Archivo de la etiqueta: security

hyperconverged infrastructure, Networking & Security, ransomware, Simplivity

Guest Post: How to Minimize the Damage Done by Ransomware

Below is a guest post from Geoff Fancher, Vice President, Americas Channels at SimpliVity Corporation

Have you ever woken up in the middle of the night, sweating profusely, scared half to death, and terrified that your data center was infected with ransomware? If so, you’ve had an IT nightmare. Just be thankful it was all just a dream and your data isn’t lost.

Though IT nightmares come in all forms, one thing all IT pros fear nowadays is ransomware. That’s because ransomware is becoming increasingly commonplace and is evolving to become even more vicious and hard to stop once it has entered an IT environment. The cost to business productivity can be crippling, and the data loss that can occur can set a company back for days.

According to Ponemon Institute, the average cost of IT downtime is $7900 per minute. Per minute! The reason recovering from ransomware attacks can be so costly is that backing up from restores can take a long time, typically measured in hours or days depending on where and how backups were stored. Also, depending on when the most recent backup took place, a lot of data could be lost once the backup is recovered.

With the cost of downtime due to ransomware being so high because quick restores aren’t an option, many organizations are choosing to pay the ransom to get their data back. The most notable example comes from Hollywood Presbyterian Medical Center. The hackers infected the hospital’s computer systems, shutting down all communication between the systems, and demanded $17,000 to unlock them. The hospital, being in an a high-pressure situation without the correct resources to be able to quickly shut down its systems and restore from a recent backup, was forced to pay the ransom to receive the decryption key and get back online.

The fundamental piece, then, to avoiding paying the ransom demanded by cyber criminals is to have a disaster recovery plan in place. You should know what to do if a ransomware attack happens. As the old adage goes, “Hope for the best. Prepare for the worst.” That’s the attitude to take and the way to do it is to have a plan.

One company that instituted a solid disaster recovery plan just in the nick of time was an enterprise manufacturing company based in the Netherlands. The company was infected with ransomware while its IT partner was in the process of migrating VMs to a new hyperconverged infrastructure environment that had built-in data protection. Most of the infected folders were already on the new solution, which was lucky because they were able to use the solution’s backup to restore within fifteen minutes, when just a day before, on the previous infrastructure, it would have taken about three hours to restore to the most recent backup. The partner was also performing hourly backups on the new solution, so they lost less than an hour’s worth of data during the restore. Before deploying hyperconverged infrastructure, the partner was backing up to tape every 12 hours, so they saved the company about 11 hours of data loss on the new hyperconverged solution. What a difference a day makes.

For a disaster recovery plan to be successful, the IT team needs to define recovery time objectives (RTOs) – how long it takes to restore the backup – and recovery point objectives (RPOs) – the nearest backup they can restore from. Basically, businesses have to ask themselves two questions: How long can the business shut down while waiting for the restore to take place? And, how many hours of business-critical data can the company afford to lose? There are data protection plans for every size of company and for every budget. The first step to a data protection plan is defining the organization’s requirements.

Hyperconverged infrastructure, for example, can dramatically cut down the hours it takes for businesses to recover from IT downtime. By making data efficient from the start of its lifecycle, businesses are able to quickly recover from a previous backup.

With SimpliVity hyperconverged infrastructure, companies are able to backup quickly and efficiently with minimal data loss because SimpliVity’s solution is designed to meet even the most stringent RTOs and RPOs to ensure businesses functions aren’t interrupted for long in case of a disaster or ransomware attack. If you’re heading to GreenPages’ Summit Event next week, definitely swing by the SimpliVity booth to chat!

 

 

 

News, Services

Lance Crosby’s StackPath

Lance Crosby has recently announced his new venture StackPath, a Security-as-a-Service company, at HostingCon Global. Initially, StackPath will include content delivery, DDoS protection, and Virtual Private Network (VPN) services. Eventually, the company will grow to include other services such as secure compute and storage. These services will be offered as both individual products and a suite of services, operating on private and public clouds. StackPath’s global threat intelligence engine will be available across 35 points-of-presence.

 

Crosby was inspired to found StackPath in 2013 after he left IBM. He witnessed a plethora of flaws within the cloud security industry and became cognizant of the need for better security, with more than 400 million identified malware attacks in the past year alone.

 

Though relatively young, the company shows much promise. StackPath has raised $150 million in Series A funding alone from private equity firm ARBY Partners, one of the largest single financing rounds for a private security firm. In addition, StackPath has also acquired many companies: Cloak, a VPN firm that provides secure WiFI connections for iOS devices; MaxCDN, a content delivery network company; and Fireblade, a firewall company.

 

About Lance Crosby:

crosby

A 20 year industry veteran, Crosby founded SoftLayer Technologies, which was acquired by IBM for $2 billion in 2013. He also spent a short while at IBM. He later left to found StackPath with his own money.

 

Comments:

Lance Crosby, Stackpath CEO and chairman: “That’s where the concept came from. I saw companies like Netflix, big banks, and firms that were spinning up literally tens of thousands of virtual machines a day and there were no real security products that would follow that level of automation and scale.

“The Internet is where the world does business. It may be the single most important utility supporting businesses today, yet we continue to overtax the aging infrastructure and struggle to make it secure.”

 

The post Lance Crosby’s StackPath appeared first on Cloud News Daily.

cloud security, cyber security, Dell, News & Analysis

Security still viewed as a barrier to progress – Dell

Security CCTV camera in office buildingA recent survey from Dell demonstrates security is still seen as a hindrance to innovation as companies aim to develop a more digitally orientated proposition for the market, reports Telecoms.com.

While a substantial 89% of the respondents highlighted their organization was in the middle of a digital transformation project, 76% agree security is brought into the equation too late in the development process, with 85% saying they actively avoid bringing security experts in due to the belief they will slow or even scupper the project.

“This survey produced some eye-opening results and reinforces what we’ve been hearing directly from our customers,” said John Milburn, GM of One Identity Products at Dell. “Organisations face challenges securing their digital transformations and recognise that their current security measures are exposing the business to risk.

Security has been one of the biggest talking points within the telecommunications and technology industry, generally due to a lack of understanding. Until recently, security challenges would appear to have been pushed to the side as there have not been any clear routes to success. It would seem companies are not willing to allow security concerns to stop progress, instead aiming to secure products retrospectively.

The survey demonstrates attitudes towards are still relatively negligent. While numerous CEO’s and board members have highlighted security would be considered at the top of the agenda, surveys such as this tell a different story, much to the disappointment of security professionals and vendors alike. One conclusion which could be drawn from the survey is security is still considered a barrier to success when driving towards innovation. In fact 37% of respondents agreed with the statement “it is likely that the security team will delay or block a new initiative presented to us today”, and 49% agreed with “our security team does have a reputation for blocking projects based on the past, but now we do a better job of enabling the business”.

“Our goal is to provide our customers with solutions that address these needs. When done right, security can enable organisations to aggressively adopt new technologies and practices that can have a direct, positive impact on revenue, profits, employee productivity and the customer experience. Done right, security also helps CISOs open their own ‘Department of Yes,’ empowering them to deliver the strategic projects and innovative initiatives that drive businesses forward.”

Security is, and will continue to be, a paramount facet of any organization, though the implications which can be drawn from this survey suggest there is still some way before organizations would consider themselves secure. One encourage factor from the survey is 91% of respondents agreed if the security team was given more resources they could do a better job. What is unclear is whether CEOs and other board members will follow up on the promise security will receive more investment.

data protection, European Commission, News & Analysis, Policy and Regulation, Privacy Shield

Privacy Shield rubber stamped amid dissent

dataThe European Commission has formally adopted the controversial ‘Privacy Shield’ framework intended to replace the previous Safe Harbour agreement, reports Telecoms.com.

Both schemes covered the transfer of data between the EU and the US, with the balance between free movement of data and the protection of individuals a tricky one to strike. Privacy Shield has many critics who fear it does little to address the issues faced by Safe Harbour. In spite of that the EC has decided to plough forward as anticipated.

“We have approved the new EU-US Privacy Shield today,” said Andrus Ansip, Commission VP for the Digital Single Market. “It will protect the personal data of our people and provide clarity for businesses. We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible. Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.”

“The EU-U.S. Privacy Shield is a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses,” said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality. “It brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints. The new framework will restore the trust of consumers when their data is transferred across the Atlantic. We have worked together with the European data protection authorities, the European Parliament, the Member States and our U.S. counterparts to put in place an arrangement with the highest standards to protect Europeans’ personal data”.

Not everyone in Brussels was convinced, however. “The Commission has today signed a blank cheque for the transfer of personal data of EU citizens to the US, without delivering equivalent data protection rights,” said the Green Party MEP Jan Philipp Albrecht. “The ‘Privacy Shield’ framework does not seem to address the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal. In particular the individual rights of consumers are still too weak and blanket surveillance measures are still in place. In this context, the Commission should not be simply accepting reassurances from the US authorities but should be insisting on improvements in the data protection guaranteed to European consumers.

“The European Parliament already underlined concerns about the lack of general data protection provisions in the US when the initial Safe Harbour decision was concluded in 2000. Independent data protection authorities are still lacking in the US. EU justice commissioner Jourova must now make clear that, once the EU’s new General Data Protection Regulation enter into force in 2018, there will also be a need to revise the Privacy Shield decision.”

Elodie Dowling, VP, EMEA General Counsel at BMC Software reckons there’s still plenty of work to do. “Following negotiations between EU and US officials, the formal adoption of Privacy Shield has officially started today in the EU’s 28 member states,” said Dowling. “Starting August 1, it will then be for businesses across the US and the EU to innovate and comply around this in order to create a culture of trust amongst their customers.

 

“However, with the ongoing discussions generated throughout the negotiation period, it’s unlikely that the official adoption of the Privacy Shield closes the loophole completely. For example, it remains unclear the type of ‘assurances’ the US has provided to the EU to ensure mass surveillance does not apply or, if it does, that it happens in a transparent and framed manner for EU citizens. Surely this particular item is going to be carefully considered by data privacy activists.”

AI, Artificial Intelliegence, cyber security, data protection, EMC, IoT, News & Analysis

What did we learn from EMC’s data protection report?

a safe place to workEMC has recently released its Global Data Protection Index 2016 where it claims only 2% of the world would be considered ‘leaders’ in protecting their own assets, reports Telecoms.com.

Data has dominated the headlines in recent months as breaches have made customers question how well enterprise organizations can manage and protect data. Combined with transatlantic disagreements in the form of Safe Habour and law agencies access to personal data, the ability to remain secure and credible is now more of a priority for decision makers.

“Our customers are facing a rapidly evolving data protection landscape on a number of fronts, whether it’s to protect modern cloud computing environments or to shield against devastating cyber-attacks,” said David Goulden, CEO of EMC Information Infrastructure. “Our research shows that many businesses are unaware of the potential impact and are failing to plan for them, which is a threat in itself.”

EMC’s report outlined a number of challenges and statistics which claimed the majority of the industry are not in a place they should be with regard to data protection. While only 2% of the industry would be considered leaders in the data protection category, 52% are still evaluating the options available to them. Overall, 13% more businesses suffered data loss in the last twelve months, compared to the same period prior to that.

But what are the over-arching lessons we learned from the report?

Vendors: Less is more

A fair assumption for most people would be the more protection you take on, the more protected you are. This just seems logical. However, the study shows the more vendors you count in your stable, the more data you will leak.

The average data loss instance costs a company 2.36TB of data, which would be considered substantial, however it could be worse. The study showed organizations who used one vendor lost on average 0.83TB per incident, two vendors 2.04TB and three vendors 2.58TB. For those who used four or more vendors, an average of 5.47TB of data was lost per incident.

Common sense would dictate the more layers of security you have, the more secure you will be, however this is only the case if the systems are compatible with each other. It should be highlighted those who lost the larger data sets are likely to be the larger companies, with more data to lose, though the study does seem to suggest there needs to be a more co-ordinated approach to data protection.

And they are expensive…

Using same concept as before, the average cost of lost data was $900,000. For those who have one vendor, the cost was $636,361, for those with two, 789,193 and for those with three vendors the cost was just above the average at 911,030. When companies bring in four or more vendors, the average cost of data loss rises to 1.767 million.

China and Mexico are the best

While it may be surprising, considering many of the latest breakthroughs in the data world have come from Silicon Valley or Israel, China and Mexico are the two countries which would be considered furthest ahead of the trend for data protection.

EMC graded each country on how effective they are were implementing the right technologies and culture to prevent data loss within the organizations themselves. 17 countries featured ahead of the curve including usual suspects of the UK (13.5% ahead of the curve), US (8%), Japan (1%) and South Korea (9%), however China and Mexico led the charge being 20% and 17% respectively ahead.

While it may not be considered that unusual for China to have a strong handle on data within its own boarders, Mexico is a little more surprising (at least to us at Telecoms.com). The country itself has gone through somewhat of a technology revolution in recent years, growing in the last 20 years from a country where only 10% of people had mobile through to 68% this year, 70% of which are smartphones. Mexico is now the 11th largest economy in terms of purchasing power, with the millennials being the largest demographic. With the population becoming more affluent, and no longer constrained by the faults of pre-internet world, the trend should continue. Keep up the good work Mexico.

Human error is still a talking point

When looking at the causes of data loss, the results were widespread, though the causes which cannot be controlled were at the top of the list. Hardware failure, power loss and software failure accounted for 45%, 35% and 34% respectively.

That said the industry does now appear to be taking responsibility for the data itself. The study showed only 10% of the incidents of data loss was blamed on the vendor. A couple of weeks ago we spoke to Intel CTO Raj Samani who highlighted to us the attitude towards security (not just data protection) needs to shift, as there are no means to outsource risk. Minimizing risk is achievable, but irrelevant of what agreements are undertaken with vendors, the risk still remains with you. As fewer people are blaming the vendors, it would appear this responsibility is being realized.

Human error is another area which still remains high on the agenda, as the study showed it accounts for 20% of all instances of data loss. While some of these instances can be blamed on leaving a laptop in the pub or losing a phone on the train, there are examples where simple mistakes in the workplace are to blame. These will not be removed, as numerous day-to-day decisions are based off the back of intuition and gut-feel, and a necessity for certain aspects of the business.

An area which could be seen as a potential danger would be that of artificial intelligence. As AI advances as a concept, the more like humans they will become, and thus more capable of making decisions based in intuition. If this is to be taken as the ambition, surely an intuitive decision making machine would offer a security defect in the same way a human would. Admittedly the risk would be substantially smaller, but on the contrary, the machine would be making X times many more decision than the human.

All-in-all the report raises more questions than provides answers. While security has been pushed to the top of the agenda for numerous organizations, receiving additional investment and attention, it does not appear the same organizations are getting any better at protecting themselves. The fact 13% more organizations have been attacked in the last 12 month suggests it could be getting worse.

To finish, the study asked whether an individual felt their organization was well enough protected. Only 18% believe they are.

acquisition, Cisco, cyber security, News & Analysis

Cisco cracks open wallet for $293m CloudLock acquisition

Cisco corporateCisco has announced its intent to acquire cloud security company CloudLock in a $293 million deal which is expected to close in Q1 2017, writes Telecoms.com.

CloudLock specializes in cloud access security broker (CASB) technology which provides insight and analytics focused on user behaviour and sensitive data in the cloud. The move builds on Cisco’s ‘Security Everywhere’ strategy, its initiative designed to provide protection from the cloud to the network to the endpoint.

“As companies are migrating to the cloud, they need a technology partner that can accelerate that transition and deliver critical security capabilities for all their users, apps and data in a seamless way,” said Rob Salvagno, VP of Cisco Corporate Development. “CloudLock brings a unique cloud-native, platform and API-based approach to cloud security which allows them to build powerful security solutions that are easy to deploy and simple to manage.”

CASB technology is an aspect of cloud security which has caught the attention of a number of decision makers in recent months. When we spoke to Intel Security CTO Raj Samani earlier this month, he told us CASB solutions were set to be one of the largest talking points for the cloud security market segment in the next couple of years.

“Companies will find controls and measures to give them a level of trust in a vendor to ensure they can operate effectively,” said Samani at the time. “CASBs will be one of the biggest trends we’ll see in the next couple of years.”

“CASB is the ultimate business case, because you can do things faster and more efficiently – you can actually but an ROI and a TCO next to it.”

The purpose of CASB solutions is to sit between the cloud provider and cloud consumer to consolidate multiple types of security policies including authentication, single sign-on, encryption, tokenization and malware detection. The CASB solution offers a level of assurance for those customers who have concerns over the security provided by cloud providers themselves, as the concept of secure and risk with vary dependent on the company.

By integrating CASB solutions, a cloud consumer can dictate how many additional layers of security are placed on top of a cloud provider’s offering, to allow the cloud consumer to define their own risk profile. The concept of CASB on the whole could go some way to mitigate the security concerns for those companies who have not currently adopted the cloud for more sensitive workloads.

Aside from this acquisition, Citrix has been bolstering its security capabilities through additional purchases, including Lancope for $452.5 million last December. Lancope helps customers monitor, detect, analyse and respond to modern threats on enterprise networks through continuous network visibility and threat analysis.

Citrix is one of a number of tech giants who have been forced to reconsider their primary focus, as cloud computing continued to increase its grip on IT decision making. During the company’s most recent earnings call, IoT was outlined as a target growth segment, though the security business unit was prominent during the financials, growing 17% year-on-year.

News

Cisco to Buy CloudLock

Cloud giant Cisco has recently acquired cloud security startup CloudLock for $293 million. This $293 million includes cash as well as equity awards. CloudLock will be integrated into Cisco’s Networking and Security Business group under David Goeckeler. The deal is expected to close by November, 2016.

 

Cisco has utilized acquisition to build its security software and service sector; it paid $2.7 billion for Sourcefire, security hardware and software maker, in 2013 and $635 million for OpenDNS, which helps stop cyber attacks, in 2015. These acquisitions are similar to those of Microsoft, who purchased Adallom for $250 million, and Blue Coat, who purchased Perspecsys Inc.

 

About CloudLock:

Founded in 2007, Massachusetts based CloudLock currently has about 130 employees. It provides cloud access security broker (CASB) technology that allows enterprises to protect data within their cloud. This platform acts as a control point for users that are attempting to access cloud based applications such as Microsoft 365. This technology allows policies pertaining to data access to be established and enforced. It also allows security administrators to monitor third party applications that enterprise employees may be utilizing without expressed permission of the enterprise.

 

Essentially, CASB gives administrators a control point for cloud security and visibility. Because of these unique capabilities, the demand for CASB technology is expected to increase sharply in the coming years. This increase is driven by growing utilization of Software as a Service (SaaS) applications such as Office 365.

 

Comments:

Rob Salvagno, head of Cisco’s M&A and venture investment team: “‘Buy’ has been a key part of our innovation strategy, alongside significant internal product development, to drive towards a fully integrated security portfolio.”

Rob Salvagno, vice president of Cisco Corporate Development: “CloudLock brings a unique cloud-native platform and API-based approach to cloud security, which allows them to build powerful security solutions that are easy to deploy and simple to manage.”

Luke Burns, general partner at Ascent Venture Partners:”CloudLock rose to leadership in the cloud security sector with a pure-play approach of being cloud-native while leveraging other cloud platform APIs in a collaborative fashion. They were a trailblazer of this approach while the competition often focused their efforts on extending legacy methods.”

The post Cisco to Buy CloudLock appeared first on Cloud News Daily.

acquisition, cyber security, Intel, McAfee, News & Analysis

Intel reported to be looking for security exit

IntelAlmost six years after purchasing antivirus specialists McAfee, Intel is reported to be in the market to sell off its security arm, according to the FT.com.

Intel has yet to make a comment on the speculation, though those close to the deal expect it to be one of the largest in the security sector to date. The company initially announced the McAfee acquisition in August 2010 for $7.6 billion at a time where the concept of IoT was beginning to gain traction, and the size of the online security challenge was being realized.

“With the rapid expansion of growth across a vast array of Internet-connected devices, more and more of the elements of our lives have moved online,” said Paul Otellini, who was serving as Intel CEO at the time of the acquisition. “In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences.”

While the introduction of cloud computing has provided smaller business and entrepreneurs a platform to innovate and challenge the tech giants, Intel are one of a number of organizations who have had to evolve their own proposition to remain relevant in the cloud-enabled world. Back in April, CEO Brian Krzanich outlined the long-term Intel strategy, which was split into five areas; cloud technology, IoT, memory and programmable solutions, 5G and developing new technologies under the concept of Moore’s law. While the security business unit is one of the larger within the Intel portfolio, security was not mentioned in the announcement.

The new strategy intends to move Intel away from the PC market place, as declining sales have continued to impact the business. Despite reporting year-on-year growth of 7% during the last quarterly earnings call, this was not enough to deter the company from announcing 12,000 job cuts, equivalent to 11% of the global workforce.

“Our results over the last year demonstrate a strategy that is working and a solid foundation for growth,” said Krzanich, who is leading the company’s shift away from client computing and towards IoT and the cloud. “The opportunity now is to accelerate this momentum and build on our strengths. These actions drive long-term change to further establish Intel as the leader for the smart, connected world. I am confident that we’ll emerge as a more productive company with broader reach and sharper execution.”

Security is an area which is seemingly gaining traction in the venture capitalist arena, as there have been numerous deals announced in recent months. Blue Coat was acquired by Symantec earlier this month from majority shareholder Bain Capital for $4.65 billion, with Bain Capital agreeing to reinvest $750 million, and Silver Lake committing to an additional investment of $500 million. Vista Equity Partners has also agreed to purchase identify management company Ping Identity for an undisclosed sum.

News

Kstart Invests in ParaBlu

India’s leading venture capital firm Kalaari Capital’s seed program, Kstart, has recently invested $510k into cloud security startup ParaBlu. This funding will be used for both team expansion and marketing activities.

Kalaari Capital launched its Kstart program in February of 2016, allocating over $20 million for the program over the course of two years. ParaBlu marks Kstart’s fourth investment, following Affordplan, Active.ai, and Indee. Kstart plans to invest in over 40 startups over the next four years.

image

About ParaBlu:
Founded in 2011, California based ParaBlu provides an award winning Cloud Access Security Broker data solution, among other cloud security solutions. The company provides Blukrypt, a secured cloud gateway, BlueSync, for secured data transfer, as well as two versions of its BlueVault solution.

Blukrypt is a CASB that allows users to manage their security policy whether the are utilizing public or private cloud.

With BlueSync, users are allowed to establish somewhat of a “mini-cloud.” These mini clouds allow different teams to operate underneath an enterprises singular large cloud network.

BlueVault comes in two versions: one for endpoints and one for servers. BlueVault for servers has the ability to backup files and databases from Windows servers.
Comments:
Vani Kola, MD, Kalaari Capital: “As cloud usage continues to increase within enterprises, there is tremendous opportunity ahead for ParaBlu’s unique product.”

Anand Prahlad, President, ParaBlu: “ParaBlu was founded with the singular vision of being the security vendor of choice for all enterprise data outside the firewall.The promise of that is already evident in our customer wins so far, and the investment from Kstart will help accelerate the realization of that vision. The experience and mentorship the Kstart team brings with them are without doubt among the best in the industry, and we’re excited to be able to take advantage of it.”

Ananda Rao Ladi: “Our solutions enable enterprises to become less dependent on in-house storage and adopt cloud with confidence. The association with Kstart will help us in expanding our product portfolio for global markets.”

The post Kstart Invests in ParaBlu appeared first on Cloud News Daily.

cyber security, News & Analysis, SME, UK

SMEs not prepared for the threat of cyber criminals – Barclaycard

Hacker performing cyber attack on laptopResearch from Barclaycard claims cyber security is not being prioritized by small businesses, putting numerous organizations at risk of attack.

The findings state only 20% of the organizations surveyed believe cyber security is a top business priority, with 10% claiming their team has not invested in cyber security at all. The average attack costs UK businesses between £75,000 and £311,000 according to HM Government’s 2015 Information Security Breaches report, as more than 50% of the respondents believe their organization is at risk of a breach within the next 12 months.

“Businesses of all sizes face a constant and growing threat from cybercrime,” said Paul Clarke, Product Director at Barclaycard. “As our research shows, many small businesses are failing take the necessary precautions, either because they don’t know how to protect themselves or, more worryingly, because they don’t think they need to. At Barclaycard we work with our customers to ensure they are aware of the growing threats they face and understand how they can protect themselves from cyber threats.”

Worryingly for business owners throughout the UK, only 13% of those who completed the survey believe they have the relevant skills to adequately protect themselves online. This statistic, combined with the lack of prioritization around security, may indicate decision makers believe their organization is safer, as cyber criminals would target the larger and more data heavy businesses in the UK.

While this may be considered a perception held by small businesses, the findings claim just under half have been hit by at least one cyber-attack in the past year, with a tenth experiencing more than four attacks.

“Cybersecurity is not a one-off investment that can then be forgotten about, especially as criminals are becoming increasingly sophisticated in the way they target businesses,” said Clarke. “For fifty years we’ve been working in partnership with customers to ensure they are not only putting the right measures in place from the outset, but are also continuously reviewing their policies to keep up with the latest industry developments.”