February 14, 2019
The UK’s cyber threat environment is intensifying, with over three quarters (88 percent) of organisations reporting they’d experienced a cyber breach in the last 12 months. The UK Threat Report from Carbon Black also claims attacks are growing in volume and the average number of breaches has increased. The average number of breaches per organisation over the past year was 3.67 and 87 percent of organisations saw an increase in attack volumes. In addition, 89 percent of organisations say attacks have become more sophisticated.
More than five percent of organisations have seen an increase in attack volumes with all (100 percent) of Government and Local Authority organisations surveyed having reported being breached in the past 12 months, suffering 4.65 breaches, on average. 40 percent have been breached more than five times. In the private sector, the survey indicates that Financial Services are the most likely to report a breach, with 98 percent of the surveyed companies reporting breaches during the past 12 months. Unsurprisingly, 93 percent of organisations plan to increase spending on cyber defence.
“We believe our second UK threat report underlines that UK organisations are still under intense pressure from escalating cyberattacks,” said Rick McElroy, Head of Security Strategy for Carbon Black. “The report suggests that the average number of breaches has increased, but as threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”
According to the report, malware remains the most prolific attack type in the UK, with more than a quarter (27 percent) of organisations naming it the most commonly encountered. Ransomware holds second position (15 percent). However, the human factor plays a part in the attacks resulting in breaches. Phishing attacks appear to be at the root of one in five successful breaches. Combined, weaknesses in processes and outdated security technology were reported factors in a quarter of breaches, indicating that failures in basic security hygiene continue to be high risk vectors that organisations should address as a priority.
Organisations across all sectors reported increases in the volume of attacks during the past 12 months. However, of the organisations surveyed Government and Local Authority organisations saw particularly high increases, with 40 percent noting more than 50 percent increase in the number of attacks. Similarly, in Healthcare, 29 percent of respondents noted increases of 50 percent or more.
60 percent of UK organisations surveyed said they are actively threat hunting and more than a quarter (26 percent) have been doing so for a year or more. A very encouraging 95 percent reported that threat hunting has strengthened their defences. The survey results suggest that threat hunting is most mature in the financial services sector, with 53 percent threat hunting for more than a year.