Businesses report breaches are most likely to spawn from phishing attacks
Reading, UK, 11th February 2019: Carbon Black (NASDAQ: CBLK), a leader in next-generation endpoint security delivered via the cloud, today released the results of its second UK Threat Report. The research indicates that the UK’s cyber threat environment is intensifying. According to the report, attacks are growing in volume, and the average number of breaches has increased. The report analyses survey results from different vertical sectors, organisation sizes and IT team sizes to build a picture of the modern attack and cyber defence landscape in the UK.
Key survey research findings:
- 88% of UK organisations reported suffering a breach in the last 12 months
- The average number of breaches per organisation over the past year was 3.67
- 87% of organisations have seen an increase in attack volumes
- 89% of organisations say attacks have become more sophisticated
- 93% of organisations plan to increase spending on cyber defence
Compared with the previous report, published in September, the average number of breaches has increased from 3.48 to 3.67. More than 5% of organisations have seen an increase in attack volumes.
100% of Government and Local Authority organisations surveyed reported being breached in the past 12 months, suffering 4.65 breaches, on average. 40% have been breached more than five times. In the private sector, the survey indicates that Financial Services are the most likely to report a breach, with 98% of the surveyed companies reporting breaches during the past 12 months.
“We believe our second UK threat report underlines that UK organisations are still under intense pressure from escalating cyberattacks,” said Rick McElroy, Head of Security Strategy for Carbon Black. “The report suggests that the average number of breaches has increased, but as threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”
The Weakest Link in Cybersecurity: Humans
According to the report, malware remains the most prolific attack type in the UK, with more than a quarter (27%) of organisations naming it the most commonly encountered. Ransomware holds second position (15%). However, the human factor plays a part in the attacks resulting in breaches. Phishing attacks appear to be at the root of one in five successful breaches. Combined, weaknesses in processes and outdated security technology were reported factors in a quarter of breaches, indicating that failures in basic security hygiene continue to be high risk vectors that organisations should address as a priority.
Cyber Defence Investment Increases in the Face of Increasing Attack Volumes
Organisations across all sectors reported increases in the volume of attacks during the past 12 months. However, of the organizations surveyed Government and Local Authority organisations saw particularly high increases, with 40% noting more than 50% increase in the number of attacks. Similarly, in Healthcare, 29% of respondents noted increases of 50% or more.
A silver lining here is that 6% more of the organisations plan to increase cybersecurity spending compared to six months ago.
Threat Hunting is Delivering on its Promise
60% of UK organisations surveyed said they are actively threat hunting and more than a quarter (26%) have been doing so for a year or more. A very encouraging 95% reported that threat hunting has strengthened their defences. The survey results suggest that threat hunting is most mature in the financial services sector, with 53% threat hunting for more than a year.
“We believe threat hunting is an integral part of a mature security posture,” McElroy said. “It’s encouraging to see this numbers continuing to climb.”
Click here https://www.carbonblack.com/resources/threat-research/global-threat-report-series/ to download the full report from Carbon Black.
Survey Methodology
Carbon Black commissioned a survey, undertaken by an independent research organisation, Opinion Matters, in January 2019, published in February. More than 250 UK CIOs, CTOs and CISOs were surveyed from companies in a range of industries including: Financial, Healthcare, Government, Retail, Manufacturing, Food and Beverage, Oil and Gas, Professional Services, and Media and Entertainment. This is the second UK Threat Report from Carbon Black, building on the first survey undertaken in August 2018. This forms part of a global research project across multiple countries, including: Australia, Canada, France, Germany, Italy, Japan, Singapore and the UK.
About Carbon Black
Carbon Black (NASDAQ: CBLK) is a leading provider of next-generation endpoint security delivered via the cloud. Leveraging its big data and analytics cloud platform – the CB Predictive Security Cloud – Carbon Black consolidates prevention, detection, response, threat hunting and managed services into a single platform with a single agent and single console, making it easier for organizations to consolidate security stacks and achieve better protection. As a cybersecurity innovator, Carbon Black has pioneered multiple endpoint security categories, including application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV) enabling customers to defend against the most advanced threats. More than 4,600 global customers, including one-third of the Fortune 100, trust Carbon Black to keep their organizations safe.
Carbon Black and CB Predictive Security Cloud are registered trademarks or trademarks of Carbon Black, Inc. in the United States and/or other jurisdictions.