The Adaptive guide to Cyber Security for Drupal
Dan Frost

Cyber security is one of our key focuses for 2023 here at Adaptive - and we strongly recommend that it be one of yours too.

In the first of a number of posts on the subject over the next couple of weeks, here's why we're prioritising security in 2023. 

In the last 12 months, 39% of UK businesses identified a cyber attack. Of these, 31% of businesses and 26% of charities estimate they were attacked at least once a week.(i)

When it comes to cyber security, one of the biggest risks comes from thinking that it won't happen to you. Phases like "why would anyone want to attack our charity?" or "Our business is too small for anyone to bother with" are heard far too commonly.

The reality though is that the majority of cyber attacks are completely indiscriminate. Most are automated, at least initially, and the bots and scripts involved have no interest in your organisation's size, sector or any other factors. They are just looking for any and all opportunities to find and exploit any weakness that they can.

Cyberattacks in the first half of 2022 rose by 42% compared to 2021(ii)

There has been a sharp rise in the volume of cyber attacks in recent years, particularly since the start of the COVID-19 pandemic in 2020. The variety of different techniques and attack vectors is also ever-increasing. Organisations and individuals alike should therefore be doing whatever they can to avoid being caught out.

The 2022 Cyber Security Breaches Survey conducted by the Department for Digital, Culture, Media and Sport found that 83% of threats to small businesses came from phishing attempts. Many cyber attackers also exploit publicly disclosed vulnerabilities to gain access to systems and networks so regular updating is essential to keep these secure.

Half of all UK charities feel that it's either likely or highly likely that they will suffer a cyberattack(iii)

Within the charity sector, 95% of those surveyed say that they feel cyber security is either highly or extremely important and yet only 50% of those organisations are anticipating that there will be attempts to infiltrate their security. It's unclear whether the other 50% feel they are unlikely to suffer an attack due to being suitably protected or are simply blissfully ignorant of the potential threat.

Either way, the previous finding that 83% of threats come from phishing attempts shows that, no matter how much you do centrally as an organisation to protect your systems and infrastructure, individual staff members could still easily fall victim to a phishing email aiming to extract important login details or other sensitive information from them.

After receiving cyber security education, only 31% of users stopped reusing passwords(iv)

Perhaps one of the most alarming research findings suggests that even when individuals are made aware of the threats, many still don't heed the warnings and take suitable action.

Most of us are aware of the regularly-repeated password mantras around suitable complexity and not re-using the same password for different things - but, admit it, how perfect really are you when it comes to your passwords?

If you take just one thing from this post, we hope that it's to make a late new year's resolution to review and change your passwords for all your online accounts if they are weak or reused.

What else can you do to reduce the risk of cyber attacks?

The Government's National Cyber Security Centre has a wealth of advice for general good practices that you should consider to try and minimise the risk of your business or organisation falling victim to a cyber attack. See the summary here and more in-depth guide here.

Specifically for Drupal websites, Adaptive already provide a range of Cyber Security services for Drupal and will be adding further to that armoury over the coming months. Contact us for specific advice and guidance on the steps you should be taking to ensure your website remains as secure as possible.

Look out for more of our upcoming insight posts on the topic of Cyber Security, including one later this week looking specifically at password and login security which we would recommend you share with your teams.

(i) DCMS, Cyber Security Breaches Survey, July 2022
(ii) Forbes, October 2022
(iii) National Cyber Security Centre, "The state of cyber security in the UK charity sector", 2022
(iv) LastPass, Psychology of Passwords 2022