Takeaways from the 2021 Cyber Security Breaches Survey
Posted 5th July 2021
March 2021 saw the release of the sixth UK Government Cyber Security Breaches Survey, where 1,419 businesses were interviewed about cyber threats through 2020. The theme that flows through the whole report is the difficulty many companies and organisations had in protecting themselves against cyber-attacks while their staff were required to work remotely from home. As a result, this survey, while reporting on an unprecedented year, provides a valuable insight into the measures that organisations will need to take if they decide to embrace hybrid or remote working moving forwards.
Costs of attacks and breaches are falling year on year
While the number of cyber-attacks are rising (4 in 10 companies and ¼ of charities reported a cybersecurity breach or attack in 2020), the cost to businesses is falling. The report lays this firmly at the door of the fact that cybersecurity has become an increasing priority for businesses since the introduction of GDPR. Over recent years companies and organisations have increasingly begun to use cloud storage and remote back-ups. This means that where breaches do happen, systems can get back up and running smoothly and quickly.
However, one overlooked cost was the cost of fraud and lost businesses on organisations targeted by criminals.
Phishing attacks are becoming increasingly popular
There’s been a sharp upward trend in phishing attacks compared to a significant decrease in viruses and malware. Essentially, criminals are now focussing on human error as a method of accessing systems and data. With this in mind, forward-thinking businesses should now begin using extra security measures such as multi-factor authentication (MFA) and password management tools. After all, even the most cybersecurity savvy person is fallible.
Companies struggled to deal with cybersecurity incidents
With a sudden move to home and remote working, many businesses reported that they had struggled with creating and implementing formal incident response processes. More worryingly, under half of the organisations spoken to had attempted to identify the source of any cybersecurity incidents. Alongside this, 36% of those asked reported that they had taken no further action following a disruptive cyber breach.
While many organisations were caught off guard by the need for their teams to work from home, it is vital that any breaches are investigated so the source can be found and fixed; whether that is by introducing staff training or improved endpoint security, it’s always imperative to plug the leak. For companies that did find themselves struggling with any cybersecurity or remote working processes, it is worth considering using a Virtual Chief Information Officer service.
Difficulties keeping IT equipment up to date
Alongside the struggle to deal with cybersecurity incidents, many businesses also reported that they had had difficulty in keeping hardware and software up to date due to a rapid increase in endpoints. As we’ve repeatedly written in previous blogs, patch management is an integral part of keeping a network secure and is required as part of Cyber Essentials accreditation. One of the easiest ways of overcoming this issue is to use a Managed Service Provider like LP Networks.
Some cybersecurity solutions weren’t the right fit
The report did identify that many businesses invested in cybersecurity in an effort to adapt to remote working. However, many of the solutions may not have been the right fit or may not have been suited to the company’s needs. In many cases, a one-size-fits-all approach doesn’t work, and businesses may have found themselves paying for products that they didn’t need or that didn’t fully meet their needs.
LP Networks work alongside our clients to make sure that they only pay for what they need and that they fully understand how each product works. Alongside this, our Support Desk is available during office hours to provide support and fixes for any IT issues. If you’re a business owner who is concerned that the cybersecurity measures you have in place may be falling short (or are non-existent), contact our team for a chat.