Production Perig - stock.adobe.c
UK businesses risk becoming victim to data breaches by failing to take the most basic of cyber security precautions, research shows.
More than four in 10 of 1,253 UK workers polled by IT services firm Probrand said their company had invested in new cyber security products and services in the past year.
However, 67% said they have a basic password that could easily be guessed or hacked, and 63% admitted that they do not change their password regularly, with almost half saying they have not changed their password since they began working at their company.
According to other research by Probrand, 43% of UK businesses polled have suffered a cyber breach or attack in the past 12 months.
Matt Royle, marketing director at Probrand, said that failure by employees to take the most basic steps to protect their company’s networks and data undermines investments in security technology and the work being done to raise the level of cyber security.
“Our findings have shown that a shocking number of UK businesses are struggling at the very basics, so we would encourage business leaders to monitor and regulate even the simple cyber security practices.
“Writing protocols into company handbooks and employee contracts are just some ways of doing this. As the data shows, as only 37% of employees regularly change their password, it’s clear that some internal training is needed,” he said.
A report published by endpoint management and security firm 1E in May showed that many organisations lack IT security and operations basics, including visibility across their IT operations.
The report said that UK and US businesses are still leaving their doors wide open to cyber attacks, despite significant security investments and focus.
In a panel discussion at the CyberUK 2019 conference in Glasgow in April, industry experts said organisations should ensure they are meeting all of the basic security requirements before investing in advanced security systems.
“If you still haven’t got a lot of the [basic] stuff fixed like two-factor authentication on Office 365, those are huge priorities relative to something like an AI-based anomaly detection box sitting on the network somewhere,” said Kris McConkey, threat detection and response lead partner at PricewaterhouseCoopers (PwC).
“We have learned from analysing 1,600 national-level incidents that these attackers are often relatively simple, using low-level techniques and well-known malware that exploits weaknesses in out-of-date software.
“Typically, these attacks are not particularly advanced, persistent or threatening, so what we have learned is that the biggest threat to cyber security is weak cyber security and that is what needs the most attention.”