The Department for Culture, Media and Sport have released research that shows that two-thirds of large UK businesses are hit by cyber security attacks.
Simon Crosby, CTO and co-founder, Bromium says: “The findings confirm that the cyber security landscape in the UK is similar to other advanced nations: We are experiencing sustained targeted attacks that legacy detection technologies cannot see or stop. Organisations need to urgently adopt a new posture that protects endpoint systems by design using virtualization based security. It is unrealistic to expect that OS vendors or application vendors can stay ahead. A radical change is urgently needed.”
Rohyt Belani, CEO and co-founder, PhishMe adds: "The fact that nearly seven out of ten attacks on all firms involved viruses, spyware or malware doesn't surprise us as it’s what we hear from customers and see in our own research. The problem for many is that these infections are often spread via phishing campaigns, and nearly all will be successful as they bait users to open tainted emails that often bypass stringent technology layers to reach the user’s inbox. Employees can be too busy, distracted or trusting to give much thought to the possible risks.
While any Government backed initiative does help raise awareness of the cyber security risks and rewards, it is not going to magically protect organisations from those threats.
Organisations need to accept that technology and frameworks alone are not enough. It’s essential that companies condition and empower their employees to not only recognise and avoid a phish when they encounter one, but to report malicious emails internally – sourcing a bevy of rich human intelligence essential for improving incident response times and thwarting phishing attacks before they become successful. Since attacks often target groups of people across an enterprise, employees quickly become the last line of defence and should be properly prepared. For every suspicious email reported, it helps prevent the rest of the staff by being caught in a malware trap because security operations is aware of what the phishing email looks like and can respond appropriately."