MAJOR UK businesses are leaving themselves vulnerable to the most common form of cyber-attack, research by cyber security firm Glasswall Solutions has found.
The study showed that 58 per cent of office workers among 1000 employees surveyed at mid-to-large UK businesses usually opened email attachments from unknown senders, leaving businesses open to breaches from documents carrying malicious exploits hidden inside common file-types.
Despite the widely-publicised growing threat from social engineering, where hackers create emails that look as if they have come from someone the recipient knows, 83 per cent admitted always or usually opening attachments if they appear to be from a known contact.
Greg Sim, CEO of Glasswall Solutions, said: “Employees need to trust their emails to get on with their work, but with 94 per cent of targeted cyber-attacks now beginning with malicious code hidden in an email attachment, the security of major businesses should no longer be the responsibility of individual office-workers.”
“Conventional anti-virus and sandboxing solutions are no longer effective and relying on the vigilance of employees clearly leaves a business open to devastating cyber-attacks that will siphon off precious data or hold the business to ransom.”
The survey revealed the scale of cyber breaches, with 34 per cent of the UK office workers questioned saying their business had been the victim of a cyber-attack, with 76 per cent acknowledging that they have received email attachments that were suspicious.
“This research confirms anecdotal evidence that although security awareness campaigns have their place, all too often they fail to equip workers with effective strategies for protecting data and systems,” said Professor Andrew Martin at the University of Oxford. “Technology that’s fit for purpose reduces risks without placing added burdens on those simply trying to do their jobs.”
Employees clearly feel vulnerable with 58 per cent in the survey saying they would feel safer from cyber-crime if their employer had the right technology to protect them. One in five (20 per cent) said the business they work for had no policy on how to handle email attachments, or they had not been made aware of it.
The results also show how UK office workers are faced with thousands of decisions about cyber-security. More than half of those surveyed (55 per cent) said they sent or received at least 11 documents via email every working day, meaning there are 2585 potentially malicious files in circulation from a single employee each year.
“Instead of relying on a failed combination of outdated anti-virus defences and the vigilance of their hard-pressed employees to protect them, businesses need innovative technology that stops all the threats in email attachments before they enter a network,” said Sim.
“Zero-day attacks have massively increased and most employees will never know they have been responsible for a catastrophic breach because the malware they are responsible for admitting may be triggered weeks after they clicked on an attachment. “But there is no excuse for complacency or defeatism – businesses need to implement the right technology and formulate an effective risk-policy in relation to email attachments. That way they will be back in control instead of becoming yet another victim.”
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here