One in five British companies has been hacked by cyber criminals over the past year, a new survey has indicated. Further, only a quarter (24%) of the survey’s 1,200 respondents said their business had security measures in place to guard against hacking. IT security experts from Imperva, Tripwire, Cylance and Corero Network Security commented below.
Amichai Shulman, CTO and CO-Founder at Imperva:
“Our experience show that 100% of businesses are under attack. With 20% of companies being breached while only 24% believe they have proper security stance we can only repeat the cliché that there are two types of business those that have been breached and those that don’t know that they have been breached yet.”
Paul Edon, Director, International Customer Services at Tripwire:
“Many businesses still remain unprepared for a cyber attack because it’s difficult to prepare for something you don’t understand, can’t visualize, and haven’t experienced. The dynamic nature of cyber attacks often makes it hard to pinpoint a root cause, and so executives with a desire to prepare are faced with choices, rather than clear actions to fund.
The top three measures a company can take to mitigate cyber risk are:
– Start by understanding the risk you have. You have to conduct regular, preferably continuous, assessments of configuration and vulnerability risk across your IT systems. The attackers will be doing the same.
– Don’t ignore the simple, best practices. Keep software up to date, apply security patches, change passwords, and make sure terminated employees and contractors don’t have access. This security hygiene goes a long way to making the attackers’ job more difficult.
– Train your employees on how to recognize a scam. Much of cyber security is about human nature and social engineering. Training must be ongoing because the attackers change their tactics.”
Anton Grashion, Managing Director-Security Practice at Cylance:
“This is probably an underestimate if anything. Two reasons for this, firstly, this assumes they even know they have been hit, secondly people are more likely to under-report. Evidence of our testing when we run a POC with prospective customers is that we almost invariably discover active malware on their systems so it’s the unconscious acceptance of risk that plagues both large and small businesses.”
Stephanie Weagle, VP at Corero Network Security:
“Attackers will always find new exploits, and new attack methods of disrupting financial opportunity, extortion, accessing personally identifiable data, and disrupting an organizations online availability. Cyber-attack activity is prevalent today, more than ever – especially when it comes to DDoS attacks.
“While the Internet has been fighting off DDoS attacks for over a decade, these denial of service attacks are taking center stage as the techniques have become much more sophisticated in nature. Coupled with the ease of securing DDoS-for-hire services, access to massive botnets, and unlimited motivations we are seeing a far more dangerous concoction of attacks taking down major institutions.
“This elevation of risk comes at a time when DDoS attacks continue to increase in frequency, scale and sophistication over the last year. 31 percent of IT security professional and network operators polled in a 2017 survey conducted by Corero experienced more DDoS attacks than usual in recent months, with 40 percent now experiencing attacks on a monthly, weekly or even daily basis. To alleviate this problem, 85 percent are now demanding additional help from their ISPs to block DDoS traffic before it reaches them.
“The biggest DDoS risk factor, which was cited by almost half of the respondents (45 percent), was the potential for loss of customer trust and confidence. Lost revenues were also a serious concern (cited by 17 percent), while malware infection (15 percent) was also seen as a potential problem.”
Joep Gommers, CEO at EclecticIQ:
“UK businesses of all sizes should sit up and take note of today’s report from the British Chamber of Commerce (BCC). Enterprises and governments are under a constant barrage of cyberattacks, hampering company growth, productivity and reputation alike.
“If UK businesses are to fight against the evolving threat landscape, it’s important that they start to share knowledge and collaborate on past, current and future attacks. The way we share information is already starting to change, and we’re seeing a big push from government to set up collaborative initiatives to ensure the public and private sectors are sharing insight on threats. Embracing a stance of openness can not only improve a business’s view of cyber threats, but can also fuel a wider cyber intelligence revolution.
“Support for open source standards like STIX and TAXII need to sit at the core of the fight for true threat intelligence. These help re-align IT security efforts based on real-time information exchanges between government, commercial suppliers, non-profit efforts and industry partners. These standards should be embedded in any UK business to drive a culture of openness and sharing, giving the good guys a far stronger chance in triumphing over the bad.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.