Blog _ Insights
Posted on

If cyber security isn’t a high priority on your list, it should be

With cyber crime on the rise, it’s time to check your website’s level of security.

We make sure that all of our Startup Giants Founders’ remember that it’s always worth listening to reports in the news to analyse how the data can directly or indirectly affect their businesses. This particular report is so current right now, with an immediate solution we knew we should share it to our wider Startup Giants audience as opposed to simply sharing it to our Founders on our Raising Giants app.

New research carried out by cyber crime experts, FoxTech, has revealed that the five UK industries with the weakest cyber security are mechanical and industrial engineering (with a CyberRisk score of 59.1), environmental services (57.8), furniture manufacturing and installation (56.8), logistics and supply chain (56.5), and construction (56.2).

Particularly for our Startup Giant founders, Lattice, these are stats that they need to be particularly aware of because it directly affects their industry and therefore is something that they need to place as a top priority in their ongoing software development.

Don’t be cyber vulnerable

The research is based on analysis of 9500 companies in the UK, and used a CyberRisk score, a diagnostic tool which calculates risk using publicly available information and an analysis of a wide range of cyber security indicators. Companies with scores of 25 or less are considered to be at a low risk of attack, while scores of over 50 demonstrate a high risk. FoxTechs report found that other industries with scores over 50 included higher education (56.0), accounting (55.2) and hospitals and healthcare (53.4). Scores higher than 75 indicate an extreme risk of attack.

Anthony Green, CTO and cyber crime expert at FoxTech, explained his company’s research in greater depth:

‘We audited thousands of UK companies across a wide range of sectors and found that while industries such as financial services, aviation and government administration had a lower risk of falling victim to a cyber crime, many other industries were not doing enough to protect their systems from attack. 

‘It is encouraging that no sector averaged at an extreme risk of attack, with a score more than 75. This is reflective of many businessesincreased investment in cyber security in the past year. However, a score of over 50 still demonstrates a high vulnerability to cyber crime, so it is concerning that many of the UKs key industries fell into this bracket.’

What are the commonalities?

So we found the common security issues FoxTechs report identified to be that it wasn’t  that organisations dont care about having good cyber security, but that they are unaware that their IT infrastructure contains weaknesses that make them a potential easy target for hackers.

Anthony explained …

‘Companies often don’t realise that their anti-virus or endpoint protection software is incorrectly configured, or simply not robust enough to stave off an attack. Another common misconception is the belief that you are safe from attack if you use cloud-based services, rather than an internal server. 

‘This is not the case – in fact, 46.3% of the companies we surveyed were using a public cloud provider, but many were still at a high risk of attack. Inadvertently leaving assets exposed to the internet is another big issue. Some businesses we surveyed had databases visible to the internet, and over 40 companies had a camera accessible from the internet.

‘Sometimes, an organisation can be exposed by something as simple as poorly managed user accounts or using out-of-date software and obsolete or end-of-life technology – as was the case with 4.7% of businesses we surveyed. Email filtering is also a vital aspect of any good cyber security strategy. Only 55.4% of companies we surveyed has email filtering in place, and just 13.7% had DMARC correctly configured to prevent email spoofing attacks.’

It’s not time to panic, it’s time to act

If you’re starting to freak out, don’t. Anthony also highlighted that hacking is a gradual process, and not something that happens overnight. On average, hackers will spend 207 days between breaching a companys IT security and exploiting it.

‘The fact that hackers are going undetected for so long shows that businesses usually have plenty of time to detect intruders and prevent a cyber attack from occurring – if they know where to look.’

So what can you do?

If you’re concerned about cyber security or, as we hope our founders are, willing to practice the adage ‘prevention is better than cure’ and arrange a cybersecurity audit of their existing IT systems, processes and procedures and evaluate these measures at every step of both their product and internal team comms development.

An independent cyber security company such as Anthony’s will be able to involve vulnerability scanning – also known as ethical hacking, where a cyber security expert tries to enter your system, just as a malicious hacker would, but with the intention of helping you find and fix your security weaknesses before they are exploited by a cyber criminal. Either way it’s worth getting a cyber risk score to find out where each company is at in the process. Totally free to do, head to the following link on the FoxTech website: CyberRisk | Third Party Risk Management | Foxtech (