The UK Government have released the 2021 Cyber Security Breach Data Report showing the cyber trends for businesses and charities in the UK, and it is an interesting read for us all.
The good news is the percentage of businesses identifying cyber security breaches is down from 2020 which was 46% to now 39% in 2021. There is still room for improvement to reduce this number further starting with increasing awareness and a proactive approach.
Here we share the trends identified, followed by tips on how to reduce the risks within your organisation.
A low 14% of businesses reported training staff on cyber security resilience, and just 20% have tested their staff responses, for example to mock phishing scams.
Awareness is key within any organisation for prevention, and this can be implemented by a range of different resources – an online staff training programme or regular presentations from your inhouse cyber specialists could be useful.
With phishing scams accounting for over 80% of identified attacks, we would like to share with you our partners at Cofense. Their leading intelligence software solution allows your people to recognise phishing attacks and stop them in minutes. Cofense’s end-to-end phishing defence solution combines cutting-edge technology with collective human intelligence to protect your organisation from inbox to the Security Operations Centre. Offering exclusive deals via our website, click the button below to find out more.
With resources stretched and other priorities taking over, the survey identified that fewer businesses are up to date with their cyber protection. Only 83% reported up to date malware protection, down from 88% in 2020, and only 78% for network firewalls compared to 83% in 2020.
Testing, regular updates and monitoring is key to ensuring your cyber security practises are up to date. Making all staff aware of keeping their devices updated and taking the time to complete the updates when one becomes available is good practise.
As an additional measure if you have the resource available, scheduling a monthly testing and monitoring session where all protections and firewalls are checked is another way of reducing your business risk to cyber crime.
Fewer firms have rules in place preventing staff using personal devices for work, now 64% in 2021 from 69% in 2020.
The increase in home working due to the pandemic has likely impacted the number of staff using their own devices for work. If your organisation requires this type of working, make sure that controls are put in place to reduce risk.
Ensure that phone devices used are within their support period, for example the iPhone 6s is due to run out this year and will be more vulnerable to risk.
Similarly, if your colleagues are using their own laptops, ensure their version of Windows is current and advise on regular updates. A strong anti-virus and malware protection would also be a good measure to ensure all hardware is secured.
Of the organisations surveyed, only 31% had business continuity plans that included cyber security and just 15% had completed an audit of their cyber security vulnerabilities.
These low statistics will directly impact the number of breaches occurring. Without audits completed to identify risks and then plans in place to prevent or reduce the impact, it is likely organisations are falling short of basic cybercrime preventative measures.
If you are not yet identifying and assessing risks, as a starting point we would recommend working through the five controls of Cyber Essentials, a UK government scheme to enhance the cyber security within organisations, suitable for any size or sector. Whilst this a UK-based scheme, organisations worldwide are also implementing the controls as good practise.
The five controls include:
You can find out more about the scheme via our simple guide to Cyber Essentials.
Despite other priorities this past year (global pandemic), 77% of businesses identify cyber security as a high priority within their senior management. (Up from 69% in 2016).
Regardless of good intentions, it can be often difficult to know where to start or what controls to put in place depending on your circumstances.
As mentioned above if you are new to cyber security, Cyber Essentials is a good starting point. However, if your organisation requires a more thorough approach aligning or certifying to ISO27001 for Information Security Management is a good option. It is a risk-based approach and helps identify potential issues and solutions within your business in a controlled and accountable way. You’ll be required to work through the 114 reference controls contained in Annex A. This is a set of good-practice ideas that you can use to make your organisation more secure, and they are organised into 14 areas such as information security policies, human resource security, access control and incident management, to name but a few.
You can find out more about the standard via our simple guide to ISO27001.
We have complete toolkits to assist complying to Cyber Essentials and ISO27001. Written by a CISSP-qualified audit specialist with over 30 years’ experience, our toolkits include all the documentation and guidance you will need without having to hire a qualified cyber security expert.