Payroll fraud and recruitment scams put staffing industry in top six risk sectors for cyber attacks.
A research report from OGL Computer has named HR and Recruitment as an industry sector that is particularly susceptible to cyber security risks. According to the figures 62 per cent of respondents from SMEs in the industry reported two data breaches in the last year while 37 per cent said there had been three to four breaches.
The report also highlights newer technologies such as robotics and AI that SMEs plan to adopt, how SMEs are using technology to power remote workforces and what technologies they are adopting for growth. Cyber security features heavily in the report with respondents revealing attack frequency, cyber strategy status and employee training to combat hackers. The vast majority of UK SMEs (81 per cent) confirmed that they had suffered a data breach or cyber-attack, with a considerable two in five (37 per cent) admitting they had suffered multiple breaches.
Industry verticals had a significant bearing here, with the healthcare, IT & telecoms and legal industries topping the list of those suffering multiple attacks.
The top six verticals where respondents had more than one breach, by vertical:
|Sector||2 breaches||3-4 breaches|
|Healthcare||75 per cent||25 per cent|
|IT & Telecoms||75 per cent||24 per cent|
|Legal||66 per cent||33 per cent|
|HR & Recruitment||62 per cent||37 per cent|
|Manufacturing & Utilities||57 per cent||42 per cent|
|Finance||50 per cent||50 per cent|
One respondent said his SME suffered at least 8 attacks.
Reasons to attack key industries
IT & Telecoms
Some IT companies may store large amounts of sensitive customer data, while cloud storage and computing service providers, developers of security software, or file-sharing solution providers, are often the targets of supply chain compromise attempts.
Direct attacks seek to access the organisation’s network operations and data while indirect attacks target subscribers within the telecoms sector. SME suppliers may be a gateway into the network – once inside, cyber criminals can easily access data and intercept calls, as well as control and impersonate subscribers.
HR & Recruitment
Payroll fraud, recruitment scams, corporate espionage – cyber-attackers have found numerous routes into organisations via HR. Any identifiable information is valuable to criminals, and payroll and other HR systems are a treasure trove of names, addresses and bank details. If this is compromised, not only can it affect individual employees, it also gives attackers more ammunition with which to increase the likelihood of a successful attack on other parts of the business.
Additionally, recruitment agencies are prime targets for malware. If hit by a data breach, employment agreements and sensitive documents such as passport scans and visa details are all left exposed.
Further cyber trends highlighted in the report:
- The vast majority of SMEs confirmed that they were increasingly worried, with 81 per cent more fearful of a cyber-attack or data breach
- 81 per cent of UK SMEs confirmed that they had suffered a data breach or cyber-attack
- Nearly 1 in 5 (17 per cent) IT decision-makers surveyed have no cyber strategy in place
- 76 per cent agree that they are nervous about moving from an on-premise IT infrastructure to a cloud infrastructure due to fears of data security
- 98 per cent of IT decision-makers in SMEs educate employees about how to identify a cyber threat, with the most popular approach being a combination of external and internal training (32 per cent)
- SMEs in the financial sector were more likely to suffer 3 or 4 breaches than any other sector at 50 per cent, while healthcare and IT & Telecoms sectors were most likely to suffer 2 breaches at 75 per cent.
“Cyber security has been front of mind for SME customers for some time now, as awareness of cyber-risks continues to rise,” said Colin Dennis, head of technical operations, OGL Computer. “Proactive management of IT requirements is in many ways connected to this trend, as businesses of all sizes look to compliance requirements as well as asset protection and disaster recovery.”