• 55% of UK businesses report cyber-attacks this year.

• Biggest cyber threat to business, finance and legal industry is macro malware in documents.

• 72% of these companies offer NO workplace cyber security training.

• 64% fail to employ preventative/defensive measures following a security breach.

More than half of UK businesses have reported cyber-attacks this year. And recent threats to Britain’s nuclear industry proves no-one is safe. Is each industry susceptible to a certain type of hacking?

Specops Software sought to find out. Individuals from a range of sectors were asked whether they/their company had experienced a cyber-attack in the past 5 years (or since launch).

1,731 respondents were enlisted. Of these, they were then asked to choose which forms of hacking they have been victim to. Respondents chose from the following common hacking techniques: Bait and Switch, Browser Locker, Burrowing Malware, Clickjacking (UI Redress), Cookie Theft (Side Jacking/Session Hijacking), Denial of Service (DDOS), Eavesdropping/Passive Attacks, Fake WAP, Human Error, Internal Security Breaches, IoT Attacks, Keylogging, Macro Malware in Documents, Man-in-the-middle (MITM) Attacks, Phishing, Ransomware Attacks, Waterhole Attacks. So, what is the most common cyber-attack per industry?

The most prevalent hacking technique in each industry are as it follows:

Advertising/Marketing/PR/Media – Waterhole attacks (59%)

Business/Finance/Legal – Macro malware (in documents – 51%)

Education – Clickjacking (UI Redress – 66%)

Government – Burrowing malware (37%)

Healthcare – Man-in-the-Middle (MITM) attacks (62%)

Miscellaneous Other – Phishing (71%)

Retail/Hospitality – Burrowing malware (44%)

Technical Services – DDOS (Denial of Service – 58%)

As shown, business, finance and legal companies fall victim most often to macro malware in documents - 51% reported opening a document which later turned out to include a hidden malice/virus.

Further Survey Results

Honing in on business, finance and law, Specops Software asked employees whether cyber security training has been offered in their workplace in the time period considered - a staggering 72% said no (26% yes, 2% unsure). That’s a lot of companies vulnerable to hackers.

Following a security breach, companies should prioritise extra efforts to protect against future attacks. But in reality, this doesn’t seem to occur. When asked, 64% of respondents stated no further action was taken, 23% said yes and 13% were unsure.

Finally, respondents were asked to comment on how impactful they think breaches have been on their company. When asked whether they think the business will have lost clients and/or public trust, an overwhelming 83% stated yes. This is compared to 13% saying no and 4% unsure.

To combat future attacks, Specops Software’s Cyber Security Expert Darren James has provided his top tips:

1. Always update – This includes antivirus software. Programmes are constantly updated, and every update provides vital patches/bug fixes. Missing any of these could expose a weakness to potential hackers.

2. Nip it in the bud – at the first sign of strange activity (e.g. unusually large data usage, slow service, pop-ups, etc.), flag it – a superior will be able to carry out necessary checks and prevent a potential virus from worsening.

3. Don’t believe everything you read – Many still fall for easy phishing scams and clickbait viruses, resulting in serious security breaches. Always question what is presented to you.

4. If in doubt, refrain from clicking – it’s better to be safe than sorry. There’s no way to know the contents of a document/link before opening, especially as hackers adapt to the improving technological space. Ask for advice, but ultimately avoid it if you are unsure.