Half Of Cyber Attacks On British Organisations Succeed

Uploaded on 2023-11-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

While security teams are busy remediating cyber attacks, they don’t have time or resources to focus efforts on strengthening defences to deflect and protect against them. The exposure management company, Tenable has revealed that, of the cyber attacks UK organisations experienced in the last two years, 48% were successful. 

This forces security teams to focus time and efforts on reactively mitigating cyber attacks, rather than preventing them in the first instance. With just 60% of UK organisations confident that their cyber security practices are capable of successfully reducing the organisation’s risk exposure, there is obviously work to be done. 

These findings are based on a commissioned survey of 100 UK -based cyber security and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable. Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. 

Seven in 10 organisations say they use multi-cloud and/or hybrid cloud environments. However, over two-thirds of respondents (67%) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation. In order, the highest perceived risks come from the use of public cloud infrastructure (31%), multi cloud and/or hybrid cloud (27%) and private cloud infrastructure (9%).

From the study it was evident that time is not on the security team’s side. Nearly two-thirds of respondents (65%) believe their organisation would be more successful at defending against cyber attacks if it devoted more resources to preventive cyber security. 

Six in 10 respondents (60%) say the cyber security team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.

Cyber security professionals say this reactive stance is largely due to their organisations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure, with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets, brings with it numerous opportunities for misconfigurations and overlooked assets. 

  • Over half of respondents (56%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems. 
  • Most respondents (75%) say they consider user identity and access privileges when they prioritise vulnerabilities for patching/remediation, 46% say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices. 
  • Just under half of respondents (47%) say they meet monthly with business leaders to discuss which systems are business critical, while 25% hold such meetings only once per year and 3% say they never hold such meetings. 

“While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyber attacks they have to react to. As the attack surface becomes ever more complex, this imbalance will only worsen,” said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. 

“Something has to change to stem the tide of successful attacks. Security leadership needs to be involved in high-end business decision making. Only then can the organisation hope to reduce its risks and take steps to address the challenges standing in the way.” Montel added.

A lack of communication at the highest levels complicates and compounds the cyber problem in businesses. While attackers are continuously assessing environments, in most organisations meetings about business-critical systems take place infrequently, emphasising the need for higher levels of cyber security awareness across top management.

Image:  cottonbro-studio

You Might Also Read: 

Beyond Traditional Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Criminal Use Of AI Is Increasing 
President Biden Takes Action On Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TrustedSec

TrustedSec

TrustedSec is an information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

TOAE Security

TOAE Security

TOAE Security is a trusted cyber security consulting partner helping today's leading organizations protect their most important assets from evolving cyber threats.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

Hacken

Hacken

Hacken provide a range of cybersecurity services including security assessments, blockchain security audits, and secure software development.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Sentinel

Sentinel

Sentinel works with governments, media and defence agencies to help protect democracies from disinformation campaigns by developing a state-of-the-art AI detection platform.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.