More than a quarter of UK firms unprepared for cyber attacks
An alarming 26% of UK firms have no data protection in place, according to survey, while Three hack demonstrates some of the reasons why they should…
A report has found that an astonishing 26 per cent of UK businesses are completely unprepared for an online attack or incident, as mobile operator Three suffers high-profile hack.
The report also found that nearly half (46 percent) claim that data security is not a deciding factor in adopting digital technology.
However, the vast majority of UK businesses (84 per cent) are slightly more savvy, recognising that accurate real-time information enabled them to make informed decisions faster, spot threats and identify opportunities.
More than half of respondents said they think Brexit has presented an opportunity for growth and 61 per cent said they were prepared for it. However, the same number said they expect to cut their budgets as a result of Brexit, and this would probably lead to a drop in investment for digital technologies. The report questioned more than 1,000 professionals across a range of UK businesses about how ready they would be if a cyber attack struck and how their attitude has changed since it was decided the UK would exit the EU.
“Digital innovation presents a huge opportunity for companies and our economy, but it also goes hand in hand with a need for greater emphasis on cyber security. Cyber resilience is a growing priority for all businesses, and the challenge now is to move from awareness to action. It’s important that businesses in all sectors – from manufacturing to retail – truly understand digital technology’s potential, from the boardroom to the shop or factory floor”, said Tom Thackray, CBI Director for Innovation in response to the findings.
The lack of preparation in terms of cybersecurity comes as little surprise however, as a recent study by High-Tech Bridge discovered. The survey found that there has been no major improvement in usage of the potentially insecure TLS 1.0 protocol, which is restricted by PCI DSS (from June 2018), with 96.1 per cent of web servers still supporting it, compared to 97 per cent in June 2016. Separately, an incredible 2.1 per cent of web servers have correctly configured Content Security Policy (CSP) compared to less than 1 per cent in June 2016, with the highest implementation rate in the US. That’s a whopping 97.9 per cent of web servers that are not correctly configured.
Configuration issues also dogged Web Application Firewalls, with WAFs with enabled behavioral analysis tending to block the many automated vulnerability scanners, generating confusing, empty reports. Many organisations have outdated WAF rulesets and white/black lists to boot, the survey found. Ilia Kolochenko, CEO High-Tech Bridge, said: “Today, web application security is a challenge for companies of all sizes: both SMEs and multinationals experience serious problems and face financial losses caused by insecure web applications. Traditional web security testing by automated solutions and defense by Web Application Firewalls cannot reliably protect modern web applications anymore.”
Meanwhile, UK mobile operator Three has suffered an unusual hack, in that it appears attackers have specifically targeted the company’s upgrade system, gaining an authorised login to order a string of upgrade handsets fraudulently. However, reports claim that Three’s entire customer database has thus been compromised - Three has six million UK customers.
The company claims that ‘approximately 400’ high-value handsets have been fraudulently obtained overall, but in a statement to The Register claimed that this particular hack ‘only’ exposed 133,827 people’s account information, and that eight phones were obtained. The National Crime Agency says that three men have been arrested in connection with the suspected hack.
UK broadband provider TalkTalk was fined £400,000 pounds in October for security errors that allowed hackers to launch a cyber attack that affected approximately four per cent of the company's four million customers last year.
If you’re one of the 26 per cent who hasn’t yet got a security strategy in place, it might be worth passing High-Tech Bridge’s free webserver security test over your site, and the free Domain Security test is well worth your time too...