Cyber criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.
The cybercrime community spends over $1tn each year on developing attacks compared with the $96bn being spent by organisations to secure themselves from attacks. This is increasing the number of attacks on organisations around the world, with the UK a major target.
Research from Carbon Black carried out in August also asked 250 UK-based CIOs, CTOs and CISOs about the attacks they faced over the past 12 months. In total, 92% of UK businesses have been breached in the past year and nearly half off those reported falling victim to multiple breaches (three to five times in the past year).
A total of 82% of respondents said they have experienced more attacks this year than last year. In the financial services sector, 89% said this is the case, while 83% of government organisations and 84% of retailers had also experienced an increase in the number of attacks.
Malware was the most common attack on the UK organisations surveyed, with about 28% experiencing at least one such attempted breach. Ransomware was the next most common, with 17.4% reporting at least one attack.
“Following a global trend, cyber-attacks in the UK are becoming more frequent and more sophisticated, as nation state actors and crime syndicates continue to leverage fileless attacks, lateral movement, island hopping and counter incident response in an effort to remain undetected,” said the report. “This issue is compounded by resources and budgeting. Not only is there a major talent deficit in cyber security, there is also a major spending delta.”
The report found that IT leaders believe Russia and China to be the source of the vast majority of cyber-attacks, but it identified North America as the starting point for more attacks than Iran and N Korea combined.
Source: Cyber Security Intelligence