IT Security: UK Security Breaches Survey 2017 - Geek Guru
 

Get A Quote

[contact-form-7 404 "Not Found"]

IT Security: UK Security Breaches Survey 2017

The UK government performs a cyber security survey each year and the latest report has just been published. For those that are interested, the full report can be found by following the link below. However, we have summarised some of the salient points for our readers:

(Gov.uk: Cyber Security Breaches Survey 2017)

In 2016 / 2017, 46% of UK businesses suffered one or more security breaches. Medium and large businesses accounting for a greater proportion than smaller businesses. The severity and scale of breaches is not always measured financially. However, of those that did calculate it, the average cost to the business over the year was £1,570 with larger businesses showing higher losses at £19,600.

The average time taken to recover from a breach was 1.2 days. For some breaches this could be a minor consideration (for example if a single machine is infected by a virus and taken out of action). In other cases a breach could be much more damaging with multiple systems or employees affected. A business reliant on their website for sales could notice a significant impact from 1.2 days of downtime.

There are a number of graphs in the report and we have identified four that are of particular interest. These are the type of breach, the result of breaches, the outcomes from a breach and the actions taken afterwards.

Types of security breaches

By far the most significant attack vector continues to be fraudulent emails. Whilst filters and anti-spam systems can reduce the incidents of bogus emails, no system is 100% effective. Staff training in how to spot fraudulent emails continues to be our recommendation.

Ransomware makes it’s first appearance in the list in 2017. Ransomware is a specific type of malware that makes a company files inaccessible in some way. The fraudsters then attempt to extort money to restore access. This type of malware has been on the rise for several years. It represents a significant threat to businesses of all sizes. Our recommendation is to ensure that anti-virus software is regularly updated, consider a perimeter anti-malware system (such as a WatchGuard router) and ensure backups are working and complete.

Types of breach - bar graph. IT security survey

Result of security breaches

The results of security breaches are probably no surprise; most businesses reporting temporary loss of access or other ‘recoverable’ issues. The cost of these to business is therefore measured in loss of productivity. Some businesses may be able to continue operating during downtime but for others it may have significant ramifications.

Perhaps more immediately concerning are the 7% of businesses that report permanent loss of data and 6% of business reporting stolen money. These represent a ‘non-recoverable’ outcome – a lost which may be irreplaceable.

Result of breach - bar graph. IT security survey

 

 

Outcomes of security breach

Outcomes include loss of productivity, additional costs to repair damage and prevent future breaches. They also include reputational damages. These include loss of goodwill, complaints from customers and changes to business activity.

The important point to realise is that a breach can result in damages that can take a long time to recover from. Goodwill, reputation and share value may have been earned over many years. In extreme cases these may never get back to pre-breach levels.

 

Actions following security breach

Lastly, the survey looked at what businesses were doing to prevent future breaches. By far the most prevalent of these is staff training or communications. We continue to recommend policy, training and communications as the thing that every business should be looking at if they don’t already have these in place.

Anti-virus software, firewalls and system updates are almost a given. They should not be neglected, but equally they should not be considered as a perfect solution. They are a part of the security puzzle that must be maintained alongside other solutions.

Actions following breach - bar graph. IT security survey

 

Posted on by Geek Guru
This entry was posted in It 4 business, IT Security. Bookmark the permalink.