European Commission’s forced disclosure policy set to fail businesses

It's no secret, cyber security has become a hot topic both in the private sector and in government. Already this year numerous groups have cited a rapid influx of new sophisticated attacks such Flame and Red October as proof current defence models aren't sufficient.

Sadly though, the reality is most companies haven't even got the basics right when it comes to cyber security. To this day even basic attacks like SQL injections and cross-site scripting are disturbingly effective.

Just this week security firm Firehost reported a 160 percent boom in the number of cross-site scripting attacks that targeted its clients in the last quarter of 2012.

The reason for the increase? Well it's simple really: the basic attack techniques still work. Whether the motivation of cyber criminals is financial profit, intelligence gathering, or to cause embarrassment, groups can still more often than not accomplish their objective using what are now considered fairly rudimentary techniques.

A successful cross-site script attack, for example, can let an attacker do a whole plethora of damage, from defacing a website, to stealing data or altering a hacked website to spread malware.

Meanwhile, exploit kits like Blackhole - a particularly nasty tool available for purchase on a number of underground black cyber markets - will allow even the most non-tech savvy individuals to mount automated cyber attacks.

And while many cyber attacks on businesses are basic, their success rate is not simply down to a lack sophisticated defence efforts by security professionals, but the sheer multitude and intensity of such attacks and their ever-changing nature.

Furthermore, UK businesses hesitate in sharing intelligence on such attacks for fear of giving their rivals a competitive advantage.