Professional services, IT, and tech companies in the UK are under siege from cybercriminals, according to Keeper Security’s 2021 UK Cybersecurity Census Report.
UK professional service organisations, a category that includes lawyers, accountants and consultancies, experienced an average of 62 cyber attacks over the past year, or one attack every six days. Meanwhile, IT and technology companies in the UK experienced an average of 44 cyber attacks in the same timeframe, or about one attack every 8 days.
Nearly all of these organisations (95%) are aware of where the gaps in their cybersecurity defences lie, but fewer than half (40%) are actively addressing all of them. One reason is the significant cybersecurity skills shortage in the UK. Fifty-nine per cent of IT decision-makers at tech firms, and 65% in the professional services industry, told Keeper that a lack of qualified talent is hampering the cybersecurity efforts in their organisation.
Lack of cybersecurity awareness among employees, especially regarding password security, also contributes to UK organisations’ inability to comprehensively secure their networks. While over 80% of data breaches are due to compromised passwords, 59% of IT decision-makers at professional services companies say that employees don’t understand the cybersecurity implications of poor password hygiene.
Ironically, having technically inclined employees doesn’t equate to good cybersecurity awareness. Sixty per cent of IT decision-makers at IT/tech companies reported that their employees don’t understand the importance of password hygiene, either.
IT Leaders in the UK Want Board & Governmental Oversight of Security
IT leaders in both the tech and professional services sectors are united in feeling that their organisations’ executive leadership, and the UK government, need to do more. Nearly three quarters (74%) of IT leaders in the professional services sector, and 72% in the IT/tech sector, want cybersecurity to become a board-level issue, including having a dedicated cybersecurity specialist on their organisations’ boards.
Further, 85% of IT leaders in the professional services sector, and 88% in the IT/tech sector, called for external oversight and accountability in the form of an independent body – an ‘Ofcom for cybersecurity’ – to reduce cyber attacks against UK businesses. Nearly all of them (93% in professional services, and 92% in IT/tech) want to see legislation requiring businesses to have basic cybersecurity protections in place before they’re allowed to operate.
What UK Companies Can Do to Strengthen their Defences
The wheels of government – and many organisations – tend to turn slowly, but there are steps that resource-strapped companies can take right now to fortify their cybersecurity defences.
1. Keep Apps, Operating Systems & Firmware Up-to-Date
These updates frequently contain important security patches, and they should always be installed as soon as possible. Computers worldwide remain vulnerable to the EternalBlue Windows exploit, responsible for WannaCry and other major cyber attacks, simply because users haven’t installed the patch that Microsoft issued in 2017.
2. Use Role-Based Access Control (RBAC)
Employees should be granted only the network privileges they need to perform their jobs and no more. IT administrators should also periodically review user privileges and adjust them as necessary to reflect any changes in employees’ duties, and they should disable accounts when an employee leaves the company.
3. Train Employees on Cybersecurity Awareness
The weakest security link in any organisation is its own people. Training employees on cybersecurity best practices, especially how to avoid falling victim to social engineering, transforms them from security liabilities into security assets.
4. Develop & Enforce a Password Security Policy
All companies need to mandate that employees use strong, unique passwords for every account and enable Multi-Factor Authentication (MFA) wherever it’s supported. Then, they need to enforce this policy using an Enterprise Password Management (EPM) solution like Keeper.
Keeper’s zero-knowledge password management and security platform gives IT administrators complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies across the entire organization, including password complexity requirements, MFA, RBAC, and other security policies.
Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.