Published last week, the UK’s Cybersecurity Breaches Survey contains a number of interesting facts. Although it was not surprising that most organisations found that Covid-19 made cyber security harder, it was surprising that the vast majority of organisations still do not have a policy that provides for cyber secure home working, let alone use of personal devices for work.
Even more surprising, given that phishing was far and away the most common form of cyber attack, only 20% of businesses test staff responses to phishing attacks and only 14% train their staff on cyber security in the first place.
As the staggered worldwide emergence from lockdown continues, the incidence of successful phishing attacks will continue increasing; the shift, in most businesses, to some form of hybrid WFH/office arrangements for the majority of their staff, will lead to continued exposure to these easiest and simplest of cyber attacks.
Let’s hope that a growing number of organisations (a majority of whom, apparently, see cyber security as a board-level issue) do actually translate good intentions into practical defensive behaviours!