According to a new report, UK businesses encountered more than 753,341 malicious attempts each to breach their online and IT systems in 2024. This was four percent higher than in 2023 (720,252 attacks), with businesses encountering an online threat every 42 seconds. This makes 2024 the worst year for attempted cyberattacks.
The attack rate did decline in the final quarter of 2024- this is the first time since 2021 that Q4 was not the most prolific time of year for cyberattacks. Despite the reduction this is only the third quarter on record that cyberattacks experienced by businesses exceeded 2,000 per day.
Cybercriminals Targeting Remote IoT Devices
In 2024, devices connected to the Internet of Things (loT) were the most frequently attacked by cybercriminals. Business firewalls also received more than 161 daily attacks targeting building control systems, security cameras, networked printers, remote monitoring, and industrial automation systems.
Cybercriminals also frequently targeted web applications, remote desktop software, and company databases. Typically, businesses attracted more than 20 individual attacks daily for each of these systems in 2024.
China Identified As A Hacker Hotspot
The report also found that cybercriminals are using more than a million IP addresses to launch attacks on businesses in the UK in 2024, with almost a quarter (241,019) of these being traced to areas in China.
India has also been identified as an area where a significant and increasing volume of cyberattacks have appeared, with 87,144 attacking IP addresses. This is in comparison to 81,112 attacking IP addresses in the USA in 2024.
AJ Thompson, CCO at Northdoor plc, explains:
“loT devices can be compromised by cybercriminals in several different ways and quite often this is done remotely. In many cases there is a lack of sufficient protection even though you would expect that loT, as a modern technology, would have adequate in-built protection."
“Often there is a lack of user awareness around the technology, with easily guessed passwords that are almost never changed. Many also fail to implement updates with unpatched vulnerabilities leaving devices open to cyber threats. Late updates also pose a significant threat. Seen as an inconvenience, they are almost always put off until a cybersecurity issue occurs."
“IoT connected devices need to be configured securely, which can be a daunting task for many. This lengthy process has multiple considerations, which can be onerous and time-consuming for in-house IT teams. With budgets being cut and manpower stretched, understanding which IoT devices exist, what they do, how they are configured and most importantly how they should be protected, can seem like an impossible task.
“Turning to experienced third-party IT consultancies to help relieve the pressure will be crucial in 2025 and beyond. These consultancies can provide IoT and cybersecurity expertise that in-house teams struggle with. By monitoring systems as well as educating teams about the latest threats, consultancies are in a better position to keep cybercriminals out,” concluded Thompson.
