The findings are part of Databarracks' seventh
Data Health Check report. The survey questioned over 400 IT decision makers in the UK about their IT, security and business continuity practices over the last year, and what they expect to change in the next 12 months.
Only 53 per cent of organisations surveyed felt confident in the abilities of staff to tackle potential cyber threats against the business; the same figure achieved in 2016. Other significant findings revealed in the survey included:
-
61 per cent of organisations have reviewed their security policies in the last 12 months in response to a cyber threat
-
Despite reviewing policies, a staggering 41 per cent of organisations decided not to invest in any safeguards over the last 12 months to protect against evolving cyber threats
-
Viruses (44 per cent); Spyware (30 per cent); Ransomware (29 per cent) and phishing attacks (26 per cent) were the biggest cyber-attacks to impact organisations over the last 12 months.
-
Ongoing employee awareness training was the safeguard most commonly invested in (34 per cent).
Peter Groucutt, managing director at Databarracks commented: “Unfortunately, we are in the midst of an arms race against cyber criminals. Threats are becoming more frequent and more sophisticated. Organisations are desperately trying to address this by improving preventative measures and investing in education for staff, but as the evidence from the research shows, this is in fact doing little to improve confidence. While undoubtedly this is a major concern for organisations, it’s important to recognise that the simple steps we take to better equip staff to address threats do have a real effect.
“Phishing and whaling attacks, for example, remain one of the biggest threats to a business. Fundamentally these types of attacks are focused on people not technology, which is why it’s imperative that cyber awareness training is continually invested in. Over the past year we have seen businesses investing in cyber awareness training increase from 26 per cent to 34 per cent and next year we want to see this grow further.
“Just like shoring up your IT infrastructure, the key to improving digital skills confidence amongst staff is more about regularity and consistency than a single grand gesture. It’s about embedding a culture of security, driven from the top-down and horizontally regarded as a critical priority. Old norms must be challenged, ingrained responses and established processes must be shifted, for everyone. Directors must attend training sessions alongside new starters, and a culture of vigilance, transparency and accountability promoted at all levels, and within all teams.
Groucutt concluded: “In parallel to awareness training, there should be a corresponding tightening of information controls where needed. Workers, including senior managers, only really need access to small proportion of company data in order to work effectively. Ransomware propagates fastest when vulnerable senior staff possess needless administrator privileges. Proactively categorising users and limiting access to data shares appropriately can significantly limit the spread of malware around your network, and limiting threats amongst staff.”
