Shopos has announced the findings of its global survey called the Impossible Puzzle of Cybersecurity. Sophos has conducted the study into the experiences of 3,100 IT managers across 12 countries which include Australia, Brazil, Canada, Colombia, France, Germany, India, Japan, Mexico, South Africa, and the United States. The survey gave insights into level and types of cyberattacks, and difficulties managing cybersecurity.
The survey found that 68% of the respondents were unable to defend themselves from cyber-attack entering their network or endpoints. The average number of attacks was two, although 10% experienced four or more attacks.91% of the organizations surveyed, revealed that at the time of attack, they were running up to date protection. This proves that being cyber secured and running up-to-date endpoint protection, this doesn’t mean all other devices were secure.
Cyberattack and areas of concern
The risk of cyberattacks leads to multiple concerns for IT managers includes:
Data loss the principal concern voiced by survey respondents with 31% rating it their number one concern. Over two-thirds (68%) considering it one of their top-three concerns.
21% of respondents considered the cost both financial and time/ effort of dealing with the issue their primary concern.
Damage to the business ranked a top-three concern by over half of IT managers (56%) and the #1 concern by 21%.
13% of respondents considered damage to the image of IT across the business their biggest concern from being hit by a cyberattack.
The question is why organizations are still struggling to reduce cyber attack
The survey revealed three main reasons why organizations are struggling to reduce cyber risk.
# Attacks come from multiple directions
IT teams have to manage a wide range of risks when it comes to cybersecurity. The respondents revealed what they consider to be their top security risk. Given the attack vectors that phishing attack is number (#1) and software exploits (#2) feature high on the list.
However, in third position on the list are people, including internal staff, contractors, and visitors. We humans are ranked a top-three security concern by 44% of respondents, and clearly present IT teams with quite a different type of cybersecurity challenge.
# Cyberattacks are multi-stage, coordinated, and blended
Respondents whose organizations had been victims of a cyberattack revealed that they had suffered a wide range of attacks over the last year.
These numbers clearly add up to more than 100%, indicating that multi-stage attacks are now the norm. For example, a phishing email could install malicious code that takes advantage of a software exploit to install ransomware. The high numbers involved also confirms the scale of the challenge facing IT teams.
#3 Technology, talent, and time are in short supply
The survey revealed that, on average, IT teams spend 26% of their time managing cybersecurity. For the majority of respondents this is not the right ratio.
Indian organizations spend the most time (32%) and Japanese teams the least (19%). Organizations that had been hit by a cyberattack spend a little more time on IT security (28%) than those that hadn’t experienced an attack (23%).
Given the variety and complexity of threats, it’s not surprising that 86% of respondents say they need greater cybersecurity skills in their organization. Those organizations that had experienced an attack have greater need for cybersecurity expertise than those that hadn’t (89% vs. 79%).
This could be because they have more security issues that need fixing, or the result of heightened awareness of the complexity of today’s attacks. However, bringing in the expertise to fill these gaps is a major challenge. Eight in 10 organizations say they struggle to recruit in the right skills. When it comes to recruitment, India faces the greatest challenge (89%) and Germany the least – but still, two in three German IT managers say they struggle to bring in the right skills.
At the same time, cybersecurity budgets are not sufficient with two in three (66%) respondents saying that their budget for people and technology is too low. This rises slightly to 70% in those organizations that were hit by a cyberattack in 2018 says the report.
Chester Wisniewski, Principal Research Scientist at Shopos said: “Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23% of incidents, but they were also used in some fashion in 35% of all attacks, demonstrating how exploits are used at multiple stages of the attack chain.”
(Image Courtesy: www.engineering.nyu.edu)