Story image

88% of businesses breached in the last year - Carbon Black

12 Feb 2019

Endpoint security company Carbon Black has released the results of its second UK Threat Report.

The research indicates that the UK’s cyber threat environment is intensifying.

According to the report, attacks are growing in volume, and the average number of breaches has increased.

The report analyses survey results from different vertical sectors, organisation sizes and IT team sizes to build a picture of the attack and cyber defence landscape in the UK.

Compared with the previous report, published in September, the average number of breaches has increased from 3.48 to 3.67.

100% of Government and Local Authority organisations surveyed reported being breached in the past 12 months, suffering 4.65 breaches, on average.

40% have been breached more than five times.

In the private sector, the survey indicates that Financial Services is the most likely to report a breach, with 98% of the surveyed companies reporting breaches during the past 12 months.

“We believe our second UK threat report underlines that UK organisations are still under intense pressure from escalating cyber attacks,” says Carbon Black security strategy head Rick McElroy.

“The report suggests that the average number of breaches has increased, but as threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”

The weakest link in cybersecurity: Humans

According to the report, malware remains the most prolific attack type in the UK, with more than a quarter (27%) of organisations naming it the most commonly encountered.

Ransomware holds second position (15%).

However, the human factor plays a part in the attacks resulting in breaches.

Phishing attacks appear to be at the root of one in five successful breaches.

Combined, weaknesses in processes and outdated security technology were reported factors in a quarter of breaches, indicating that failures in basic security hygiene continue to be high-risk vectors that organisations should address as a priority.

Cyber defence investment increases in the face of increasing attack volumes

Organisations across all sectors reported increases in the volume of attacks during the past 12 months. However, of the organisations surveyed Government and Local Authority organisations saw particularly high increases, with 40% noting more than 50% increase in the number of attacks.

Similarly, in Healthcare, 29% of respondents noted increases of 50% or more.

A silver lining here is that 6% more of the organisations plan to increase cybersecurity spending compared to six months ago.

Threat hunting is delivering on its promise

60% of UK organisations surveyed said they are actively threat hunting and more than a quarter (26%) have been doing so for a year or more.

95% reported that threat hunting has strengthened their defences.

The survey results suggest that threat hunting is most mature in the financial services sector, with 53% threat hunting for more than a year. 

Key survey research findings:

·        88% of UK organisations reported suffering a breach in the last 12 months

·        The average number of breaches per organisation over the past year was 3.67

·        87% of organisations have seen an increase in attack volumes

·        89% of organisations say attacks have become more sophisticated

·        93% of organisations plan to increase spending on cyber defence

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.