Vaizey urges businesses to adopt Cyber Essentials to combat malware threats

As UK government vows to boost cyber-defences, its own research finds majority of successful attacks could have been prevented by adopting Cyber Essentials.

Most attacks involve viruses, spyware and malware
Most attacks involve viruses, spyware and malware

Two-thirds of UK firms have been hit by cyber-attacks, according to figures released by the Department for Culture, Media and Sport.

The Cyber Security Breaches Survey report said that most of the attacks involved viruses, spyware or malware.

The research also found that a quarter of large enterprise suffer a cyber-breach at least once a month. Only half of all firms have taken any recommended actions to identify and address vulnerabilities. Only a third of firms had formal written cyber-security policies and a scant ten percent had an incident management plan in place.

It suggested that seven out of ten attacks could have been prevented using the Government's Cyber Essentials scheme.

Only a fifth of businesses understood the dangers of sharing information with third parties.

However, the research found that firms are getting better at managing cyber-risks, with almost two-thirds now setting out their approach to cyber-security in their annual report.

“Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks,” said digital economy minister Ed Vaizey.

“It's absolutely crucial businesses are secure and can protect data. As a minimum, companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”

The UK government said it was investing £1.9bn over the next five years to tackle and prevent cyber-crime. It is also creating a new National Cyber Security Centre offering industry a ‘one-stop-shop' for cyber-security support.

A new national cyber-security strategy will also be published later in 2016 setting out the Government's plans to improve cyber-security for government, businesses and consumers.

Robert Arandjelovic, director of security strategy at Blue Coat, told SCMagazineUK.com that security training is not the only answer.

“The reality is that at some point, even the most well-trained and cautious user is likely to open an attachment or visit a site that leads to infection,” Arandjelovic said.

“Advanced technologies like those mentioned above can help compensate for these failures by quickly detecting signs of a compromise and sending alerts to the incident response team so that the issue can be efficiently resolved before attackers have the chance to expand the attack into a major breach,” he said.

James Maude, senior security engineer at Avecto, told SC that data security should be high on the boardroom agenda as it is crucial to business success in today's digital economy.

“If the UK government is to succeed in their goal to be a world leading digital economy then they must lead the way in helping organisations secure their data. The UK has a great track record of security innovation and it is essential that organisations across the UK are able to tap into this and realise that prevention is possible,” Maude said.