Half Of Cyber Attacks On British Organisations Succeed

Uploaded on 2023-11-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

While security teams are busy remediating cyber attacks, they don’t have time or resources to focus efforts on strengthening defences to deflect and protect against them. The exposure management company, Tenable has revealed that, of the cyber attacks UK organisations experienced in the last two years, 48% were successful. 

This forces security teams to focus time and efforts on reactively mitigating cyber attacks, rather than preventing them in the first instance. With just 60% of UK organisations confident that their cyber security practices are capable of successfully reducing the organisation’s risk exposure, there is obviously work to be done. 

These findings are based on a commissioned survey of 100 UK -based cyber security and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable. Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. 

Seven in 10 organisations say they use multi-cloud and/or hybrid cloud environments. However, over two-thirds of respondents (67%) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation. In order, the highest perceived risks come from the use of public cloud infrastructure (31%), multi cloud and/or hybrid cloud (27%) and private cloud infrastructure (9%).

From the study it was evident that time is not on the security team’s side. Nearly two-thirds of respondents (65%) believe their organisation would be more successful at defending against cyber attacks if it devoted more resources to preventive cyber security. 

Six in 10 respondents (60%) say the cyber security team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.

Cyber security professionals say this reactive stance is largely due to their organisations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure, with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets, brings with it numerous opportunities for misconfigurations and overlooked assets. 

  • Over half of respondents (56%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems. 
  • Most respondents (75%) say they consider user identity and access privileges when they prioritise vulnerabilities for patching/remediation, 46% say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices. 
  • Just under half of respondents (47%) say they meet monthly with business leaders to discuss which systems are business critical, while 25% hold such meetings only once per year and 3% say they never hold such meetings. 

“While reducing cyber risks has to be the priority, it seems easier said than done. Our study confirms that security teams are being overwhelmed by the sheer volume of cyber attacks they have to react to. As the attack surface becomes ever more complex, this imbalance will only worsen,” said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. 

“Something has to change to stem the tide of successful attacks. Security leadership needs to be involved in high-end business decision making. Only then can the organisation hope to reduce its risks and take steps to address the challenges standing in the way.” Montel added.

A lack of communication at the highest levels complicates and compounds the cyber problem in businesses. While attackers are continuously assessing environments, in most organisations meetings about business-critical systems take place infrequently, emphasising the need for higher levels of cyber security awareness across top management.

Image:  cottonbro-studio

You Might Also Read: 

Beyond Traditional Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Criminal Use Of AI Is Increasing 
President Biden Takes Action On Artificial Intelligence »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

SailPoint

SailPoint

SailPoint provides identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Emagine IT

Emagine IT

Emagine IT supports federal agencies and enterprises by leveraging a data-first approach to delivering cutting-edge IT, cybersecurity, and digital transformation services.