UK businesses were subjected to 667,597 different cyberattacks during 2021, experiencing a new attempt to breach their systems online every 47 seconds, according to new data published by business ISP, Beaming.
Although the total volume of attacks was three percent lower than in 2020, the rate of attacks on UK businesses online remains historically high. Cyberattacks increased by 11 percent when the UK moved to lockdown and widespread home working in 2020 and have remained in excess of 1,750 attacks per day since then.
The analysis of commercial internet traffic shows that UK businesses, which includes public sector organisations, received 165,933 attempts to breach their systems online in the final three months of 2021, the equivalent of 1,804 a day. The rate of attack climbed steadily between September and December 2021.
Beaming identified attacks on businesses from 257,435 IP addresses during the fourth quarter of 2021. It traced almost half (49 percent) to locations in China. The USA (25 percent), India (13 percent), Brazil (10 percent) and Russia (10 percent) also played host to significant proportions of attacking IP addresses.
You might also like
Remotely controlled devices continued to be the most frequently targeted application by hackers, attracting nine percent of all attack activity. These include network device administration which is often unsecured by default and a common route into target organisations.
“Cyberattacks fell very slightly in 2021, but remain at historically high levels,” said Sonia Blizzard, managing director of Beaming. “UK businesses with internet connections encountered new cyberattacks every 47 seconds last year. There is no room for complacency.
“Attack patterns over the last two years suggest cybercriminals see remote working as a significant opportunity to access company data and IT systems via employees’ unmanaged domestic internet connections. Attacks increase when people are asked to work from home.”
Blizzard said organisations need to ensure they are building resilience through training, technology and documented cybersecurity policies.