IT Security Thing asked the security industry what attack methodologies SMBs need to worry about currently, here’s what it said…
The UK Department for Digital, Culture, Media and Sport, in association with Ipsos MORI and the University of Portsmouth, has published the 2018 Cyber Security Breaches Survey. Some of the statistics within the report should certainly be food for thought, for both the IT security industry and British businesses alike. The one that caught our attention here at IT Security Thing was that more often than not a breach does not incur any specific financial cost. Or, more accurately, the explanation that caught our attention: “This is reflective of the fact that most breaches or attacks do not have any material outcome (a loss of assets or data) so do not always need a response.”
Sorry folks, but if your network has been breached that always requires a response or your network is going to be breached again and again. Just because data wasn’t compromised the first time, that doesn’t mean the attackers have not gleaned some intelligence that could help them to do so in the future. Especially if ‘no response needed’ was the determination of the security people. Perhaps this is down to another statistic from the report, that only 20% of businesses had staff participate in any kind of cyber security training, a number that drops to 15% for charities. For smaller businesses and charities, the report states “basic technical controls might also be improved.” Then there’s the finding that 20% of businesses “never update their senior managers on cybersecurity issues” apparently. At the smaller end of the business scale, more say that cybersecurity is a very high priority than did so in the 2017 research report; but that number is still only 42%.
With all that in mind then, here’s the industry response IT Security Thing got to our big question.