The 2019 Cyber Security Breaches survey, published by the Department for Digital, Culture, Media and Sport (DCMS), has shown a significant drop in the number of cyber attacks and breaches in the last 12 months.
Attacks experienced by businesses are down from 43% to 32% with the Data Protection Act and General Date Protection Regulations (GDPR) making an impact. Since GDPR came into force in May last year, 30% of businesses and 36% of charities have improved their cyber security processes.
However, businesses that have already suffered attacks have seen an increase in malicious activity. The average number of attacks has risen from 4 (2018) to 6 (2019), highlighting continuing issues.
The survey also found that the average cost of a cyber attack upon a business has risen from £1,000 to £4,180 since 2018.
Business leaders are being encouraged to do more to protect businesses from cyber crime with the NCSC’s Board Toolkit, Small Business Guide and Small Charity Guide a great place to begin. Organisations should also consider using Cyber Essentials to help guard against the most common cyber threats.
Cyber attacks remain a very real and persistent threat, with the survey reporting that 47% of businesses and 39% of charities affected identifying at last one incident every month.
Organisations have a responsibility to protect customer data and following the 10 Steps to Cyber Security will help reduce risk. The NCSC’s guidance on phishing and ransomware will help organisation defend themselves against some of the most common attacks.
You can read the full 2019 Cyber Security Breaches survey on GOV.UK.
Toyota suffers a second breach
Japanese car maker Toyota has announced a second data breach, following an incident back in February.
The most recent incident has affected the company’s main offices in Japan, reportedly exposing information of up to 3.1million customers. Toyota’s statement cites “unauthorized access” to its network and was soon followed by similar announcements from Toyota Vietnam and Toyota Thailand.
There have been reports that APT32, a Vietnamese hacking group, has allegedly launched a spear phishing campaign against multinational car companies but Toyota has not commented on this link.
The NCSC has published guidance aimed at organisations looking to protect bulk personal data.
Data exposed by banking app security flaws
Vulnerabilities have been found in the mobile applications of 30 financial service providers.
The report, by cyber security company Arxan, revealed that source code, back–end accesses and sensitive data are at risk after a researcher download various apps from the Google Play store.
The vulnerabilities noticed include insecure data storage, weak encryption and a lack of binary protections. The report has not named any of the apps in an effort to not increase additional risk, but it does highlight the importance of ensuring strong app development and security.