Firms still failing security basics, report finds

Businesses are still failing to take even the most basic steps to protect their companies from cyber crime, a new report from Verizon shows.

The firm’s annual Data Breach Investigations Report found that, despite the risks, companies aren’t using strong passwords and are not protecting against decades-old, well-established forms of cyber crime.

Analysis of nearly 2,000 breaches and security incidents showed that a majority - 81 per cent - used easy-to-guess or stolen passwords.

65 per cent of malware infections were delivered through email attachments - a method that has been used by cyber criminals for years and years.

Asked why so many companies are still failing to practice even basic security protection, Ali Neil, Verizon’s director of international security solutions, told IT Pro: "It's a very good question, and it's one we ask ourselves on a recurring basis, because this is not the only year that we find that the human vector is probably the most susceptible, and theoretically the easiest one by which to combat things.

"You don't have to pay a fortune for a SIEM solution or an intrusion detection solution, you actually have to enforce some basic standards," he added.

"Our message is that training is the simplest thing you can do with people."

The Verizon report also found that organised crime gangs are increasingly perpetrating cyber attacks, being responsible for more than half of all breaches. In healthcare, nearly 70 per cent of cyber threats come from within the organisation and around 50 per cent of attacks on educational institutions were carried out by state-affiliated hackers.