UK businesses have suffered losses of up to £144,501 on average from attacks involving malicious insiders and as much as £96,668 per incident from DDoS attacks this year, an Accenture study has revealed.
75% of losses inflicted on UK businesses have come from cyber attacks that seek to steal sensitive enterprise information and disrupt business operations.
A survey of 332 UK businesses commissioned by Accenture and conducted by the Ponemon Institute has revealed the true monetary losses suffered by UK businesses to malicious DDoS attacks, malware attacks and malicious insiders this year.
So far this year, law enforcement authorities, cyber security warriors, and ethical hackers have, to an extent, turned the tables on malicious actors who regularly conduct DDoS attacks on the UK's businesses as well as government institutions.
A number of malicious hackers and hacker groups have been apprehended so far, including a hacker who was extradited from Germany for launching DDoS attacks on Lloyds, Halifax, Bank of Scotland and Barclays banks earlier this year, 18-year old British hacker Jack Chappel who carried out and abetted DDoS attacks on a large number of websites across the globe, and 21-year-old Alex Bessell who used a DDoS software to launch attacks on websites belonging to NatWest bank, Amazon, the BBC, O2, BT, the NCA, EE, Sprint, T-Mobile, Verizon, Netflix and the Massachusetts Institute of Technology, among others.
Despite these successes, DDoS attacks continue to pose existential threats to a large number of UK businesses, many of whom do not have enough resources to recover in the aftermath of crippling attacks. The Accenture survey revealed that DDoS attacks have inflicted losses of as much as £96,668 per incident on UK businesses.
In fact, DDoS attacks have turned out to be so successful that, according to a Kaspersky Lab report, many companies are being targeted by attacks commissioned and funded by their business competitors.
'This significant figure should give businesses a lot to think about – is their current DDoS protection robust enough to weather an attack?' asks Kirill Kasavchenko, principal security technologist, EMEA at Arbor Networks.
'Are they protected from all types of DDoS attack, from volumetric floods to stealth application layer attacks? How would they respond to a DDoS attack if business operations were affected? Are there secondary communication channels, such as social media, that can update partners and/or customers? If there aren’t clear answers to these questions – it’s crucial that businesses act now so they’re ready for any future attack,' he adds.
However, the survey also revealed that despite being such a major threat, DDoS attacks aren't as crippling or as costly as attacks carried out by malicious insiders. As per the results of the survey, UK businesses lost an average of £144,501 to malicious insiders in recent times.
Rick Hemsley, managing director at Accenture Security, said that considering such losses inflicted on them by such malicious cyber attacks, businesses must 'get the basics right, such as timely patching of their systems, and ensure they are protecting their most high-value assets from the inside out'.
The survey also revealed that on an average, UK businesses suffer as many as 71 data breaches per year even though the figure is low compared to the global average of 130 breaches per year. Despite being better placed in defending against breaches, our businesses are still losing an average of £6.56m to data breaches.
Among the major causes behind successful cyber attacks is that a majority of UK businesses are still overly reliant on perimeter security. The survey revealed that 63% of businesses are investing in advanced perimeter controls even though a survey by Gemalto had revealed that 28% of organisations in the UK had suffered perimeter security breaches in the past 12 months.
As a security professional, it feels like I’ve been saying forever that basic perimeter security measures are no longer enough. So it’s worrying to see that the UK is continuing to place ultimate faith in these systems, without thinking about what attackers actually want – their data," said Joe Pindar, Director of Data Protection Product Strategy at Gemalto.
'Without a switch in mentality, and starting to protect the data at its source with robust encryption and two-factor authentication, the UK is like one of the three little pigs. Unfortunately the one sitting in the straw house – not realising that when the time comes, passwords and perimeter security alone will not stand up to attackers,” he added.