IT Managers are Inundated with Cyberattacks from All Directions and Struggling to Keep Up, According to Sophos Global Survey
Cybercriminals Use Multiple Attack Methods and Payloads for Maximum Impact
The Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.
“Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, principal research scientist, Sophos. “Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”
The wide range, multiple stages and scale of today’s attacks are proving effective. For example, 53 percent of those who fell victim to a cyberattack were hit by a phishing email, and 30 percent by ransomware. Forty-one percent said they suffered a data breach.
Weak Links in Security Increasingly Lead to Supply Chain Compromises
Based on the responses, it’s not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk. Fifty percent consider phishing a top security risk. Alarmingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.
“Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritize supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicized, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski. “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”
Lack of Security Expertise, Budget and Up to Date Technology
According to the Sophos survey, IT managers reported that 26 percent of their team’s time is spent managing security, on average. Yet, 86 percent agree security expertise could be improved and 80 percent want a stronger team in place to detect, investigate and respond to security incidents. Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is challenge.
Regarding budget, 66 percent said their organization’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with 75 percent agreeing that staying up to date with cybersecurity technology is a challenge for their organization. This lack of security expertise, budget and up to date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and handling what’s coming next.
“Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski. “If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow. Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.”
Synchronized Security Solves the Impossible Puzzle of Cybersecurity
With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats. Sophos Synchronized Security, a single integrated system, provides this much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents. More information about Synchronized Security is available at Sophos.com.
The Impossible Puzzle of Cybersecurity survey was conducted by Vanson Bourne, an independent specialist in market research, in December 2018 and January 2019. This survey interviewed 3,100 IT decision makers in 12 countries and across six continents in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa. All respondents were from organizations with between 100 and 5,000 employees.
Aspin Commercial Tower,
Office no 18, 28th Floor
Financial Tower Metro Station
Sheikh Zayed Road
As a worldwide leader in next-generation cybersecurity, Sophos protects nearly 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats. Powered by SophosLabs – a global threat intelligence and data science team – Sophos’ cloud-native and AI-enhanced solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cybercriminal tactics and techniques, including automated and active-adversary breaches, ransomware, malware, exploits, data exfiltration, phishing, and more. The award-winning Sophos Central cloud-based platform integrates Sophos’ entire portfolio of best-of-breed products, from the Intercept X endpoint solution to the XG Firewall, into a single system called Synchronized Security. Sophos products are exclusively available through a global channel of more than 47,000 partners and Managed Service Providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com.
This release was published on openPR.
Permanent link to this press release:
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release IT Managers are Inundated with Cyberattacks from All Directions and Struggling to Keep Up, According to Sophos Global Survey here
News-ID: 1803416 • Views: 379
More Releases from Sophos
Sophos To Place The Spotlight On Security Heartbeat™ At GISEC 2016
Sophos, a global leader in network and endpoint security, today announced its participation in the Gulf Information Security Expo & Conference (GISEC) 2016, which will be held at the Dubai World Trade Centre from March 29-31, 2016. The company will feature Sophos Security Heartbeat™–the synchronized security protection for endpoints and networks, and showcase its best-in-class security solutions including Sophos SG Firewall, XG Firewall and Cyberoam NG Services at the Middle
Sophos Email Appliance Adds Next-Generation SandboxingTechnology to Reduce Risk …
Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced that its Sophos Email Appliance now includes Sophos Sandstorm, an advanced, next-generation sandboxing technology that quickly and accurately detects, blocks and responds tosophisticated, constantly-changingcyber threats. Sophos Sandstorm is an advanced persistent threat (APT) and zero day malware security technology. To combat elusive threats that target email accounts on multiple platforms and mobile devices,companies need signatureless protection
Sophos Expands Cloud-Managed Security Portfolio with Server Protection
Dubai, UAE – November 20, 2014 – Sophos today announced the release of Sophos Cloud Server Protection, a high performance malware protection solution designed specifically for servers. The solution expands Sophos Cloud to a comprehensive security platform designed to protect desktops, laptops, mobile phones, tablets and now servers with the most effective and simplest to manage business security offering available. Servers store large amounts of sensitive information
Sophos Announces Expanded Security Offerings through AWS Marketplace
Dubai, UAE– November 12, 2014 – Sophos today announced the expansion of their product portfolio on AWS Marketplace with the addition of a new secure server option for customers on Amazon Web Services (AWS). Building on the success of the Sophos UTM Next Generation Firewall product, which is offered through AWS Marketplace, the new Sophos Secure OS delivers comprehensive security bundled with CentOS. Secure AWS Servers AWS provides a comprehensive, scalable cloud
More Releases for Wisniewski
FED Publishing Releases New Book, "The Millionaire Within" by Walter Wisniewski …
The Millionaire Within, by Walter Wisniewski and Allison Vanaski, will help you get out of the way of yourself when it comes to being more successful with your own money. Smithtown, NY, USA -- Walter Wisniewski and Allison Vanaski's The Millionaire Within will show how people tend to succeed or fail with their finances based on their perceptions, behaviors and biases about money, not because they choose the right stocks at
New Owner for FacilitiesNet, NFMT Conferences, Related Magazines
Trade Press Media Group Inc (TPMG), a 103-year-old business-to-business media company, has been acquired by FORUM MEDIA GROUP, headquartered in Merching, Germany. While TPMG CEO and owner Bob Wisniewski is retiring, all other employees remain with the company, which will continue to operate out of Milwaukee. “After almost 30 years as CEO and owner, I’m excited and pleased to turn over control of our company to FORUM MEDIA GROUP,
Fritz Steiniger Prize: GDT honours Stephen Dalton for pioneering work in the fie …
Within the framework of the international nature photography festival, the GDT honoured British photographer Stephen Dalton with the Fritz Steiniger Prize for his contribution to nature photography. The results of his experiments in high-speed flash photography and his subsequent publications were landmark events in the world of photography and caused a great stir worldwide. Stephen Dalton (GB) Stephen Dalton (born in 1937) has been enthusiastic about nature and photography already at a
GRAPA Announces Revenue Assurance Professional Advocacy Committee
Advocacy Committee to play transformative role in the prestige and perception of revenue assurance within telecoms. As the culmination of a 5 year plan for the fundamental transformation and rejuvenation of the revenue assurance profession, GRAPA (the Global Revenue Assurance Professional Association) announced the creation of a Revenue Assurance Professional Advocacy Committee’s (RAPAC). This advocacy committee is dedicated to protecting and enhancing the professional reputation of the exceptional individuals who perform an
Expanded Onsite Availability: GRAPA Certified Faculty, Telecoms Risk Officer Cur …
Louis Khor completes 2-year Faculty Certification to teach GRAPA's Revenue Assurance Foundations and Telecoms Risk Officer Curriculum With constant demand from GRAPA''s membership for certification training that is customized to specific organizations, GRAPA is proud to announce an improved faculty capacity. The certification of Louis Khor as a Senior Lecturer enables him to teach GRAPA''s expanded Telecoms Risk Officer and Revenue Assurance Foundations curricula. The growing demand of organizations looking to certify