Nearly all businesses in the U.K. were breached by cyber attackers in the last 12 months, a new report has found. The biggest risk factor, cited by 46%, was remote and hybrid workers.
Dispersed workforces raise the risk of data breaches by elying on unsecured networks and personal devices, and ensuring security protocols across multiple locations while managing access presents significant challenges for IT teams.
“Where policies are inconsistent, they can create gaps that are then able to be exploited,” Stephen Amstutz, director of Innovation at Xalient, told TechRepublic in an email.
For example, in January, the Volt Typhoon cyber crime group launched botnet attacks on U.S. critical infrastructure companies after compromising hundreds of small and home office routers. Most of the routers involved had reached end-of-life status and were personal devices that IT teams could not oversee.
Inconsistent security standards and outdated infrastructure are contributing factors
The “Blueprint for Future-proofing Your Network in 2025 and Beyond” report unveils the extent of the security gaps within U.K. business networks, with 85% saying that new threats are taking advantage. IT consultancy Xalient surveyed 250 IT, network, and security leaders from organisations with over 2,000 employees in the country.
According to the report:
- 46% cited remote and hybrid workers as the primary reason for businesses experiencing cyber attacks in the past year.
- 37% blamed roaming workers.
- 39% blamed a branch or subsidiary operation.
Inconsistent security standards or outdated infrastructure used by the third-party can turn them into weak links. For example, in June, the MOVEit file transfer application was exploited by the Clop ransomware group. The software was used by many businesses in the U.S. and Europe, and hackers were able to steal sensitive information and use extortion tactics to demand ransoms. Initial access was gained through a SQL injection vulnerability in the MOVEit tool.
SEE: 1/3 of Companies Suffered a SaaS Data Breach in Last Year
But it is not just technical issues that are leading to breaches. Almost 80% of respondents said that recruiting and retaining specialist security personnel was a key challenge. This aligns with research from June revealing that the U.K. trails well behind in Europe when it comes to technical skills.
The level of “skills-shortage vacancies,” where a job cannot be filled due to a lack of skills, qualifications, or experience among applicants, is very high in the information and communications sector in the U.K. The figure climbed from an already high 25% in 2017 to 43% in 2022, the last year for which data is available.
The Xalient researchers also asked U.K. respondents about the types of security issues that are allowing their networks to be exploited: 42% said they found it difficult to detect threats and protect against ransomware — 4% higher than the global average.
Furthermore, 40% said they struggled with enforcing policies that would mitigate risks consistently due to their insecure network. Amstutz said that insecure networks are stemming from the shift to remote work.
He told TechRepublic: “Traditionally networks were designed with the assumption that users were in corporate offices and applications were in corporate headquarters or data centres. Remote users and cloud applications were the exception.
“As we adapted to these paradigm shifts, the focus was more on cloud first and work from home strategies with the network following along, often in inconsistent ways, based on the particular project being implemented.”
SEE: Remote Work Policy
Another 30% of respondents said their systems are siloed, so it is challenging to gather threat intelligence. “Although most system components are becoming easier to integrate with via API’s, aggregated observability systems to correlate these disparate feeds aren’t always implemented,” Amstutz said. “Coupled with this is the teams managing these environments are also often siloed and don’t always have the time or skills in the adjacent technologies.
“Each of these challenges are a vector that is susceptible to attack and the nature of attacks are becoming more sophisticated as threat actors leverage new technologies such as generative AI. This can be used not only to enhance social engineering techniques, but also to impersonate users or groups of users.”
Secure access service edge and remote workforces
SASE is a cloud-based architecture that combines network security and wide-area networking capabilities that allows businesses to securely connect users to applications and data regardless of their location. This makes it more of an attractive option for dispersed workforces rather than a series of separate architectures consisting of firewalls, VPNs, and more.
Amstutz told TechRepublic: “SASE enables a consistent approach that ensures policies are appropriate to the user’s location, their device’s posture, and the confidentiality of the data they are trying to access.”
SEE: Best Secure Access Service Edge Platforms in 2024
The Xalient team also surveyed U.K. businesses about their stance on SASE and if their security challenges were pushing them towards it. Surprisingly, only 8% said they had adopted SASE to secure remote access, lower than the global average of 14%.
The top three, each cited by 14% of respondents, reasons are:
- The rising costs of traditional networking architecture.
- Performance issues with business-critical SaaS apps.
- Efforts to move away from using legacy VPNs.
“The costs of traditional networking architecture and legacy systems and infrastructure are more of an issue in the U.K. than in other regions,” the researchers wrote in a press release. European companies tend to specialise in mature technologies, meaning the region is often seen as technologically behind, particularly compared to the U.S.
Indeed, the top advantage of SASE adoption for U.K. businesses was enhanced functionality of mission-critical SaaS applications, cited by 35% of respondents. However, the second biggest was securing remote access, as reported by 30%.
U.K. residents were also most likely to deploy Secure Services Edge (SSE) first, then SD-WAN, and the report’s authors said “a large remote workforce and the need to displace legacy technology could be driving this approach.”