sdecoret - stock.adobe.com

A security breach is inevitable, IT leaders warned

No matter how much IT security tech and training is in place, sophisticated, targeted attacks are going to breach company defences, Carbon Black warns

An Opinion Matters survey of 250 UK CIOs, chief technology officers (CTOs) and chief security officers for Carbon Black has found that many organisations are worried that breaches are inevitable.

The survey, which is part of Carbon Black’s Global threat series study, reported that 84% of UK organisations participating in the study said they have suffered one or more breaches in the past 12 months due to external cyber attacks.

The survey reported that the average number of breaches in affected organisations was 2.89, a reduction from the 3.67 seen in the January 2019 report, with more than half (51.5%) of respondents saying they had been breached only once.

Carbon Black said the number of businesses identifying just a single breach has grown from the previous research, where only 15% had suffered only a single breach. This may indicate that businesses are responding more robustly to breach incidents to ensure that frequency is reduced.

At the other end of the scale, 5.5% of the businesses surveyed admitted they had been breached 10 or more times, and 3% said they didn’t know how many times they had been breached.

The study found that among the IT leaders who took part in the research, 84% reported an increase in cyber attacks in the past 12 months, with nine in 10 saying the attacks they face are becoming more sophisticated. This compares with 87% in the previous report and 82% in the summer of 2018.

According to Carbon Black, the prevalence of phishing as the attack type resulting in the most breaches has seen a sharp increase, as attackers target the weakest link in the security chain: end users.

Read more about cyber protection

  • To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid.
  • It can be daunting to defend an enterprise against cyber attacks, but these four defensive moves can help fortify and repel whatever comes your way.

In fact, a third (33%) of participating organisations admitted they had been affected by a successful phishing attack. This figure has jumped from the survey undertaken in January 2019, where 20% reported phishing as the dominant cause of breaches.

Ransomware took second place, with an increase to 20% from 14% in January 2019. Process failures halved over the six month period, dropping to 8.5% of breaches compared with 17% in the last study.

Carbon Black said this may be an indication that companies are putting additional focus on clamping down on breach vectors that are inside their control. However, the study found that the occurrences of breaches caused by outdated security software halved since the previous January 2019 survey.

Adjusting to the “new normal”

“As we analyse the findings of our third UK Threat Report, it appears businesses are adjusting to the ‘new normal’ of sustained and sophisticated cyber attacks,” said Rick McElroy, head of security strategy at Carbon Black.

“Greater awareness of external threats and compliance risks have also prompted businesses to become more proactive about managing cyber risks as they witness the financial and reputational impacts that breaches entail.”

To combat the risk, almost a quarter (24%) of CIOs surveyed said they would need a bigger team. However, 55% report that recruitment and training of specialist cyber security staff is more difficult than it was 12 months ago. Carbon Black warned that this skills gap will cause significant problems for UK businesses as they adapt to the challenges of securing their business.

Interestingly, chief information security officers raised concerns over their organisations’ digital strategy and the deployment of 5G networking. Nearly nine in 10 CIOs/CISOs surveyed expressed concern about the cyber security impact of digital transformation projects and the implementation of 5G.

The report noted that concerns ranged from the potential for more effective and destructive cyber attack vectors; the likelihood that attack frequency would increase, to the lack of visibility across new projects and technologies.

Read more on Hackers and cybercrime prevention