The Department for Digital, Culture, Media and Sport (DCMS) in the U.K. recently released its 2021 Cyber Security Breaches Survey, which found that 40 percent of businesses have experienced a cyberattack in the past year.
The survey did find a slight drop in the number of organizations using security monitoring tools to identify abnormal activity, which could mean even more have been the victims of cybercrime but do not yet know it.
Among the organizations that said they experienced a cyberattack, more than 80 percent were hit with phishing emails. In phishing attacks, cybercriminals send emails with malware-infected attachments or that coerce the recipient into clicking on a malicious link.
Over 25 percent of organizations hit with a cyberattack said they received emails spoofing real people or businesses. The goal of these attacks could be to steal credentials or trick employees into making financial transfers (so-called business email compromise attacks).
Around five percent of organizations said they identified an attempted ransomware attack.
According to the survey, the majority of targeted organizations took action by providing additional employee training, updating antivirus software, changing firewall configurations, or installing new software. However, over one-third did not take any action after learning of a cyberattack.
In addition, the survey found that more organizations have enrolled in cybersecurity insurance of some kind.
More employees are working remotely during the pandemic, which means they are not protected by their organization's firewall. Organizations have had to adapt quickly and may face more cyberattacks as a result. Danny Palmer "Four out of five companies say they've spotted this cyber-attack. Plenty still fall victim to it" www.zdnet.com (Mar. 25, 2021).
The 2021 Cyber Security Breaches Survey recommends that organizations take the following actions to make their networks more resilient to cyberattacks.
First, it recommends protecting accounts with multi-factor authentication. Multi-factor authentication requires users to provide two or more verification factors to access an account, as opposed to only one (a password).
Second, the report suggests increasing employee awareness of cybersecurity through more training. Organizations should train employees upon hire and again annually on your cybersecurity policies and best practices to prevent an attack.
Third, it recommends that organizations increase their supply chain risk management activities. Doing so can help protect your organization from a cyberattack that exploits your supply chain to access your network. Danny Palmer "Four out of five companies say they've spotted this cyber-attack. Plenty still fall victim to it" www.zdnet.com (Mar. 25, 2021).