Production Perig - stock.adobe.c

UK poor cyber security practice undermining controls

UK firms investing in the latest cyber security products and services risk this being undermined by poor security practices, a survey reveals

UK businesses risk becoming victim to data breaches by failing to take the most basic of cyber security precautions, research shows.

More than four in 10 of 1,253 UK workers polled by IT services firm Probrand said their company had invested in new cyber security products and services in the past year.

However, 67% said they have a basic password that could easily be guessed or hacked, and 63% admitted that they do not change their password regularly, with almost half saying they have not changed their password since they began working at their company.

The data also revealed that more than 1 in 3 (37%) of UK workers report using insecure network connections such as public Wi-Fi or tethering to mobile phones when working remotely.

According to other research by Probrand, 43% of UK businesses polled have suffered a cyber breach or attack in the past 12 months.

Matt Royle, marketing director at Probrand, said that failure by employees to take the most basic steps to protect their company’s networks and data undermines investments in security technology and the work being done to raise the level of cyber security.

“Our findings have shown that a shocking number of UK businesses are struggling at the very basics, so we would encourage business leaders to monitor and regulate even the simple cyber security practices.

“Writing protocols into company handbooks and employee contracts are just some ways of doing this. As the data shows, as only 37% of employees regularly change their password, it’s clear that some internal training is needed,” he said.

A report published by endpoint management and security firm 1E in May showed that many organisations lack IT security and operations basics, including visibility across their IT operations.

The report said that UK and US businesses are still leaving their doors wide open to cyber attacks, despite significant security investments and focus.

In a panel discussion at the CyberUK 2019 conference in Glasgow in April, industry experts said organisations should ensure they are meeting all of the basic security requirements before investing in advanced security systems.

“If you still haven’t got a lot of the [basic] stuff fixed like two-factor authentication on Office 365, those are huge priorities relative to something like an AI-based anomaly detection box sitting on the network somewhere,” said Kris McConkey, threat detection and response lead partner at PricewaterhouseCoopers (PwC).

Speaking at InfoSecurity Europe 2019 in London in June, National Cyber Security Centre (NCSC) CEO Ciaran Martin said: “The biggest threat to online safety is poor cyber security.

“We have learned from analysing 1,600 national-level incidents that these attackers are often relatively simple, using low-level techniques and well-known malware that exploits weaknesses in out-of-date software.

“Typically, these attacks are not particularly advanced, persistent or threatening, so what we have learned is that the biggest threat to cyber security is weak cyber security and that is what needs the most attention.”

Read more about enterprise cyber security

Read more on Hackers and cybercrime prevention

CIO
Security
Networking
Data Center
Data Management
Close