Categories: Security

Government Reveals Top 10 Cyber Threats Affecting Businesses

New research has discovered that British businesses are still falling prey to the same old vulnerabilities, such as weak password policies, when developing online applications and infrastructure.

Technology body techUK, in association with the Home Office’s Cyber Crime Reduction Partnership, teamed up with PA Consulting to carry out extensive penetration tests over the past 12 months, and was able to discern which ten vulnerabilities are the most common.

Account weaknesses, in particular poor passwords, topped the list, with SSL (Secure Soft Layer) issues and XSS (cross site scripting) vulnerabilities rounding out the top three.

Under threat

The top also includes a lack of brute force or clickjacking protection and host configuration problems – especially firewall issues and IP leakage.

Also listed are cookies not marked as HTTP only or not marked as secure, which could make them easier for attackers to steal; and directory listing vulnerabilities, via which attackers can discover hidden files or the directory structure of a web page.

The reports mentions figures from the 2014 Information Security Breach Survey (published by BIS), which says that 87 percent of small firms experienced a security breach last year, with 93 percent of large organisations saying that they had also been targeted.

“These threats may not be new, but all still post a real risk to UK web users,” said Gordon Morrison, director of tech for government at techUK. “The good news for businesses and citizens is that there are well established fixes available to protect against these vulnerabilities and avoid falling victim to cyber crime.”

In order to cope with these threats, the report recommends companies adopt a number of best practices to ensure they stay safe. Unsurprisingly, most of this is found in the BSI’s PAS 754, Software Trustworthiness – Governance and Management – Specification, which sets out the processes and procedures which organisations can apply to help them identify and employ trustworthy software.

This includes setting up an appropriate set of governance and management, carrying out proper risk assessment,  managing and applying proper controls, and setting up a thorough compliance regime.

Launched in November 2013, TechUK currently represents around 850 companies, employing more than 500,000 people in the UK – around half of all technology sector jobs in the country.

Like Government IT policy? You’ll love our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago