A third of Irish businesses lack a cyber security policy
16 October 2018 | 0
More than a third of Irish businesses (34%) have no cyber security policy, according to a new report from Magnet Networks.
The Networks Cyber Security Survey report, which saw responses form 258 Irish businesses, found that a further fifth (19%) acknowledged their security needs tightening or that they are completely unsecure.
Furthermore, the findings revealed that up to half of cyber attacks may be going undetected, with the implication that some successful attacks may have already resulted in compromises and breaches that are also undetected.
“A new generation of cyber threats has meant that Irish businesses are constantly under attack and they may not realise it,” said cyber security expert James Canty of Magnet Networks.
The figures for undetected attacks stem from the responses around known attacks.
On in five (20%) say they have suffered from cyber attacks in the past two years, with a further 16% unsure, but nearly two thirds (64%) claim they been unaffected. Canty reckons this shows a worrying lack of awareness.
According to Canty, the true average industry figure for attacks is 43%, with the implication being that many Irish businesses are unaware that they currently have a cyber breach.
“The average time it takes a business to identify a cyber breach is 191 days, and in many cases a company may not know they have been affected until their data is sold on the dark web,” said Canty.
These breaches could be as a result of the use of fileless malware and could lead to exploits such as ransomware or cryptocurrency mining attacks.
“In the past year we have seen a huge increase in the use of fileless malware in attacks. This runs in memory and is a lot harder to detect and stop than malware installed on systems,” said Canty.
“The hijacking of computers for crypto-mining purposes is also quickly becoming a major problem for enterprises, involving almost 90% of recent remote code execution attacks, according to industry figures.
“Unlike traditional malware, the main aim of crypto mining is to hide its existence, with its only tell-tale sign being that your PCs and servers and sometimes even your broadband becomes ridiculously slow, which many businesses tend to blame on old systems or equipment.
“The main worry looking at the state of our national cyber defences is that 80% of businesses surveyed have legacy anti-virus software installed, with the majority of these (75%) combining this with a firewall,” Canty warns.
“Just because you have a box in the corner that IT calls a firewall doesn’t mean you are protected from ransomware, and, the likelihood of a virus scan picking up a sophisticated and constantly evolving data mining programme is remote in the least.”
“The proliferation of new types of cyber threats means traditional anti-virus solutions are no longer as effective as they were in the past. They are constantly playing catch up, leaving computer networks vulnerable to attack.”
“Companies need to have a next generation application-aware firewall along with advanced endpoint protection, where zero-day ransomware protection instantly stops an attack.
Most worryingly, more than a quarter (27%) of all respondents said that either the business owner, or no-one at all, was responsible for cyber security in the business.
“In our survey, 32% of companies say that they spend less than 10% of their budget on cyber security. However, global industry figures state that 87% of businesses require up to a 50% increase in spend against cyber threats,” said Canty
The survey report also states that nearly half of respondents (49%) are still struggling with GDPR progress, rating themselves as unprepared or still preparing for the regulations. Only a third (32%) of companies have described themselves as satisfied with the measures they have taken in response to the regulations which came into force in May.