Government survey finds only a minority of UK organisations have tested cyber security awareness
The Cyber Security Breaches Survey 2021 reported that less than a quarter of organisations have tested their cyber awareness, despite evidence from the study suggesting the cyber risk level continues to be higher than ever under COVID-19.
In a series of cyber security surveys from the UK Government, it has been highlighted that cyber security breaches remain a serious threat to all businesses. Now, Intqual-pro, developers of the globally implemented Cyber Stars Initiative, look further into the latest released survey.
In the 2021 survey, 39% of businesses reported experiencing a cyber breach or attack in the last 12 months. While this figure is lower in comparison to the 2020 survey, many businesses are struggling to implement effective cyber security measures during the ongoing pandemic.
A key finding is the methods used by cyber criminals to successfully breach the businesses. The most common is spear phishing, reported by a staggering 83% of businesses as social engineering techniques continue to be the dominant attack method.
These findings are not surprising, said Intqual-pro, who noted that malicious actors rely on vulnerabilities within human awareness as an initial gateway into an organisations IT infrastructure and their attack methods are becoming increasingly sophisticated. Spear Phishing emails no longer have some of the identifying features that are associated with more generic phishing campaigns and developing staff confidence in identification and response to spear phishing is critical in building cyber resilience.
The vast majority of management boards understand the importance of cyber security, with 77% of businesses saying it remains a high-priority, according the survey. Despite these figures, many organisations are not taking affirmative action to increase their cyber resilience.
Testing employees is crucial in order for organisations to truly understand their knowledge and risk levels. For cyber awareness testing to be effective, organisations should look to segment knowledge and risk by individual, job function and location to implement more informed cyber security training initiatives, and an overall strategy.
Significant changes to the way we work over the past year further highlights why cyber awareness testing and informed training is more important than ever. As the UK emerges from the COVID-19 pandemic, we can expect to see a “blended” working environment, which will bring more challenges for organisations from cyber risks including bring your own device (BYOD) and smart network-connect devices in the workplace.
To counter cyber risks and help organisations to make their employees their greatest cyber security defence, Intqual-pro launched Cyber Stars 365 in early 2020. The platform, part of their Cyber Stars solutions, provides 24/7, 365-day cyber security insight into a business and was developed following increased demand for metrics that highlight both knowledge and risk.