The Channel logo


By | Alexander J Martin 22nd September 2015 14:37

The UK IS better than Europe, FACT! (at implementing cybersecurity measures)

Code that, Delors!

Cloudsec Initial analysis of the European cybercrime scene shown to The Register suggests a growing concern about the threat from targeted attacks, with British enterprises significantly ahead of their European counterparts in terms of cybersecurity measures.

The research, commissioned by Trend Micro to better appreciate the security market in Europe, and conducted by Quocirca, focused on targeted attacks rather than random malware issues, and was shared with El Reg at a Cloudsec roundtable.

It suggests that of the 500 enterprises questioned, all with more than 2,500 employees, most believe that targeted attacks have increased over the last 12 months.

Concerns about cybercrime have risen, and become especially prevalent among British business since 2013, when only a quarter of Blighty's enterprises believed targeted attacks were inevitable.

That figure has now risen to 72 per cent, with a further 21 per cent now considering targeted attacks a concern, even if disputing their inevitability.

In the last twelve months, British businesses detected 8.6 targeted attacks on average. This is significantly higher than the 6.2 attacks detected across Europe as a whole (including the UK).

That a higher number of targeted attacks were detected across Europe by the financial services and IT sectors suggests detection may correlate more closely with the maturity of the sector's cyber savvy, rather than be representative of the threat landscape.

Bob Tarzey, analyst and director at Quocirca, and Rik Ferguson, veep of Security Research at Trend Micro, suggested that the data, which includes organisations who believe they had never been attacked, might not necessarily preclude UK-based enterprises genuinely being targeted more than those on the continent.

While UK organisations have reported a higher average number of attacks, fewer are sure they have been targeted. Some 18 per cent of British enterprises believe they haven't been targeted at all, a figure about which Tarzey was highly skeptical.

The figures above, which are all consistently given as a percentage of the total set of enterprises questioned, suggest that 27 per cent of definite targeted attacks were successful, a significantly lower percentage than attacks across Europe as a whole.

Just under a quarter of successful attacks lead to "a lot/devastating" amount of data being compromised in the UK, which is slightly more favourable when compared with the same effect Europe-wide.

The average estimated cost of a cyber-attack for a UK business is £172,000, compared with £243,000 for all Europe.

As an anecdote, Ferguson noted that when giving talks, he often asked attendees whether they could confidently tell him what version of the often-to-be-patched Acrobat Reader app all of their users were currently running.

"Regardless of audience size," Ferguson said, "I will only ever get two hands up."

Targeted attack mitigation

The UK is ahead in all categories of preparedness, and especially in terms of penetration testing, which British companies are 22 per cent more likely to utilise than the European average. Tarzey suggested that "this explains why, although UK organisations are as likely, if not more likely to be targeted, those attacks are less likely to be successful and data is less likely to be stolen".

The Trend Micro veep suggested that cyber fire drills could be a simple add-on to the existing preparedness actions, combining several of the other tests, and is evidently a powerful, if under-utilised tool, which would provide ongoing training.

"While UK businesses increasingly recognise the reality, scale and impact of targeted attack," stated Ferguon, "the initial data reveals that much more can and should be done in testing their readiness to deal with them."

"A large number of businesses report having training and penetration testing measures in place, but relatively few are conducting cyber-readiness tests, or fire drills. Raising user awareness and probing your systems are both crucial components, but they cannot be fully tested unless brought together in a live-fire exercise involving your employees."

Tarzey said: "Initial analysis of the new data suggests UK organisations are better prepared. However, much more could be done by most UK organisations to prevent attacks and deal with the aftermath when some are inevitably successful."

Quocirca is continuing to analyse the data it has gathered from the 500 respondents, 100 each in the UK, Spain, Italy, Germany and France. The final version of its research on the cybercrime scene in 2015 will be published no later than the end of October. ®

JavaScript Disabled

Please Enable JavaScript to use this feature.

comment icon Read 9 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe