iscover
No one is safe from the threat of cyber attacks; however, there appear to be 10 more susceptible industries than others.
According to new research from Indusface, nearly half (49 per cent) of all UK businesses have experienced a cyber attack.
Emailing hacking is the most common form of cyber attack, with 64 per cent of businesses falling victim to this approach.
Top 10 sectors most prone to cyber attacks:
- Education (78 per cent)
- Arts, entertainment and recreation (68 per cent)
- Accommodation and food (67 per cent)
- Real estate (58 per cent)
- Health and social care (52 per cent)
- IT and communications (51 per cent)
- Retail and wholesale (50 per cent)
- Construction (49 per cent)
- Other services (47 per cent)
- Public sector and defence (46 per cent)
On the opposite side of the coin, the financial services sector has experienced the least amount of cyber attacks (26 per cent), followed by admin and support (31 per cent) and professional and technology (32 per cent).
Venky Sundar, founder and president of Indusface, said the statistics highlight the importance of cyber security investment and training among all business sectors.
“The cyber security of any business, whether an SME or a larger corporation, is vital to its integrity,” he said.
“With technology and the internet being an integral, useful part of how many businesses operate, it is important that every company understands the risks of it being inadequately protected. If cyber attacks occur, a business can suffer from lost business data, a degraded reputation, and potentially a large financial cost.”
On the most common approach being via email cyber attacks, Mr Sundar said: “While we found that email hacking is the most prevalent, the way it is carried out is very versatile. Phishing is a much-talked-about threat; however, bot attacks such as account takeover and credential stuffing could also be used to hack emails and get access to email accounts.
“The other method is when hackers exploit an SQL injection vulnerability on a table and extract all credentials through the vulnerability. In addition to training all employees on how to evade phishing attacks, organisations will also find it worthwhile to run regular security assessments and implement a WAAP solution to filter out malicious attacks right at the perimeter before the attacks hit the application servers.”
He added: “Finally, it is important to build defences in depth. All systems are to be designed while assuming that they don’t get compromised even in case an email is hacked. This problem is especially bad in the SME space as security software needs to be constantly updated and the acute shortage of talent and resources mean that SMEs run outdated security software products.”
