UK at risk from devastating material breaches

The UK suffers fewer breaches than other countries – but eight out of 10 were material breaches. James Alliband, senior security strategist, VMware, looks at the current threat to organisations.

Posted 8 July 2021 by Christine Horton

The pandemic has turned almost every industry on its head. One industry, however, that has not been disrupted by Covid-19 is cybercrime. As we’ve seen, the cyber threat is greater than ever. Changes to employee working behaviour, the increased use of personal devices, and vulnerabilities of the home network have created blind spots where attacks can go undetected.

Almost three-quarters (71 percent) of UK respondents to the VMware 2021 Global Security Insights Report survey said the number of attacks they faced has increased in the past year. Of those, 86 percent said this was due to more employees working from home. Eighty-four percent said these attacks had become more sophisticated.

Interestingly, the UK suffered fewer breaches than the rest of the world. Sixty-nine percent have suffered a breach in the past 12 months compared to 81% globally, with those who have been breached experiencing an average of 1.99 breaches during that time.

However, in eight out of 10 cases, the breach was a material incident requiring reporting to regulators or the involvement of an incident response (IR) team. Moreover, 65 percent of UK CISOs surveyed fear that their organisation will experience a material breach in the coming year. These types of breaches can be devastating to an organisation.

UK-based provider of foreign exchange services Travelex paid $2.3 million last year to regain control after a ransomware attack. The company subsequently fell into administration and had to be restructured, with the loss of 1,300 jobs. This is just one of many incidents where the existence of a business has been threatened as a direct result of a cyber breach.

The survey findings indicate that while regulations like GDPR are having a positive impact, the root causes of the breaches still need to be addressed. For example, 5G-related tech tops the list of most frequent type of cyberattack seen by UK respondents, which may be due to infrastructure being deployed that hasn’t been hardened against attacks.

What weaknesses are criminals exploiting?

The UK also suffers from some of the same problems as other countries, with the first being process weaknesses. The prime cause of breaches cited by UK survey respondents is processes not being as strong as CISOs thought they were. For example, an organisation deploys multi factor authentication (MFA), but their provisioning process hasn’t been thought out properly. Here we see attackers taking advantage of any weakness in those processes to gain access and move laterally within the network.

Out-of-date security technology was also a major cause of breaches. That could be an endpoint solution that hasn’t been updated, apps that haven’t been patched or policies that haven’t been revised. This means those organisations urgently need to improve their cyber hygiene, despite the complexity of securing perhaps dozens of security controls.

Perhaps unsurprisingly, given the recent headlines of high-profile attacks globally, ransomware has had a resurgence. It now accounts for 8% of all attacks, compared to 5% last year. Indeed, the head of the National Cyber Security Centre (NCSC) has said that ransomware is biggest online threat to people in UK.

The good news, however, is that we have perhaps reached a tipping point, where world leaders are now starting to move to address the problem. It is crucial that governments, the intelligence services and military communities come together to work on a solution.

Limit the spread

Elsewhere there is highly encouraging news: UK firms universally stated that they are planning to shift to a cloud-first security strategy – if not immediately, it is firmly on the roadmap. With remote working now the norm for so many people, 99% already use or plan to adopt a cloud-first approach to protect the organisation.

But what else can organisations do to help mitigate some of these threats? The key is limiting the spread of any attack.

As we mentioned previously, MFA should be implemented properly. This can go a long way to help prevent credential harvesting. Additionally, Privileged Access Management (PAM) can reduce lateral movement, where criminals gain access to one laptop or system and then have the ability to move around at their leisure.

Similarly, micro-segmentation around critical systems, strong firewalling, ensuring that you have your critical access assets separated out from your laptop are all important – there’s no reason that most laptops need to connect to a production database server.

These actions will all help address some of the biggest vulnerabilities we see in organisations today. More importantly, they can help prevent material breaches that can be potentially devasting to your organisation.

UK government organisations under attack

  • 72 percent in the government sector had seen an average increase in attacks of 51 percent.
  • Ransomware is disproportionately targeted at the government sector with 19.5 percent seeing this most frequently
  • Out-of-date security technology was the culprit in 19.5 percent of incidents
  • 32 percent of respondents said that 31–40 percent of breaches were material, while only 12 percent said the same in the healthcare sector
  • 66 percent of respondents said they have adapted their security to mitigate the risk

James Alliband is senior security strategist at VMware.