Only 1 in 4 UK firms undertake technical testing of their cyber security defences

The government’s Cyber Security Breaches Survey 2017 demonstrates UK business’ soft underbelly when it comes to cyber-attack vulnerability. According to the report, only a third of companies have a formal security policy in place and only one quarter of businesses have undertaken technical testing to evaluate their cyber security spending.

A headlong leap into poorly-defined IT projects and ‘bring your own device’ (BYOD) working practices may be putting more firms in danger of an attack, according to systems integrator World Wide Technology. The report shows that 46% of UK businesses are exposed to the security risks of BYOD, rising to 57% in web-orientated firms. After a 12-month period that saw a range of high-profile victims such as Amazon Web Services and Samsung, companies need to adapt to the new security demands of an increasingly connected world.

Mike McGlynn, Vice President, Security Solutions at World Wide Technology comments: “The range of devices being exposed to the internet are usually not known for having mature security software, and are often in a vulnerable state. Even their manufacturers may not be in a position to regularly patch software in order to protect against online threats, let alone the enterprises that adopt these devices.

“It is encouraging that businesses are increasingly getting to grips with basic things like resetting default passwords or downloading software updates, often as part of a BYOD policy. But the device management task involved in some IoT projects is on a scale unlike anything most enterprise networks have tackled so far.

“Currently, most device management applications are designed for tablets and smartphones, which have much more predictable behaviour. They now suddenly have to deal with the number and variety of devices being connected; a smart building initiative, which uses sensors in one fixed location, creates a very different security challenge than a global supply chain project.

“Bring Your Own Device has certainly proved a challenge for many organisations, but the predicted explosion of connected devices – to reach 20.8 billion globally by 2020 – means that companies must take a holistic approach to cybersecurity which prepares them to resist attacks at the endpoint, network, cloud and application layers.”