Although it's true some cyber criminals target specific individuals or companies, most attacks are the result of easily exploited and well-known vulnerabilities using tools or information readily available online.
Without tech-savvy friends, family or colleagues in your life, or a cyber security expert in your business, you may be more exposed to these threats. But there’s plenty of free resources available online to protect you from being compromised.
Here, Sarah Coles shares 10 hard facts about cyber breaches and the tools that can help you avoid becoming a statistic.
The 10 hard facts:
- The fact: 39% of all UK businesses experienced a cyber breach/attack in the last 12 months [1].
The avoidance tool: Cyber Action Plan for individuals, small organisations, or families. [1]
Just answer a few simple questions to get a free personalised action plan that lists what you or your organisation can do right now to protect against cyber attacks. - The fact: 75% of companies have experienced an increase in email-based threats [3].
The avoidance tool: Email Security checker [2].
After entering your email domain, the tool will check your email privacy and how easily criminals can send emails pretending to be you. - The fact: In 2022, Google fixed a total of 359 security flaws in its Google Chrome browser and 9 of these flaws were zero-day vulnerabilities actively exploiting in the wild by malicious actors [5].
The avoidance tool: Checking your Web Browser Security
If your browser isn’t up to date with the latest version, it could be highly vulnerable to hacking. This tool allows you to check if you need to update your browser, and provides guidance on how to do this and how to set up automatic updates. - The fact: In 2021/22, reports of social media hacking to the NCSC (National Cyber Security Centre) increased by 23.5% compared to the previous year. [6]
The avoidance tool: Reviewing How to Recover from a Hacked Account [7].
The guidance outlines the steps to take to limit damage caused from a hacked account (including email, social media accounts or online banking portals) and how to regain access. - The fact: Only 21% of businesses have formal incident response plans in place [8].
The avoidance tool: Prepare for a Cyber Incident, including testing your response [9].
Cyber-attacks on businesses are becoming more frequent, targeted, and complex, so it’s essential to have a regularly tested cyber incident response plan in place so you can deal with breaches quickly and robustly. As well as helping to formulate an effective plan with this guidance, you can test your preparedness with the ‘exercise in a box’ product. - The fact: 81% of company data breaches are caused by poor or compromised passwords [10].
The avoidance tool: Using a Password Manager [11] to set unique passwords.
It’s estimated that the average person uses over 100 sites and services. Without using a password manager it’s likely you’ll reuse the same password across multiple sites, increasing the risk of account compromises. Password managers offer free subscriptions, but the paid version will add extra flexibility at a low price, making it a good personal investment. - The fact: The UK has the highest number of cybercrime victims per million internet users in 2022 – up 40% over 2020 figures.
The avoidance tool: HaveIBeenPwned.
This helpful website that lets you check if your (personal or business) email or phone number has been involved in a data breach and is being sold online, enabling you to act quickly to update any information. - The fact: Cloud misconfigurations account for 15% of initial attack vectors in security breaches [13].
The avoidance tool: Reviewing your Cloud Configuration against Security Baselines [14].
This is useful for those businesses who may have technical resource available (for example IT managers, or third party managed services) which are able to use the information below as a baseline to compare your current controls with industry best practice. - The fact: Gartner predicts, 45% of organizations will have experienced attacks on their software supply chains by 2025 [15].
The avoidance tool: Reviewing Supplier Security Controls [16].
This is a free supplier due diligence resource that can assist you in risk assessing the security controls of any potential suppliers before onboarding, as well as part of ongoing due diligence thereafter. - The Fact: 56% of leaders believe their employees lack knowledge when it comes to cybersecurity awareness [17].
The avoidance tool: Drive security awareness by checking out the Advice and Guidance [18] section of the NCSC website.
With 48 cyber security related topics, including Artificial Intelligence (AI), Incident Management, Remote Working and Supply Chain Security you can select the key risk areas for your business and learn how to mitigate against those.
[1] https://www.ncsc.gov.uk/cyberaware/actionplan
[2] https://emailsecuritycheck.service.ncsc.gov.uk/
[3] https://www.mimecast.com/state-of-email-security/
[4] https://basiccheck.service.ncsc.gov.uk/browser-check
[5] https://cybersophia.net/news/zero-day-vulnerabilities-in-google-chrome-in-2022/
[6] https://www.ncsc.gov.uk/collection/annual-review-2022/threats-risks-and-vulnerabilities/cyber-crime
[7] https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
[9] https://www.ncsc.gov.uk/collection/small-business-guidance--response-and-recovery
[10] https://www.enzoic.com/blog/the-threat-of-compromised-passwords/
[11] https://www.techradar.com/best/best-free-password-managers
[12] https://aag-it.com/the-latest-cyber-crime-statistics/
[13] https://www.strongdm.com/blog/cloud-security-statistics
[14] https://www.cisa.gov/sites/default/files/2023-07/Free%20Tools%20for%20Cloud%20Environments_508c.pdf
[15] https://hadrian.io/blog/why-2023-is-the-year-for-software-supply-chain-attacks
[16] https://www.ncsc.gov.uk/guidance/supplier-assurance-questions
[17] https://www.ncsc.gov.uk/section/advice-guidance/all-topics
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.
Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.