Malware and phishing overtake humans as biggest security threat to businesses, with awareness raising seen as vital
IT decision makers in the UK view malware as the main security threat to their organisation, but there is growing concern about phishing and spear phishing. These are two of the findings from a report, ‘Data Security and Risk Management Review’, sponsored by leading managed service provider Advanced 365 (Advanced).
The report includes a survey which highlights the top ten main threats facing organisations. While human actions (malicious or accidental) remain a major vulnerability, malicious software (malware) ranked above them as the number one threat facing organisations. Meanwhile, phishing and spear-phishing appear to be the fastest growing risks, with 65% of the 300 respondents identifying this as a threat they think is increasing in severity or frequency.
In addition, spamming appeared in fourth place, above denials of service (DDoS) and social engineering, the tactic of manipulating people to give up confidential information such as passwords and bank details. There is also an increasing sophistication in these types of attacks, with phishing emails which appear to come from a trusted source becoming more difficult to identify.
Neil Cross, Managing Director of Advanced 365, comments,
“The results of this survey highlight the evolving and changing nature of security threats, and the constant challenges that organisations face in protecting themselves from cyber-criminals. Humans will always be a weak link in the security chain but other types of threat are evidently increasing.”
As a result of these escalating threats, raising awareness and knowledge of security issues among employees is increasingly important. The review considers the so-called “security knowledge gap” between security professionals and other staff and also the information disparity between them and the criminals they are trying to stop. With threats evolving at such a fast pace, there are concerns that many businesses are playing catch-up with hackers.
When asked what the most important tool is for increasing knowledge and awareness of threats, exactly half of respondents suggested awareness-raising programmes. This was followed by formal training (39%), threat intelligence (36%) and industry/peer information (35%), so it is clear that IT decision makers recognise the need for greater security training and education. Respondents also agreed that training should be carried out at regular intervals.
Cross adds: “As threats such as malware and phishing become more targeted and sophisticated, it is reassuring that IT professionals recognise the importance of frequently educating staff and raising awareness of security issues, as well as ensuring that their own skills keep up with those of the cyber-criminals.
“It is equally vital for employees to be aware of what is at stake from a security perspective, both for them and the business, and why ongoing awareness training is necessary to minimise potential vulnerabilities.”
Advanced’s Secure IT Health Check service provides businesses with a free assessment of their network security procedures and flags susceptibilities to malicious attacks.