Is cyber-crime the exclusive preserve of big business and multi-national companies? The answer to that is obviously not, though they do seem to attract a disproportionately large number of hackers. Given the assets of these corporations that’s hardly surprising. The only crumb of comfort for these larger corporations is that the latest Information Security Breaches Survey by the PwC and Department for Business, Innovation and Skills found that the number of breaches affecting the UK’s larger businesses had decreased slightly during the course of 2013: the current figure stands at 81 per cent, down from 86 per cent in 2012. However, it’s worth noting that while the overall number of big business cyber-attacks appears to be decreasing, the overall cost of each attack is escalating dramatically: costs for 2013 are estimated to be in the region of between £600,000 and £1.15 million, up from £450,000 to £850,000 for a typical large-scale breach.
What about smaller businesses? How are they coping with seemingly-rampant cyber-threat? Well, according to the Survey, 60 per cent of the UK’s smaller businesses were affected by a cyber-attack during the course of 2013 – down from 64 per cent in 2012. However, whilst that decrease may also be encouraging, the cost of these attacks is also on the increase. The average cost of cyber-attacks on SMEs in 2013 was estimated to be in the region of between £65.000 and £115,000 – up from £35,000 to £65,000 the previous year.
So where are these threats coming from? PwC and DBIS found that the majority of the most serious attacks and security breaches came from external sources. The primary source of threat was found to be the use of malicious software, particularly in attacks targeting larger organisations. The figures show that 55 per cent of large businesses were attacked by an unauthorised outsider in 2013 – down from 66 per cent in 2012. However, 73 per cent of large corporations were affected by virus infection or malicious software in 2013: an increase of 14 per cent on 2012. The figures for DDoS attacks on large organisations remained broadly constant.
What should be of greatest concern to large organisations in particular is that penetration attacks appear to be on the increase. 24 per cent of large organisations detected that outsiders had successfully penetrated their networks in 2013 – up from 20 per cent the previous year. What’s more, the theft of intellectual property and confidential data from large businesses also increased from 14 per cent in 2012 to 16 per cent in 2013.
The news for smaller businesses is slightly more encouraging, though the threat is still persistent. 33 per cent of small businesses were attacked by an unauthorised outsider in the last year – down from 43 per cent a year ago. 16 per cent of SMEs were hit by denial of service attacks in 2013 – a reduction of 7 per cent on 2012. However, the percentage of SMEs attacked by infection from viruses or malicious software in the 2013 remained broadly similar: 45 per cent as opposed to 41 per cent. Network penetration figures were down by 3 per cent on 2012, whilst the theft of confidential data and intellectual property from small businesses reduced by 5 per cent.
PwC and DBIS also were also able to offer further good news, as staff-related breaches had dropped significantly in 2013. Never the less they found that staff still played a key role in security breaches. 58 per cent of large organisations suffered staff-related security breaches in 2013 (down from 73 per cent a year ago), whilst 22 per cent of small businesses suffered staff-related security breaches (down from 41 per cent in 2012). 31 per cent of the worst breaches were caused by inadvertent human error, whilst a further 20 per cent were caused by staff deliberately misusing systems.
Whilst the latest figures might on the face of it seem to be encouraging, PwC and the Department for Business, Innovation and Skills stress that now is not the time for complacency. They estimate that larger organisations will face on average around 16 cyber-attacks during the course of 2014, whilst smaller businesses will be subjected to 6. The conclusion the report reaches is that whilst businesses may be getting to grips with the menace of cyber-threat, it would be counter-productive for businesses, regardless of their size, to be stinting on cyber-security. Hackers are using increasingly sophisticated methods to target assets and data, so it’s incumbent on businesses to respond with equally-sophisticated security solutions and to manage risk more effectively.
If you are concerned about the security challenges facing your business today, then why not speak to Krypsys? Krypsys’ services are focused on helping you assess your security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services.We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.
Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].