Research commissioned by Crises Control from the BCI for their annual cyber resilience report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways past corporate perimeter security.
66% of respondents to the survey reported that their companies had been affected by at least 1 cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.
The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.
The term “social engineering” describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months. A further 37% were hit by spear phishing (phishing through identity fraud).
The research has also confirmed that to effectively counter this threat companies now need behavioural threat detection, provided by a cyber security network monitoring solution. These plugin devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system. They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.
Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.
Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of companies having a network monitoring software in place and 42% of cyber incidents coming to attention through the work of the IT department to whom such systems report.
The scale of the cyber threat can feel overwhelming at times. But educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience. Act now before it is too late.
Sonny Sehgal and Adam Blake, from Crises Control partners Transputec and ThreatSpike, will be talking about the social engineering threat in a webinar for Business Continuity Awareness Week 2017 on Tuesday 16 May.
This blog was first published by the BCI.