'Cyber Threatscape' reveals biggest threats to businesses
Links within emails are perceived as posing the biggest cyber threat to UK businesses, according to new research.
Information security company Clearswift surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany and Australia.
When asked what they see as the biggest threat to their organisation, business decision-makers ranked phishing emails as the top threat in all four surveyed regions.
“Email security consistently rears its head as a key vulnerability in UK cyber defences,” said Dr Guy Bunker, SVP of products at Clearswift.
“This highlights that businesses need to change the way they’re approaching the task of mitigating these risks.
“It is easy for a company to perform mock phishing exercises and physical penetration tests to assess vulnerabilities; however this underhanded approach to catch staff out may not always prove to be the best way forward.
“The approach should be two-fold, focused on balancing education with a robust technological safety net. This will ultimately help ensure the business stays safe.”
A lax attitude by employees to sharing passwords was ranked second on the list as a source of cyber weakness, with a third of UK businesses listing this as one of the biggest threats.
USBs sticks were the next offender, with 31 per cent of respondents highlighting USB/removable storage devices as a major threat.
Worryingly, ahead of the GDPR deadline on May 25th, 30 per cent felt that employees not following data protection policies could be one of the biggest threats to their organisation.
Failure by firms to cut off access to the network for ex-employees was next on the list with more than one in four (28 per cent) considering this a major threat. Introduction of malware via personal devices was also present on the list, with more than a quarter (26 per cent) highlighting this as a major threat to their organisation.
Despite some major hacks in 2017, hackers were only the seventh most selected threat, with 25 per cent of businesses flagging this as a major threat.
Other threats to feature included the use of non-authorised tools/applications for work purposes (25 per cent), including personal email drives and file sharing platforms.
Additionally, threats coming from social media platforms, often used as a means of spear phishing, was a concern.
UK businesses also saw stolen company devices as one of the biggest threats (23 per cent), with these devices often containing critical information.