The UK government has released the findings of new research into the health of cyber security in UK businesses.
The Cyber Security Breaches Survey found that two-thirds of big UK businesses have been hit by a cyber attack in the past year and a quarter of large firms experienced a cyber attack at least once a month.
The survey's results have been released alongside the government's Cyber Governance Health Check, launched following the cyber attack on TalkTalk in October last year.
Analysing the results of the survey, James Maude, senior security engineer at Avecto said:
“With huge volumes of malware and businesses still relying on detection technology which has been failing them for years we are seeing the inevitable consequences. With the government research highlighting that 7 out of 10 attacks could have been prevented it is clear that organisations are failing to secure systems. It is often simple steps such as removal of admin rights that can be the difference between being breached or defeating an attack. Avecto research has shown that 85% of critical Microsoft vulnerabilities can be mitigated by simply removing admin rights, this makes it much harder for attackers to penetrate an organisation.
“Data security should be high on the board room agenda as it is crucial to business success in today’s digital economy. If the UK government is to succeed in their goal to be a world leading digital economy then they must lead the way in helping organisations secure their data. The UK has a great track record of security innovation and it is essential that organisations across the UK are able to tap into this and realise that prevention is possible.
“It is concerning that in 2016 an organisation can be brought to its knees when an employee opens a malicious document sent via email. We have seen a common and concerning pattern emerging in business that instead of learning the lessons from past breaches they are still ignoring the advice around securing the IT environment using proven, best practice recommendations.
“Large organisation are often so focussed on compliance with data protection legislation that they mistake this for security. If the security fundamentals are not addressed and the endpoint systems not secured then you risk undermining all of your defences. Schemes such as the UK government’s cyber essentials scheme can go a long way to helping to secure systems however they should be considered a starting point not a final destination.”
