A survey of UK CTOs, CIOs, and CISOs has found that 99% of UK organisations suffered security breaches in the last twelve months with attack volumes increasing significantly in the period.
The survey, conducted by Opinion Matters and commissioned by VMware Carbon Black, gauged responses from 251 UK CIOs, CTOs, and CISOs from UK organisations on the nature and frequency of cyber attacks targeting their organisations, whether they suffered breaches as a result, and how prepared they are to defend against future attacks.
While 98% of those surveyed said that attack volumes have increased in the last 12 months, 99% of them said their business has suffered a security breach in the last 12 months, with the average organisation experiencing 63 breaches in the period.
Even though 96% of the respondents also said that cyber attacks have become more sophisticated, only 6% said they plan to increase cyber defence spending in the coming year. Security professionals also admitted their organisations are using more than eight different tools or consoles on average to manage their cyber defence programme, thereby making their environments complex and hard-to-manage.
“Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment,” said Rick McElroy, Cyber Security Strategist at VMware Carbon Black.
93% of UK organisations targeted by COVID-19 malware
A supplemental survey focussed on the impact COVID-19 has had on the attack landscape found that as many as 93% of UK organisations have been targeted by COVID-19-related malware, with 88% of security professionals also sharing that they witnessed increased phishing attacks and increased IoT exposure.
The marked increase in phishing campaigns exploiting the COVID-19 pandemic to target organisations has also exposed serious loopholes in organisations' existing defences and disaster recovery plans. In response to the survey, 89% of respondents reported gaps in recovery planning, ranging from slight to severe, and 88% said they had uncovered gaps in IT operations.
83% of those surveyed also said they encountered problems around enabling a remote workforce, 74% said they’ve experienced challenges communicating with employees, 84% said they had experienced difficulty communicating with external parties, and 70% said the situation uncovered gaps around visibility into cybersecurity threats.
“The global situation with COVID-19 has put the spotlight on business resilience and disaster recovery planning. Those organisations that have delayed implementing multi-factor authentication appear to be facing challenges, as 28% of UK respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now,” McElroy added.
More than half of all phishing emails are related to the COVID-19 pandemic
A new report from security awareness training provider KnowBe4 has also revealed a sharp rise in phishing email attacks related to COVID-19 in Q2 2020. According to the firm's Q2 2020 top-clicked phishing report, spammers used a number is misleading subject lined in their spam emails to induce victims into clicking on links or downloading files.
The top subject lines used by spammers included COVID-19 Awareness, Coronavirus Stimulus Checks, List of Rescheduled Meetings Due to COVID-19, COVID-19 - Now airborne, Increased community transmission, Confidential Information on COVID-19, and Branch/Corporate Reopening Schedule. In all, coronavirus-related phishing emails formed 56% of all phishing emails in Q2.
“It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims. These phishing scams are becoming more aggressive and more targeted as this pandemic continues. Everyone should remain very skeptical of any email related to COVID-19 coming into their inbox,” said Stu Sjouwerman, CEO of KnowBe4.