The UK Cyber Security Breaches Survey 2024 reveals a surge in cyber-attacks, with 50% of companies affected. Rising threats like spear phishing and BEC scams highlight the urgent need for stronger cybersecurity measures globally, as cybercrime costs continue to climb.
A recent report released in April by the UK Cyber Security Breaches Survey 2024 has revealed alarming figures, showing a surge in cyber-attacks on businesses, a scenario that is merely the "tip of the iceberg," according to industry experts.
Government data indicates that 50% of companies have experienced a breach or attack in the past year. However, Roy Shelton, CEO of Connectus Group, suggests that the actual figures could be significantly higher.
"Attacks are rising and getting more and more sophisticated. Those reported are just the tip of the iceberg. A lot more happen under the radar and are never reported. All businesses need to be vigilant to the growing risk," Shelton commented.
The 2024 survey further highlights that 74% of large businesses, 70% of medium-sized businesses, and 66% of charities with an annual income of over £500,000 have been targeted.
The most common forms of attacks were phishing, affecting 84% of businesses and 83% of charities, followed by impersonation in emails or online, and then viruses or other malware.
In total, it is estimated that UK businesses faced approximately 7.78 million cyber crimes of all types and around 116,000 non-phishing cybercrimes in the last 12 months. For UK charities, the numbers are around 924,000 cybercrimes.
"These figures are based on only reported breaches: I would suspect many are never reported due to fear of brand and reputational damage," Shelton added.
The persistence of phishing, malware, and impersonation attacks underscores the necessity for robust cybersecurity measures. Effective strategies include training staff and deploying low-cost, high-value countermeasures.
Despite the risks, only 51% of businesses and 40% of charities have implemented multiple approaches to minimise the risks of cyber attacks.
Among the tactics employed are security monitoring tools, risk assessments, mock phishing attacks, vulnerability audits, penetration testing, and investment in threat intelligence.
In Australia, the scenario is similarly grave. The release of the annual Cyber Threat Report 2022-23 highlighted a 14% increase in the average cost of cybercrime per incident from the previous year, with mid-size businesses being particularly hard hit, facing costs of $97,200 on average.
The growing cyber threat has prompted many local experts in the UK Connectus Group and in Australia such as Zirilio, to develop new tools which help provide businesses with advanced 24/7 protection from cyber attacks.
In Australia, the use of advanced social engineering and sophisticated techniques has dramatically affected high-value targets. High-profile incidents, such as the attacks on Latitude Financial, underscore the increasing threat landscape.
Tim Dole, CEO of cybersecurity firm Zirilio, stresses the importance of vigilance and proactive education. He highlights that security awareness training is essential for preventing phishing attacks and protecting sensitive information.
"The increasing complexity of phishing techniques has led to the emergence of spear phishing, where attackers tailor their strategies to target high-profile individuals or organisations.” Mr Dole commented.
As we move deeper into 2024, he stresses the importance of internal organisational education. Companies must educate their employees about various phishing tactics, especially spear phishing, to better prepare them to recognize and counteract these threats in real life.
Reiterating the cunning nature of these attacks, Dole adds,
“Attackers meticulously research and discreetly position themselves to strike, ensuring their intrusions mimic communications from trusted sources. This strategic deception is crafted to inflict maximum financial damage on the victim.”
This highlights the need for a proactive approach to cybersecurity, where knowledge and vigilance play key roles in protecting against sophisticated cyber threats.
The Australian Government continues to highlight the urgent challenges posed by the geopolitical landscape, emphasising the escalating cyber threats facing the nation's critical infrastructure.
Cyber operations are becoming a favoured method for state actors to conduct espionage and foreign interference.
"The Annual Cyber Threat Report illustrates how governments, businesses, and critical infrastructure networks are being targeted by both state and non-state actors, aiming to destabilise and disrupt," noted the Minister for Defence, the Hon Richard Marles MP.
In a recent statement, Minister Marles pointed out the increasing frequency of these incidents: the Australian Signals Directorate (ASD) responded to over 1,100 cybersecurity incidents affecting Australian entities last year.
Additionally, nearly 94,000 reports of cyber incidents were filed with law enforcement via ReportCyber, indicating a cyber incident is reported approximately every six minutes.
This data underscores the continuous and growing pressure on national security mechanisms to counteract these threats effectively.
In the United States, the threat of Business Email Compromise (BEC) is particularly pronounced. Recent surveys have pointed out the ease and effectiveness of BEC scams, which involve tricking organisation members into transferring funds or sensitive data.
According to the FBI’s most recent Internet Crime Report, BEC scams resulted in losses of $2.7 billion USD in 2022 — significantly outstripping losses caused by ransomware.
A notable case in January 2024 involved a Nigerian national accused of defrauding two charitable organisations out of $7.5 million through a BEC attack.
The growing global threat landscape calls for an integrated approach to cybersecurity, emphasising both technological solutions and human factors training.
As cybercriminals adapt their tactics, the need for proactive and comprehensive cybersecurity measures becomes more critical than ever to safeguard data and protect against financial losses.
As Black Friday scams surge, Australians face rising threats with $500K lost to fake sites. Meanwhile, Salt Typhoon targets telecom giants in a global espionage campaign. RomCom exploits zero-day vulnerabilities on Firefox and Windows, while Trump eyes an 'AI czar' to reshape US tech policy.
Hacker "UnicornLover67" claims to have data on 47,300 Telstra employees, raising concerns in Australia. The UK launches an AI Security Lab to counter Russian cyber threats. The EU's Cyber Resilience Act mandates strict digital security from December 2024, with heavy fines for non-compliance.
Australia’s push for bold social media laws to protect youth faces challenges, Bunnings sparks backlash over its facial recognition rollout, and AI fuels parliamentary security debates. These key issues underscore the growing tension between innovation, governance, and safeguarding privacy rights.
Global cyber affairs are in overdrive! Australia’s $50M social media crackdown, Nvidia’s $35B AI earnings, and claims of AI breaching parliamentary security highlight a whirlwind week. With 2025 looming, the pace of tech, trade, and policy shifts is only set to accelerate.
