A new report published by Advanced, the UK’s third largest software and services provider, found that a quarter of companies were not taking adequate steps to improve cyber security.
Moreover, a survey of internet security professionals has found confidence in the country’s ability to stave off serious cyber threats had plummeted in the past year. Just over half of the IT security experts surveyed in the UK believe risks from cyber crime are being adequately assessed, down 14 per cent from last year.
This comes after the government earlier this year published figures showing that cyber attacks were costing the UK economy £27bn each year.
Part of the problem facing businesses is the ever changing nature of the threat posed by cyber criminals.
A recent attack which knocked out broadband access for half a million TalkTalk and Post Office customers was a high profile example of a strategy expected to be used more and more by hackers. By stealing WiFi passwords, cyber criminals are able to hijack routers to spread malware.
Another sinister threat this poses is giving hackers the opportunity to write malware directly onto a computer’s RAM, without using any carrier files, making it incredibly hard to detect and remove.
Many businesses and consumers never change their WiFi router key from the one supplied by their IP provider, making it easy for hackers to steal access details from a single database.
In another development, access to compromised web servers and new automated turnkey technology has lead to hackers setting themselves up to provide ‘Phishing-as-a-Service’ – offering to run so-called phishing email scams at low cost as a third party provider. This has apparently led to a spike in the profitability of phishing, and the threat can be expected to increase accordingly.
All of this can sound daunting – but without understanding the scale of the threats out there, businesses will continue leaving themselves exposed.
The first step to better protection to make as part of your company’s New Year’s Resolutions is to update, or create, your digital security policy. Working with a formal policy helps you to review and understand risks, respond proactively and plan what to do in the event of a security breach.
As a starting point, approach your cyber security policy with the following three areas in mind: