Despite maintaining an improved security posture over last year, 2019 brings additional attacks with a higher price tag, causing the U.K. government to urge organizations to do more.
According to the U.K. Government’s 2019 Cyber Security Breaches Survey, U.K. organizations have improved their 2019 posture with added focus on policies, training, risk assessments, contingency plans, and more. These improvements have resulted in material reductions in experienced attacks in the U.K. from 43% of organizations in 2018 down to just 32% in 2019
But, with nearly one-third of organizations still experiencing attacks – with the average rising from 4 in 2018 to 6 in this first third of 2019 – the U.K. government is pushing for businesses to further improve their posture. Some of the more common attack vectors include:
- Phishing attacks (experienced by 80% of U.K. businesses)
- Impersonation in email or online (experienced by 28% of U.K. businesses)
- Viruses, spyware, malware, and ransomware (experienced by 27% of U.K. businesses)
These are the areas U.K. organizations need to focus their efforts around. To address these issues, we recommend the following layered approach:
- Malware et al can be addressed using a combination of antivirus, endpoint protection, email scanning, and web scanning solutions.
- Impersonation can somewhat be addressed with email scanning solutions.
- Both impersonation and phishing can best be addressed with Security Awareness Training – used to raise the employee’s focus on security and to have a vigilant mindset when interacting with email and the web.
With 78% of U.K. businesses stating that cyber security is a high priority for their organization’s senior management, we’re hopeful that security postures will improve, and the current downward trend of attack effectiveness will continue.