A UK government survey has revealed that phishing and ransomware are the biggest web security threats for businesses.
The survey was commissioned by the Department for Culture, Media and Sport. It found the following most common security breaches:
- Staff receiving fraudulent emails – 72% of cases
- Viruses, spyware and malware – 33% of cases
- People impersonating the organisation in emails – 27% of cases
- Ransomware – 17% of cases
The consequences of these security issues include downtime, damage to computers and in some cases, payment to criminals so you can get your files unlocked. While you may have secured your software and firewalls, your business could be vulnerable if staff click on a dubious attachment or link in an email.
A recent ransomware incident we dealt with
We recently had an issue with one of our clients where this happened. The PC’s document files had been encrypted and could only be recovered if we paid a large fee.
Fortunately we had a recent backup so it didn’t matter. We simply wiped the files and restored the backup. However other companies have not been so fortunate.
Losses from web security breaches
Among the 46 per cent of companies that detected breaches in the last 12 months, the average business faces costs of £1,570 as a result of these breaches, a lot lower than figures from comparable surveys. Losses for larger firms came out at just under £20,000.
Half of 1,500 firms surveyed (52 per cent) have enacted basic technical controls as recommended by the UK government-endorsed Cyber Essentials scheme. Nine in ten businesses regularly update their software and malware protections, configuring firewalls or securely backing up their data, but only around two-thirds (69 per cent) have guidance on acceptably strong passwords.
What is clear is that companies need to do more. Most cyber security issues are caused by a combination of out-dated software or hardware combined with poor staff training and awareness. Get in touch if you need any advice on web security.
UK Government cyber security breaches survey
New hidden domain phishing issue could cause security issues
