I am delighted to share with you the results of research that Transputec has commissioned from the well respected Business Continuity Institute into the causes of, and responses to, the growing threat of cyber attack.
The research is based on a survey of 369 business continuity professionals from right across the globe and it confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways past corporate perimeter security.
66% of respondents to the survey reported that their companies had been affected by at least 1 cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.
The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology. The term “social engineering” describes this attack vector which relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
The BCI research shows clearly that phishing and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% hit by spear phishing.
The research has also confirmed that to effectively counter this threat companies now need behavioural threat detection, provided by a cyber security network monitoring solution. These plugin devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system. They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.
Traditional anti-virus monitoring software is no longer enough. The research shows that 72% of companies have this software in place, but only 26% of actual cyber security incidents were discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.
Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of companies having a network monitoring software in place and 42% of cyber incidents coming to attention through the work of the IT department to whom such systems report. Having in place the very latest behavioural threat detection solutions, such as ThreatSpike, could raise this % even further.
The scale of the cyber threat can feel overwhelming at times. But educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience. Act now before it is too late.
Head of Cyber Security – Crises Control