Hackers: How and where they’re getting into organisations
Unfortunately, cyberattacks happen all too often.
Even with the advancement of protective technologies and users' general awareness online, cybercriminals will undoubtedly manage to find a way of attacking.
According to the government’s 2023 annual Cyber security breaches survey, “the most common cyber threats are relatively unsophisticated’. However, the study shows that even these ‘unsophisticated’ forms of attack can still be successful, and wreak havoc on organisations and individuals.
The latest version of this comprehensive research, released by the Department for Science, Innovation, and Technology, discloses that 32% of businesses and 24% of charities experienced a security breach within the last 12 months. For medium businesses, this was substantially higher at 59%, large businesses were 69%, and high-income charities with £500,000 or more in annual revenue, were 56%.
Some of the most common forms of attack
Throughout this series of surveys, a recurring theme has been the significance of organisations ensuring that their workforce is well aware of the potential risks through training and awareness initiatives.
This reflects the fact that the majority of cyber actors employ social engineering tactics, as demonstrated by the widespread occurrence of phishing attacks, to breach the target organisation's networks.
Phishing
Businesses - 79%
Charities - 83%
Phishing attacks, defined as fraudulent emails or deceptive websites targeting staff, overwhelmingly constitute as the most common and disruptive security breaches.
While the saying that "humans are the weakest link" in security is being challenged, the continued prevalence and impact of phishing demonstrate its ongoing truth. Phishing relies on social and psychological manipulation rather than technical sophistication to exploit human vulnerabilities, which it is successfully managing.
The research states: “One of the consistent lessons across this series of surveys has been the importance of organisations ensuring that their staff are aware of the risks, through training and other awareness-raising activities. This reflects that most cyber actors use social engineering techniques, as evidenced in the high prevalence of phishing attacks, to gain access to the target organisation’s networks.”
Others impersonating organisation in emails or online
Businesses - 31%
Charities - 29%
Incidents where attackers effectively mimic an organisation or one of its users represent the second most frequent and disruptive security threats. The study highlights the intricate nature of these attacks, and other common threats, which surprisingly may not be subject to criminal prosecution under current legislation.
“Some of the cyber security breaches and attacks reported would not constitute cybercrimes,” it says. “For example, some attempted attacks will not have penetrated an organisation’s cyber defences and some, such as online impersonation, would be beyond the scope of the Computer Misuse Act.”
Viruses, spyware or malware
Businesses - 11%
Charities - 9%
For approximately four decades, the concept of a computer "virus" has symbolised cyber threats, with infecting a target's systems through destructive programs remaining a widespread and frequently catastrophic attack method.
However, as organizations have bolstered their defences and phishing attacks have become a more accessible and lucrative option, the frequency of malware and other viruses has significantly reduced in recent years.
Hacking or attempted hacking of online bank accounts
Businesses - 11%
Charities - 6%
When it comes to the frequency of breaches involving successful bank account hacks, these incidents rank significantly high in terms of the disruption they can inflict. According to government research, hacked bank accounts are the second most prevalent source of cyber-enabled fraud after phishing.
Ransomware
Businesses - 4%
Charities - 4%
For many people, ransomware has become the stereotypical representation of a cyberattack. Numerous high-profile and devastating breaches in recent years have featured the effective utilisation of ransomware.
One notable example is WannaCry, the most extensive attack ever experienced by the UK, resulting in the cancellation or postponement of 19,000 NHS appointments, substantial technological disruption, and a recovery cost of £92 million for the health service.
The study underscores the number of areas in which organisations, regardless of size, have the opportunity to enhance their strategies and become more resilient to cyber attacks.
Although these attacks cannot be stopped entirely, it is through a combination of awareness and the correct security measures which will help businesses and users ensure better online protection.
******
For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest - Technology Magazine | AI Magazine.
Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.
******
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.
