Findings from business continuity and disaster recovery provider, Databarracks, uncovered the security and business continuity practices of UK organisations over the last year, and what they expect to change in the next 12 months.
Only 53% of organisations surveyed felt confident in the abilities of staff to tackle potential cyber threats against the business; the same figure achieved in 2016. And only 61% of organisations have reviewed their security policies in the last 12 months in response to a cyber threat. Ongoing employee awareness training was the safeguard most commonly invested in (34%).
>See also: The demand for cloud skills in the UK continues to rise
Peter Groucutt, managing director at Databarracks commented: “Unfortunately, we are in the midst of an arms race against cyber criminals. Threats are becoming more frequent and more sophisticated. Organisations are desperately trying to address this by improving preventative measures and investing in education for staff, but as the evidence from the research shows, this is in fact doing little to improve confidence. While undoubtedly this is a major concern for organisations, it’s important to recognise that the simple steps we take to better equip staff to address threats do have a real effect.”
Despite reviewing policies, a staggering 41% of organisations decided not to invest in any safeguards over the last 12 months to protect against evolving cyber threats. Viruses (44%); Spyware (30%); Ransomware (29%) and phishing attacks (26%) were the biggest cyber-attacks to impact organisations over the last 12 months.
“Phishing and whaling attacks, for example, remain one of the biggest threats to a business. Fundamentally these types of attacks are focused on people not technology, which is why it’s imperative that cyber awareness training is continually invested in,” continued Groucutt. “Over the past year we have seen businesses investing in cyber awareness training increase from 26 per cent to 34 per cent and next year we want to see this grow further.”
“Just like shoring up your IT infrastructure, the key to improving digital skills confidence amongst staff is more about regularity and consistency than a single grand gesture. It’s about embedding a culture of security, driven from the top-down and horizontally regarded as a critical priority.”
>See also: Cyber threats caused by failure to upskill IT staff
“Old norms must be challenged, ingrained responses and established processes must be shifted, for everyone. Directors must attend training sessions alongside new starters, and a culture of vigilance, transparency and accountability promoted at all levels, and within all teams.”
“In parallel to awareness training, there should be a corresponding tightening of information controls where needed. Workers, including senior managers, only really need access to small proportion of company data in order to work effectively. Ransomware propagates fastest when vulnerable senior staff possess needless administrator privileges. Proactively categorising users and limiting access to data shares appropriately can significantly limit the spread of malware around your network, and limiting threats amongst staff.”