In an article from Naked Security by Lee Munson: A new survey commissioned by the UK Government’s Department for Business Innovation and Skills (BIS) has revealed the scare of cyber attacks on UK companies. The 2013 Information Security Breaches Survey, which collected data from 1,402 respondents, presented results for large organizations (in excess of 250 employees) and small firms (less than 50 members of staff).
One of the key findings of the report was the level of attacks sustained by businesses – with breaches reaching record levels. The survey discovered that 93% of large organizations experienced a security breach last year, a figure that is broadly in line with 2012 reports. Smaller businesses, however, saw a marked increase in the number of attacks levied against them. Some 87% of smaller firms reported experiencing a data breach last year, which is up significantly from 76% the previous year.
Average of 113 security breaches:
The number of security breaches within each of the affected companies also showed a sharp increase too. Larger companies experienced an average of 113 breaches and smaller firms reported 17 such incidents, an increase across the board of almost 50% in one year.
The survey determined that the attacks faced by businesses over the last year came from both outside and inside the organization.
A whopping 78% of large organizations reported attacks from outsiders over the last year with 39% of those incidents being denial of service attacks. Smaller companies fared slightly better in both regards with 63% reporting outside attacks. The number of smaller firms that experienced a DoS attack was 23%.
The survey respondents did not just experience random attacks though – 14% of larger businesses reported the theft of confidential data or intellectual property by external attackers, while 9% of smaller firms experienced such losses too.
36% of the worst breaches down to human error:
Insider threats also pose a risk to organizations through. The survey found that technology, people and processes were to blame in several cases. Of the worst security breaches during the year, 36% were attributed to human error. Alarmingly, an additional 10% of the reported security breaches were pinned on staff and their misuse of systems.
On a more positive note the survey discovered that attitudes towards information security are generally good and continually improving too.
The survey found that 76% of larger organizations believe that senior management places a high level of priority on information security. Interestingly, smaller firms were better, with 83% placing a strong emphasis on security.
Another contributory factor with regards to internal breaches could be a lack of staff training. Survey respondents indicated that many large organizations only prioritized training after a breach. At the time of the induction 10% of new staff were given no security training whatsoever and 42% of large firms failed to employ any kind of ongoing training in terms of security awareness.
Larger organizations expect to spend more next year in customer data protection and compliance, but just how much a business spends on security seems highly depended on the outlook of senior members of the management team.
The survey ends by saying that the majority of firms believe that the number of security breaches newt year is likely to be higher. As per this year, attacks are expected in every industry though the public sector and financial services showed more concern than other sectors.
Source: Naked Security
How to protect yourself from a breach:
As an employee, you have a crucial role in the security of your company whether you realize it or not. A company cannot be secure without the help of every single employee. Below are some tips that you can follow in order to help your company avoid a security breach:
- Stay informed
- If you do not understand or are not sure, ask
- Follow your companies password policies
- Do not reuse passwords
- Do not write down passwords
- Do not share passwords under any circumstance
- Create strong passwords consisting of the following:
- NEVER use passwords less than 8 characters
- Reset your password as prompted every 90 days
- Ensure proper validation of one’s identity is obtained before releasing ANY data
- Follow your companies Clean Desk Policy
- Only browse websites to fulfill your job duties
- If something seems “shady” it probably is
- Do not submit confidential data on insecure HTTP websites
- NEVER enter confidential data on a pop-up screen
- Pay attention to your web browser warnings
- Report suspicious activity to the Information Security Officer
– Kristin Badgett, CSID Information Security Officer
What steps are you taking to help your company avoid a data breach? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.