CrowdStrike Inc., a leader in cloud-delivered cyber security endpoint protection, have shared the UK story behind the 2019 CrowdStrike Global Security Attitude Survey, which includes the attitudes and beliefs of those in charge of cybersecurity, and how they fare against today’s sophisticated cyberattacks. Commissioned by CrowdStrike and produced by independent research firm Vanson Bourne, the study surveyed 1,900 senior IT decision-makers and IT security professionals across 11 countries, including 200 respondents in the UK.
Attacks and ransom payments on the rise
The number of global organisations paying ransoms from supply chain attacks has more than doubled from 14 to 39% – and in the UK the figure of those who have paid in the past year is now 28%. This is a movement of 100% from last year’s figure (14%).
Whilst globally the number of those experiencing supply chain attacks doubled from 16 to 34%, it stands at 42% in the UK – despite organisations fearing supply chain attacks less than this time last year (2019 28% vs. 2018 33%). However, fewer than half of UK organisations (42%) have vetted all new and existing software suppliers in the past 12 months.
The UK’s biggest threats
The UK is most worried by cyberattacks from groups from Russia (82%), China (74%), and North Korea (67%) – whereas for Germany, for example, China tops the list at 68%.
When it comes to defending the organisation, 19.5% in the UK thinks it is critical to understand who the threats are, and for 50% it ‘highly important’. Only 6% in the UK are able to discover the identity of a threat actor after they have attacked/threatened their organisation.
67.5% in the UK believe that they that a better understanding of cyberattacks and the attackers perpetrating them would speed up the detection of cyber incursions and incidents.
UK leads threat discovery – but still too slow
A brighter note however is that UK organisations average 39 hours to detect an adversary, versus a global average of 120 hours, yet 74% of UK respondents report that in the past year they have been unable to prevent intruders on their networks from accessing their targeted data, with 64% pointing to slow detection as the cause.
It takes a global average of 31 hours to contain a cybersecurity incident once it has been detected and investigated – though the UK is one of the fastest regions with an average of 21 hours reported.
Breakout time is the critical window between when an intruder compromises the first machine and when they can move laterally to other systems on the network. Organisations should look to follow the 1:10:60 rule (one minute to detect an incident, ten minutes to investigate and determine next steps, and 60 minutes to eject the intruder and clean up). Some of the most notable report findings include that currently, 98% of UK respondents fall short of meeting the three-time standards – globally 94% of respondents fall short.
Puzzlingly, only 52% of UK respondents believe they should be placing more emphasis on high-speed detection of cyber security incidents. Challenges such as lack of resources (27%), legacy infrastructure (27%) and a skills gap (25%) were cited as the key factors preventing organisations detecting cyber security incursions and incidents quickly.
What’s worrying UK organisations?
- Phishing and spear-phishing (59%) remain the top security concern for UK organisations over the next 12 months, followed closely by malware (58%) and ransomware (55%).
- The UK is most worried by adversaries from Russia (82%), China (74%), and North Korea (67%) – whereas for Germany, for example, China tops the list at 68%.
- 22% of UK respondents say they cannot rule out being the target of a nation-state sponsored cyberattack by any government, including their own.
- 37% of UK respondents noted a key motivator for a nation-state attack would be to provoke instability within the organisation’s country.
John Titmus, Sr Director, Sales & Solution Engineering – EMEA Region, CrowdStrike, said: “Reacting with speed to next-generation, persistent and pervasive threats requires the power of the cloud and crowdsourced data on the real threats facing organisations, whether they are malicious files or from file-less behaviours. The solution to these threats lies within the power of the cloud and AI to leverage vast data sets to spot indicators of attack before those attacks break out and become breaches. Then organisations react at the speed required to beat organised cybercriminals and nation-state adversaries.”
For more security news visit here.