Ransomware attacks among the most likely to get through defences, research

Even before WannaCry, organisations were reporting relatively high infiltration rates for ransomware

With cyber threats there is only one thing that's certain: it's a matter of when not if an attacker will break through. A recent Computing poll of large organisations found that more than half had suffered a data breach of malware attach in the last 12 months, with another 13 per cent unsure.

The poll was conducted before the recent WannaCry ransomware outbreak which had such drastic consequences for many organisations, including the NHS, so it's likely the numbers would be even larger now.

Of those that had experienced an attack, about half considered the impact to be minor. This is presumably because the attack was thwarted before it could do too much damage.

Ransomware was the second most common type of attack mentioned by the respondents. Of those who said they had been attacked, 81 per cent mentioned ransomware, with almost half saying some damage had been done before it could be stopped: the proportion of successful attacks was the highest for this category. Given that the WannaCry perpetrators used an NSA-created exploit targeting unpatched Windows devices, no doubt this number is even higher now. With new variants emerging all the time, ransomware, it seems, is hard to stop.

Other viruses and malware, while not featuring so much in the headlines, remain a real menace with about a third of those hit saying their organisation's defences had been breached and some damage done before mitigation could be achieved.

Phishing and spearphishing attempts were the most common type, reported by 84 per cent, although the vast majority of attempts were detected before the perpetrators could achieve their goal of obtaining usernames, passwords contacts and connections. Phishing is often used as a precursor to other forms of attack, such as theft, fraud and sabotage - and indeed ransomware.

The high percentage of firms reporting attacks and breaches in part reflects the size of the organisations polled - 2,000 seats and above. Such organisations make tempting targets. Moreover, they have a lot of endpoints to protect and inevitably at some point something will get through. At that point it's important it is picked up early before the damage can spread throughout the wider network.

It also reflects the sheer number of new threats and vulnerabilities out there, and the ever-growing sophistication of some attackers.

The exponential rise in the number of devices and connections as well as the constant mutation of existing malware is giving rise to new types of AI-based defences that constantly monitor analyse very complex networks so that abnormal patterns can be quickly identified and mitigated.