MAJOR UK businesses are leaving themselves vulnerable to the most common form of cyber-attack, research by cyber security firm Glasswall Solutions has found.

The study showed that 58 per cent of office workers among 1000 employees surveyed at mid-to-large UK businesses usually opened email attachments from unknown senders, leaving businesses open to breaches from documents carrying malicious exploits hidden inside common file-types.

Despite the widely-publicised growing threat from social engineering, where hackers create emails that look as if they have come from someone the recipient knows, 83 per cent admitted always or usually opening attachments if they appear to be from a known contact.

Greg Sim, CEO of Glasswall Solutions, said: “Employees need to trust their emails to get on with their work, but with 94 per cent of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers.”

“Conventional anti-virus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom.”

The survey revealed the scale of cyber breaches, with 34 per cent of the UK office workers questioned saying their business had been the victim of a cyber-attack, with 76 per cent acknowledging that they have received email attachments that were suspicious.

“This research confirms anecdotal evidence that although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems,” said Professor Andrew Martin at the University of Oxford. “Technology that’s fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs.”

Employees clearly feel vulnerable with 58 per cent in the survey saying they would feel safer from cyber-crime if their employer had the right technology to protect them. One in five (20 per cent) said the business they work for had no policy on how to handle email attachments, or they had not been made aware of it.

The results also show how UK office workers are faced with thousands of decisions about cyber-security. More than half of those surveyed (55 per cent) said they sent or received at least 11 documents via email every working day, meaning there are 2585 potentially malicious files in circulation from a single employee each year.

“Instead of relying on a failed combination of outdated anti-virus defences and the vigilance of their hard-pressed employees to protect them, businesses need innovative technology that stops all the threats in email attachments before they enter a network,” said Sim.

“Zero-day attacks have massively increased and most employees will never know they have been responsible for a catastrophic breach because the malware they are responsible for admitting may be triggered weeks after they clicked on an attachment. “But there is no excuse for complacency or defeatism – businesses need to implement the right technology and formulate an effective risk-policy in relation to email attachments. That way they will be back in control instead of becoming yet another victim.”