Less than a quarter of firms are ready to deal effectively with a cyber-attack, according to new figures.
The annual Global Threat Intelligence Report from NTT Group revealed that just 23 per cent of businesses have a strategy in place to respond to threats to data security, with the retail and hospitality sectors the hardest hit in 2015.
Phishing for data
Some 17 per cent of incidents in 2015 are down to spear phishing – an email or electronic communications scam that targets a specific individual or business, intended to steal data or install malware on the targets computer. These often picked out finance staff to trick them into paying fraudulent invoices.
Social engineering – where an attacker targets human interaction to trick people into breaking normal security procedures – accounted for a high proportion of incidents.
In addition, all of the top 10 vulnerabilities targeted by exploit kits, which run on servers to identify and exploit vulnerabilities with the aim of uploading a malicious code, were related to Adobe Flash.
Shockingly, more than one fifth (21 per cent) of security vulnerabilities detected on networks were more than three years old, with some dating back as far as 1999.
Retail remains unprotected
In the retail sector, almost 11 per cent of firms had suffered a cyber-attack, the report said. Processing large volumes of personal and finance data, including credit card information, in vast environments makes these companies vulnerable.
Retail, hospitality, finance, insurance and government made up the top five targeted sectors, which together accounted for 44 per cent of attacks in 2015.
The report said: “Every day, organisations must decide how to best allocate security budgets and resources. With advances in malware, attacks and technology, that situation is only getting more complicated.
“In reality, we don’t need new point solutions to fix niche problems. If we truly want to move our security programmes forward and manage our limited resources more effectively, we need a comprehensive solution to apply across our entire infrastructure.
“Defence in depth really does matter. Architecting a comprehensive, integrated and cohesive solution will not only help enable efficiency and effectiveness, but also support the security life cycle of the entire organisation.”