New research has revealed that phishing emails are perceived as posing the biggest cyber threat to UK businesses, with 59% of business decision makers highlighting this as a chief concern for their business, far more than any other threat.
This was followed by failure by firms to cut off access to the network for ex-employees was next on the list with more than one in four (28%) considering this a major threat. Introduction of malware via personal devices was also present on the list, with more than a quarter (26%) highlighting this as a major threat to their organisation.
The research from Clearswift surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia. When asked what they see as the biggest threat to their organisation, business decision makers ranked phishing emails as the top threat in all four surveyed regions.
Dr Guy Bunker, SVP of Products at Clearswift said: “Email security consistently rears its head as a key vulnerability in UK cyber defences. This highlights that businesses need to change the way they’re approaching the task of mitigating these risks”.
“It is easy for a company to perform mock phishing exercises and physical penetration tests to assess vulnerabilities, however this underhanded approach to catch staff out may not always prove to be the best way forward. The approach should be twofold, focused on balancing education with a robust technological safety net. This will ultimately help ensure the business stays safe.”
A lax attitude by employees to sharing passwords was ranked second on the list, as a source of cyber weakness, with one-third (33%) of UK businesses listing this as one of the biggest threats. USBs sticks were the next offender, with 31% of respondents highlighting USB/removable storage devices as a major threat. Worryingly, ahead of the GDPR deadline on May 25th, 30% felt that employees not following data protection policies could be one of the biggest threats to their organisation.
Despite some major hacks in 2017, hackers were only the seventh most selected threat, with 25% of businesses flagging this as a major threat.
Other threats to feature included the use of non-authorised tools/applications for work purposes (25%), including personal email drives and file sharing platforms. Additionally, threats coming from social media platforms, often used as a means of spear phishing, was a concern. UK businesses also saw stolen company devices as one of the biggest threats (23%), with these devices often containing critical information.
Dr Bunker added: “With the knowledge that most information breaches are inadvertent, technology can so often provide a clear solution. Like our content aware Adaptive DLP suite, the solution should focus on preventing the information from leaking out, but also provide feedback to the sender to inform them that they have violated policy. This way, a business can work towards a safer environment and a more security conscious workforce.”
Top Ten Cyber threats according to UK Businesses:
Business decision makers were asked to choose the threats that they saw as posing the biggest threats to their businesses.
1. Malicious links within emails – 59%
2. Employees sharing usernames/passwords – 33%
3. USBs/removable storage – 31%
4. Users not following protocol/data protection policies – 30%
5. Ex-employees retaining access to network – 28%
6. Viruses via malware on personal devices – 26%
7. Hackers – 25%
8. Employees using non-authorised tools/applications for work purposes (personal email drives/File sharing) – 25%
9. Social Media viruses – 24%
10.Critical information on stolen devices – 23%
With GDPR coming into force several weeks away, businesses should be looking at what are the biggest threats to an organisation and how they can reduce this risk.
The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.
Ahead of the end of year event, DPWF has launched a series of intensive workshops.
Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/