providing cyber security training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring to it via training at work, the less likely people in general will fall victim to these crimes.

2. Should companies integrate training on a regular basis and how often?

Generally, it’s a good idea to provide basic training to everyone, and to all new employees, so everyone is at least on the same page. Then, it is a good idea to promote awareness through the use of a good password policy, and maybe when IT experience interactions with users e.g. service desk/desktop support etc. provide further reminders where appropriate. Some “high risk” users such as IT admins, HR and finance teams should have regular awareness training.

3. What can companies do to ensure training is kept up to date, especially now everyone is working from home? 

Working from home represents another challenge when providing training. You can send emails out or put something on an extranet/intranet page, but let’s be honest not many people are going to willingly go and look. Try arranging a “working from home cyber security awareness” call if possible – whether it is per team, or with team managers who can then pass on key information. 

Please see the full research here: https://specopssoft.com/blog/uk-business-sectors-lacking-cyber-security-training/