Risk of successful attacks on untrained staff could soar as suspect URL’s see 87% growth
Recent research has shown that companies are underestimating the risk of failing to provide security training to non-technical staff.
In its latest report, Intel Security warns that IT security training for non-technical staff cannot be overlooked. The study, which surveyed IT decision makers in European-based companies[1], found that within UK companies, sales staff are the most exposed to online attacks. This is thanks to their frequent online contact with non-staff members. Incidentally, they were closely followed by the call centre and customer services teams – making both departments more at risk from a cyber-attack than the company CTO. However, 51% of UK companies fail to provide sales staff with IT security training.
With the number of suspect URLs soaring 87%[2] between 2013 and 2014, the risk of untrained staff clicking on dangerous links and unwittingly unleashing a browser attack on their organisation is also on the rise.
Staff including receptionists and customer service teams – who are also frequently exposed to online contact with the general public – are also missing crucial security training. 52% of UK organisations fail to train their customer service team, while 60% do not train their receptionists and front-of-house staff. Most worryingly, more than 1 in 10 UK companies fail to provide mandatory online security training to any of their staff, which is the highest example of this across Europe.
Dissecting the top five network attack methods
Intel Security’s latest report, ‘Dissecting the Top Five Network Attack Methods: A Thief’s Perspective’, identifies the principal methods of network attacks that are threatening businesses today. The report found that browser attacks (which target unsuspecting staff members with dangerous links), network abuse, stealthy attacks, evasive technologies and SSL attacks (which hide in a company’s encrypted traffic) pose a growing threat to companies – accounting for over 83 million network attacks quarterly.
Stealth attacks: Getting to know all about you
The report found that advanced stealth attacks, which disguise themselves to sneak into company networks, are on the rise – with Intel Security uncovering 387 new threats every minute. Against this rapid rate of threat development from hackers, the report found that organisations assess their security strategy on average every eight months, which rises to every nine months in the UK. Meanwhile, around 30% of organisations review their security strategy once a year or less frequently.
Despite this, 75% of UK IT professionals believe their organisation’s security strategy always considers the latest threats. However, the research shows that 73% admit their organisation’s overall security posture would benefit from a security strategy that takes into consideration solutions that proactively work together and inform each other of their findings – an important and connected strategy for battling advanced stealth attacks.
Network abuse: Hackers hit you where it hurts
Distributed denial-of-service (DDoS) attacks, which are often deployed by hacktivists or criminals in order to distract a company while they sneak in the back door and steal data, are also identified as a significant threat. According to the report, network abuse, including DDoS attacks, is the most prevalent form of network attack, accounting for 45% of all network attacks.
However, just 19% of UK IT professionals questioned believe DDoS attacks pose the biggest threat to their company network. Designed to enforce a network outage, DDoS attacks often come with a demand for a ransom. However, just 17% believe ransomware poses any real threat to their company network, while a mere 2% believe it is the biggest threat to their company’s security.
Ashish Patel, regional director of network security UK&I Intel Security commented: “With new threats being developed every minute of every day, IT teams within organisations need to rethink their approach to network security. Relying on broad brush security strategies that aren’t updated in line with the newest threats will leave companies increasingly vulnerable to the growing capabilities of cyber criminals.
“It’s crucial that IT professionals take time to gain a real understanding of how the network attack landscape is evolving and which threats their company must prioritise defeating. Our research shows there is a real disconnect between the evolving network abuse and IT teams’ comprehension of the threat these methods pose to their organisation.”
“With suspect URLs in particular on the rise, companies cannot afford to overlook non-technical staff when it comes to security training – as these employees are often the most susceptible to online threats. Meanwhile the significant growth of network attacks relying on methods such as DDoS, ransomware, SSL attacks and advanced stealth techniques should urge IT departments and security professionals to assess their security strategies in line with these rising threats. Beyond simply deploying new security technology, IT professionals should assess how their existing systems communicate with each other to better secure their entire network.”
The report, ‘Dissecting the Top Five Network Attack Methods: A Thief’s Perspective’ can be downloaded here.[su_box title=”About Intel Security” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.