Support: 0330 332 7933 Sales: 0808 500 1436

Which cyber security threats are most feared by UK businesses?

Our new report, the Cloud Security Maturity Index, investigates the extent to which UK businesses are adapting (or not) to cyber security in the cloud age. During our research, we surveyed 100 IT decision-makers from organisations across a diverse range of sectors, including professional services, finance, manufacturing, IT and transport.

As you might expect, the attitudes towards cyber security and the concerns of IT leaders varied greatly between sectors, but the fear of specific cyber threats was present across all of them.

Here are the three security threats that cloud-enabled UK businesses currently fear the most, and what to do to protect against them:

1) Phishing scams

Two-thirds of IT decision-makers are worried about their staff being duped by phishing emails. The two sectors most worried about this are financial services and IT, closely followed by business and professional services.

When you see the attention to detail that the more serious phishing attackers attempt, it’s easy to see why this is such a widespread worry. Scammers pose as real (well-known) companies, often with convincing email copy written in flawless English, and an email design that’s indistinguishable from the real thing.

To spot phishy emails, you need a sharp eye and up-to-date knowledge of cyber fraud trends. Here are some key things that all of your staff should be looking out for:

  • The sender’s email address. If it doesn’t look kosher, it won’t be.
  • Requests for login details, passwords and other sensitive data. Email is not the channel to ask for this sort of information – and no genuine company will do it.
  • Alarmist language. A reputable company will not write to you in a way that is designed to make you panic.
  • Poor English. This is unfortunately not as prevalent as it once was, but it’s still a clear giveaway. Misspelled words, missed-out apostrophes, uncapitalised names, a lack of punctuation, the list goes on.
  • Unexpected attachments. Unless you’re actively expecting an attachment from the sender (or the perceived sender) in question, you shouldn’t be receiving one. Attackers often send innocent-looking files that contain malware such as viruses and trojans.

2) Malware

Speak of the devil, malware is the second-biggest fear among IT decision-makers, with 52% citing it as a serious worry.

Financial services organisations are the most concerned about malware infection (65% of them), followed by IT and manufacturing companies (60% each).

Of course, nobody intentionally encounters malware. It comes invisibly (at first, anyway) via phishing emails, compromised or outdated software, pop-ups, infected removable drives such as USB sticks and hard-drives, and so on.

To keep your organisation protected, you’ll need to take two steps:

  • First, invest in cyber security that includes next-generation firewalling and threat detection at the very least.
  • Second, ensure that your employees are educated – and regularly re-educated – on the various types of malware and the means through which they are spread.

3) Lack of threat awareness among staff

Although not a direct or malicious threat, a lack of staff knowledge on cyber security threats is troubling 54% of the IT decision-makers we surveyed.

It’s a recurring theme, but staff education and vigilance are crucial to keeping your network secure. If your users are aware of the various threat vectors and are trained to take precautions, they will be less susceptible to at least some of the smaller-scale attacks that cyber criminals try.

But internal knowledge only goes so far. To be properly protected against the ever-expanding threat landscape, you need to have future-proof cyber security in place, from a provider that proactively monitors your network and acts on your behalf.

The Cloud Security Maturity Index

UK businesses are in the middle of a mass migration to the cloud. They are saying goodbye to physical, on-premise IT infrastructure and saying hello to a new, infrastructure-free world of convenience and scalability.

However, the burden of responsibility for cyber security doesn’t die with physical infrastructure. If anything, moving to the cloud – and thereby becoming more connected and mobile as an organisation – opens you up to even more threats.

We’ve developed the Cloud Security Maturity Index to gauge the extent to which UK businesses are coping with cloud security challenges. Download the report for full insight on attitudes, concerns, vulnerabilities and more – and then see how your organisation compares.

Up next

National Cyber Security Strategy 2016 to 2021: progress report

The National Cyber Security Strategy 2016 to 2021 set out the government’s plan to make Britain secure and resilient in cyberspace.

A progress report has been published reflecting on the successes of the strategy so far, and what lies ahead post-2021. It also focuses on cyber security research and how the private and public sectors now have the skills to become more resilient.

Intercity's CTO, Matt Johnson shares his thoughts on what the strategy means for businesses.

“The implementation of the National Cyber Security Strategy has led to a clear shift in mindset for businesses and individuals alike over the last few years. The result has been that both are now far better equipped with the knowledge and tools needed to effectively tackle changing security threats as a priority.

“Much of this maturity is no doubt due to collaboration between government, academic institutions, and the tech industry, which is playing a key role in translating cyber risk into a language that both businesses and consumers can understand, as well as developing truly effective solutions. However, these efforts need to be ongoing. It is now vital to continue this investment, particularly into the UK’s tech sector, so that organisations are resilient enough to face an ever-evolving threat landscape.”

Click here to view the full report.