According to a new report from eSentire, cyber-attacks were (and still are) on the rise. Although it would appear that UK employees are actually better at preventing phishing and malware incidents than the rest of the world. Kudos UK.
eSentire has announced the release of its UK Threat Intelligence Spotlight, an inaugural report that details the unique threat landscape that small and medium enterprises must contend with in the United Kingdom (UK).
Over the last two years, eSentire’s European business has grown by over 90%, with the bulk of its expansion coming from customers within the UK.
This broadened customer footprint has provided eSentire’s Security Operations Centres (SOCs) in Cork, Ireland and Waterloo Region, Canada with a sample size of data that allows for an in-depth examination of the threats facing UK businesses and a benchmarking of how they compare to similar companies around the world.
The critical takeaway from eSentire’s report is that the global growth in botnet activity drove a 140% year-over-year increase in the number of cybersecurity incidents experienced by UK businesses.
This increase in attack traffic also caused nearly 40% of small and medium enterprises in the UK to experience at least one cybersecurity incident.
Alex Jinivizian, vice president, Strategy and International Marketing at eSentire said, “Publishing eSentire’s anonymised UK customer data allows security practitioners, IT decision makers and senior executives who are tasked with protecting their businesses to be better informed about the cybersecurity decisions they are making.
“We hope that this data will not only be a benefit to those businesses based solely in the UK but also be of benefit to international businesses that have customers, employees and offices in the region as well.”
And it would appear that UK employees are better at preventing phishing and malware attacks than their global counterparts.
In the last 12 months, only 13% of UK businesses experienced some form of successful malware execution, compared to the global average of 17%.
Over the same time period, UK businesses experienced 20% fewer phishing incidents. Because most malware and phishing incidents are initiated accidentally by employees, these lower rates indicate that the UK workforce may be better at adhering to email and web browsing best practices than employees in other countries.
Dropbox-themed phishing lures prove popular
Phishing campaigns simulating the look and feel of Dropbox’s email and website were the most successful type of phishing lure in the UK.
For businesses that store sensitive data in cloud storage, the success rate of the Dropbox campaign should be an eye-opening observation, as one compromised cloud storage account could give threat actors access to a company’s entire cache of sensitive files.
Marketing and manufacturing the most impacted industries
Marketing agencies are prime targets for cyberattacks, as they often will be contracted to work on campaigns well in advance of the release of a new product.
The information secured from a successful attack could be sold to competitors or used to conduct insider trading.
The fact that, at a rate level, marketing and manufacturing industries actually experience more successful cyber-attacks underscores the need for all industries in the UK to take a harder look at their cybersecurity posture, even when regulations are not forcing them to do so.
UK companies the target for exploit
27% of UK businesses experienced at least attempted exploit attacks between February 2018 and February 2019.
This is the only occasion where the UK observed incident rate is ahead of the global average of eSentire’s customer base.
This should serve notice to UK businesses to do a thorough examination of any exploitable services sitting on internal networks that are accessible from the internet.
The full UK Threat Intelligence Spotlight can be downloaded here.