Half Of Cyber Attacks On British Organisations Succeed

Uploaded on 2023-11-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

While security teams are busy remediating cyber attacks, they don’t have time or resources to focus efforts on strengthening defences to deflect and protect against them. The exposure management company, Tenable has revealed that, of the cyber attacks UK organisations experienced in the last two years, 48% were successful. 

This forces security teams to focus time and efforts on reactively mitigating cyber attacks, rather than preventing them in the first instance. With just 60% of UK organisations confident that their cyber security practices are capable of successfully reducing the organisation’s risk exposure, there is obviously work to be done. 

These findings are based on a commissioned survey of 100 UK -based cyber security and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable. Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. 

Seven in 10 organisations say they use multi-cloud and/or hybrid cloud environments. However, over two-thirds of respondents (67%) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation. In order, the highest perceived risks come from the use of public cloud infrastructure (31%), multi cloud and/or hybrid cloud (27%) and private cloud infrastructure (9%).

From the study it was evident that time is not on the security team’s side. Nearly two-thirds of respondents (65%) believe their organisation would be more successful at defending against cyber attacks if it devoted more resources to preventive cyber security. 

Six in 10 respondents (60%) say the cyber security team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.

Cyber security professionals say this reactive stance is largely due to their organisations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure, with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets, brings with it numerous opportunities for misconfigurations and overlooked assets. 

  • Over half of respondents (56%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems. 
  • Most respondents (75%) say they consider user identity and access privileges when they prioritise vulnerabilities for patching/remediation, 46% say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices. 
  • Just under half of respondents (47%) say they meet monthly with business leaders to discuss which systems are business critical, while 25% hold such meetings only once per year and 3% say they never hold such meetings. 

“While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyber attacks they have to react to. As the attack surface becomes ever more complex, this imbalance will only worsen,” said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. 

“Something has to change to stem the tide of successful attacks. Security leadership needs to be involved in high-end business decision making. Only then can the organisation hope to reduce its risks and take steps to address the challenges standing in the way.” Montel added.

A lack of communication at the highest levels complicates and compounds the cyber problem in businesses. While attackers are continuously assessing environments, in most organisations meetings about business-critical systems take place infrequently, emphasising the need for higher levels of cyber security awareness across top management.

Image:  cottonbro-studio

You Might Also Read: 

Beyond Traditional Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Criminal Use Of AI Is Increasing 
President Biden Takes Action On Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

2|SEC Consulting (2-SEC)

2|SEC Consulting (2-SEC)

At 2|SEC Consulting, we deliver an end-to-end service of cyber and information security solutions which are tailored to each client’s exact security needs.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

PatrOwl

PatrOwl

Automate your SecOps with PatrOwl, and start defending your assets efficiently.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

Hexagon

Hexagon

Hexagon is a global leader in digital reality solutions. We are putting data to work to boost efficiency, productivity, quality and safety.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.