Hackers are shifting from “big-game” to mid-sized targets
The UK is a popular target for cyber-attacks. It is now the third most targeted nation by hostile states, according to cabinet minister Steve Barclay. In response, laws are being reviewed to boost British business’ cyber resilience. In February 2022, the UK’s National Cyber Security Centre (NCSC) in partnership with the Federal Bureau of Investigation (FBI), National Security Agency (NSA) and Australian Cyber Security Centre, advised that hackers were shifting from “big-game” to mid-sized targets.
The State of the UK’s Cyber Security Response
A study that investigated the state of the UK’s cyber security response, published in March 2022 by Censornet, revealed that mid-market organisations in the UK suffered significant financial and operational damage as a result of cyberattacks in 2021. One in three (33%) mid-market organisations suffered an outage that knocked them offline for more than a day. Only half were able to prevent malicious attachments from reaching users’ inboxes. Shockingly, one in five (21%) were forced to pay hackers to deactivate ransomware. As a result, the top wish for cybersecurity in 2022 was to see security vendors open up traditionally closed point products to enable an automated response to cyber-attacks.
Cyber attacks causing major damage
The report highlights that the UK mid-market is on Code Red. Despite concerted efforts to protect themselves, mid-market organisations continued to feel the sting of cyberattacks in 2021 - often due to cross-channel attacks, which only 37% of organisations felt they had the ability to prevent. These incidents were driven in part by the unwitting insider threat: 17% of all respondents reported serious attacks after employees opened suspicious or malicious emails, with that number rising to 28% for businesses turning over more than £51 million.
Ransomware also posed a particularly serious threat, with more than two thirds (69%) of organisations feeling unable to protect themselves against it. Of those that suffered a ransomware attack and paid the ransom, the average pay-out was £144,000, with 7% of those handing over more than £500,000.
Overcomplicated security driving high levels of stress
Given the damage, organisations are investing in large numbers of point products to tackle their risk. The average number of security products managed in a single organisation stands at 24. As a result, on an average day, 716.4 cyber security alerts are generated. It means each security professional has to investigate over 35.3 security alerts every hour and has just 102 seconds to assess what is a genuine threat.
‘For the UK mid-market, the cybersecurity situation is serious,’ said Ed Macnair, CEO at Censornet. ‘The financial and reputational cost of cybercrime is rising, putting more pressure on overwhelmed professionals, who are tackling hundreds of alerts a day from siloed point products. Organisations must work smarter, not harder. Only when security systems work seamlessly together, faster than humanly possible, will we see the needle begin to move in the right direction.’
Download the report here: https://cloud.censornet.com/download-codered-report