Half Of Cyber Attacks On British Organisations Succeed

Uploaded on 2023-11-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

While security teams are busy remediating cyber attacks, they don’t have time or resources to focus efforts on strengthening defences to deflect and protect against them. The exposure management company, Tenable has revealed that, of the cyber attacks UK organisations experienced in the last two years, 48% were successful. 

This forces security teams to focus time and efforts on reactively mitigating cyber attacks, rather than preventing them in the first instance. With just 60% of UK organisations confident that their cyber security practices are capable of successfully reducing the organisation’s risk exposure, there is obviously work to be done. 

These findings are based on a commissioned survey of 100 UK -based cyber security and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable. Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. 

Seven in 10 organisations say they use multi-cloud and/or hybrid cloud environments. However, over two-thirds of respondents (67%) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation. In order, the highest perceived risks come from the use of public cloud infrastructure (31%), multi cloud and/or hybrid cloud (27%) and private cloud infrastructure (9%).

From the study it was evident that time is not on the security team’s side. Nearly two-thirds of respondents (65%) believe their organisation would be more successful at defending against cyber attacks if it devoted more resources to preventive cyber security. 

Six in 10 respondents (60%) say the cyber security team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.

Cyber security professionals say this reactive stance is largely due to their organisations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure, with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets, brings with it numerous opportunities for misconfigurations and overlooked assets. 

  • Over half of respondents (56%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems. 
  • Most respondents (75%) say they consider user identity and access privileges when they prioritise vulnerabilities for patching/remediation, 46% say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices. 
  • Just under half of respondents (47%) say they meet monthly with business leaders to discuss which systems are business critical, while 25% hold such meetings only once per year and 3% say they never hold such meetings. 

“While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyber attacks they have to react to. As the attack surface becomes ever more complex, this imbalance will only worsen,” said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. 

“Something has to change to stem the tide of successful attacks. Security leadership needs to be involved in high-end business decision making. Only then can the organisation hope to reduce its risks and take steps to address the challenges standing in the way.” Montel added.

A lack of communication at the highest levels complicates and compounds the cyber problem in businesses. While attackers are continuously assessing environments, in most organisations meetings about business-critical systems take place infrequently, emphasising the need for higher levels of cyber security awareness across top management.

Image:  cottonbro-studio

You Might Also Read: 

Beyond Traditional Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Criminal Use Of AI Is Increasing 
President Biden Takes Action On Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

OriginalMy

OriginalMy

OriginalMy is a cybersecurity startup, focussed on digital governance and information authentication. Its mission is to prove authenticity using state-of-the-art cryptography and blockchain technology

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Ballistic Ventures

Ballistic Ventures

Ballistic Ventures is a new kind of venture capital firm, built by and for cybersecurity entrepreneurs and investors.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Association for Uncrewed Vehicle Systems International (AUVSI)

Association for Uncrewed Vehicle Systems International (AUVSI)

AUVSI is the world's largest nonprofit organization dedicated to the advancement of uncrewed systems and robotics. Focus areas include cyber security for uncrewed systems and robotics.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Total Secure Technology

Total Secure Technology

Total Secure Technology provides trusted Managed IT Security and Managed IT Services for organizations looking to increase their cybersecurity defensive posture.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.