06 May 2022
Businesses and charities are being urged to strengthen their cyber security practices now as new government figures show the frequency of cyberattacks is increasing.
According to the Cyber Security Breaches Survey 2022 report, published by the Department for Digital, Culture, Media and Sport (DCMS), almost one in three businesses (31%) and a quarter (26%) of charities suffering attacks said they now experience breaches or attacks at least once a week.
The number of businesses which experienced an attack or breach remained the same as 2021 levels. Almost a third of charities (30%) and two in five businesses (39%) reported cyber security breaches or attacks in the last 12 months.
Small businesses have been urged to adopt the Cyber Essentials scheme to protect against the most common cyber threats such as phishing attacks and use the Small Business Guide to improve cyber security practices. Larger organisations should use the Board Toolkit to get company executives to act on cyber resilience, the government added.
Cyber minister Julia Lopez said it is vital that every organisation takes cyber security seriously as more business is done online and in a time of increasing cyber risk.
“No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online,” Lopez added.
Following a wave of high-profile attacks over the past year including on Kaseya, Colonial Pipeline and Microsoft Exchange, there has been increased attention on the cyber security of supply chains and digital services.
Nigel Thorpe technical director at SecureAge, told Networking+ the statistics suggest that organisations are improving their defences against cyberattacks, yet “a sizable proportion” suffered the effects of some form of breach. “The advice given by the NCSC should certainly be taken, but organisations must recognise that individual people are not immune to making mistakes or poor decisions,” he added. “And in our highly connected world, it might not even be your own employee who releases the ransomware.”
The government said it is committed to protecting the UK from cyber threats, which is at the centre of its £2.6bn National Cyber Strategy. It is investing in cyber skills, expanding the country’s offensive and defensive cyber capabilities and prioritising cyber security in the workplace, boardrooms and digital supply chains.
John Fitzpatrick, chief technology officer at cyber security firm Jumpsec added that it’s important for organisations to be aware that the vast majority of attempted attacks “are typically not targeted” and most organisations will see these every day, because “they are relentless”. He said: “Basic cyber hygiene steps like patching, anti-malware solutions and user awareness are still some of the best defences. Targeted attacks are far less frequent. Having a view of the attack paths within your business, including understanding who and why you might be targeted are important in planning your defences.”
Martin Walsham, director of cyber security, AMR CyberSecurity said, “this is a useful report” and should act as a wake-up call for any business leaders in doubt about the level of business risk their organisation is exposed to through cyber threats. “I urge organisations to check they have robust cyber incident response plans in place, and that they are tested to ensure they are effective should they need to invoke them,” he added.