Lax FTSE 350 cyber security puts UK at risk, says KPMG

News

Lax FTSE 350 cyber security puts UK at risk, says KPMG

Warwick Ashford

Cyber leaks at FTSE 350 firms are putting the UK’s economic growth and national security at risk, says a report by business consultancy firm KPMG.

An analysis by the firm’s cyber response team reveals that companies vital to the UK’s economic growth and crucial to national security, are leaking data that can be used by cyber attackers.

security.jpg

According to the report, this data is readily available in the public domain and could be used to gain control of intellectual property, perpetrate fraud and inflict reputational damage.

The report is based on a simulation of the initial steps a would-be cyber attacker might undertake using public domain data without breaching security.

KPMG found that every single company on the FTSE 350 list was leaking data by leaving employee usernames, email addresses and sensitive internal file location information online.

The cyber response team found that, on average, 41 usernames, 44 email addresses and five sensitive internal file locations were available for each company.

Companies in the aerospace and defence sector recorded the highest number of exposed internal email addresses which attackers typically use to send phishing emails to gain entry to a company’s network.

Martin Jordan, head of cyber response at KPMG said the research shows that companies do not have full control of their web presence.

“Hacking has become automated on an industrial scale – often with state-sponsored agencies behind it – and attackers are aiming for an increased competitive edge by stealing company secrets and IP, or purely seeking financial gain through fraud,” he said.

While it’s difficult to stop these groups, he said companies can, at the very least, deny them open access to their secrets.

“Our findings send out a clear message to business – while the internet may be a shop window to the world – it can also be a substantial security risk,” said Jordan.

“FTSE 350 companies should accept that cyber threats are real. Protecting their networks is not just about self-interest; is about safeguarding the economy and, in the case of critical national infrastructures, it is also about the safety of the population,” he said.

KPMG also found that 53% of the FTSE 350 did not have up to date security patches or were using old server software, making them potentially vulnerable to attack.

Companies in the support services sector and, ironically, also the software and computer services sector, were found to be at the top of the list in terms of sectors with the most vulnerabilities.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy