‘It’s easier than you think’: Ethical hacker slams lax security following latest data on cyber attacks

An ethical hacker has warned that companies are just not getting the basics right when it comes to cyber security, following news that one in three business are experiencing attacks at least once a week.

Rob Shapland, ethical hacker and head of innovation at Falanx Cyber spoke out in response to new data released by the Department of Digital Culture Media and Sport that shows cyber-attacks are becoming more frequent – with organisations reporting a record amount of breaches over the last 12 months.

The UK Government revealed that almost one in three businesses and a quarter of charities were experiencing attacks at least once a week. However, although the frequency of attacks is rising, the number of businesses suffering from the attacks remains the same as last year.

According to Shapland, the numbers correlate with his experience of being paid to attack firms to help improve their cyber security (a practice known as pentesting) – admitting that it’s “easier than you think” to break into a company’s networks.

“The problem is that most are not doing the basics right. Hackers will always look for the low hanging fruit, meaning businesses that have out of date systems, weak passwords, do not use multi-factor authentication and do not have cyber attack detection systems in place – making them easy targets,” Shapland said.

Following a wave of high-profile attacks over the past year including on Kaseya, Colonial Pipeline and Microsoft Exchange, there has been increased attention on the cyber security of supply chains and digital services.

In this context, the government report found that while two in five businesses use a managed IT provider to help with their cyber security, only 13 percent of firms review the security risks posed by their immediate suppliers.

Cyber Minister Julia Lopez warned firms:” No matter how big or small your organisation is, you need to take steps to improve digital resilience now.”