Banking, energy and education sectors most targeted by cyber attacks

FireEye report details which UK industries are most targeted by cyber criminals and hackers

Financial services, energy and education firms are at the receiving end of two thirds of cyber attacks in the UK.

That's according to FireEye's Regional Advanced Threat Report for EMA, which is based on data on activity, attempts and targets of different advanced persistent threats (APT) during the first six months of 2015.

Educational institutions including universities - which hold important research data - represent the biggest target for cyber criminals, followed by energy and utilities firms and financial services.

Defence firms, telecoms and government organisations are also significant targets for cyber criminals, the report claims.

"What we once knew as the network perimeter no longer exists and to add to that advanced attacks are not going away. Organisations need to recognise that the traditional ways of protecting themselves are simply inadequate today," said Richard Turner, president EMEA at FireEye.

"A single successful advanced attack has the potential to wreak operational and economic havoc on both governments and businesses," he added.

According to FireEye, the majority of the most damaging targeted attacks on UK enterprises involve StickyFingers, malware linked to Chinese cyber criminal groups. FireEye has previously unearthed cyber criminal activities by other Chinese gangs.

"Today's cyber resilient organisations work on the assumption that they will be breached at some point and have rebalanced their security investments to ensure they can rapidly return to normal productive operation following an attack," said Turner.

"It's critical that organisations have appropriate response strategies in place, which should include partnerships with organisations that have the technology and expertise to sufficiently mitigate the business risks," he continued.

"These are decisions that need to be made at a boardroom level and not just within the IT department," Turner concluded.

FireEye rcently denied reports that it attempted to stop any public disclosure of an important series of vulnerabilities in its suite.

The patched flaws included the default use of the root account on a number of Apache servers that were providing services to FireEye's clients.

Computing's Enterprise Security and Risk Management Summit takes place later this year and is free to attend for qualified end users. Register here.