[ad_1]
JEDDAH – IT managers are inundated with cyber attacks from all directions and have trouble keeping up because of a lack of expertise in security, budget and advanced technologies. Sophos, the global leader in network and device security, said in its recently released global survey Puzzle of Cybersecurity.
The survey was conducted among 3,100 mid-market IT decision makers in the United States, Canada, Mexico, Colombia, Brazil, the United Kingdom, France, Germany, Australia, Japan, India and South Africa.
The investigation revealed that cyber criminals use multiple attack methods and payloads for maximum impact.
The Sophos investigation has shown that attack techniques are varied and often multi-stage, which increases the difficulty of defense networks. One in five IT managers interviewed did not know how they had been violated, and the diversity of attack methods means that a single defensive strategy is not a quick fix.
"Cyber criminals develop their attack methods and often use multiple payloads to maximize their profits. Software exploits were the initial point of entry into 23% of incidents, but they were also used one way or another in 35% of attacks, demonstrating how exploits are used at several stages of the chain of attack, "said Chester Wisniewski, principal investigator. Sophos. "Organizations that only apply external fixes to high-risk servers remain vulnerable internally and cyber criminals benefit from this and other security vulnerabilities."
The wide range, multiple stages, and scale of today's attacks are proving effective. For example, 53% of people victimized by a cyberattack were victims of a phishing e-mail and 30% of a ransomware. Forty-one percent said they had been victims of a data breach.
The survey found that weak links in security are leading more and more to compromises on the supply chain.
Based on the responses received, it is not surprising that 75 percent of IT managers consider software exploits, uncorrected vulnerabilities, and / or zero-day threats to be a major security risk. Fifty percent consider phishing a major security risk. Alarmingly, only 16% of IT managers view the supply chain as a major security risk, exposing an additional weak point that cybercriminals will likely add to their attack vector repository.
"Cyber criminals are constantly looking for a way to access an organization, and supply chain attacks are becoming more important on their list of methods. IT managers need to prioritize the supply chain as a security risk, but do not do so because they view these attacks by nation-states on high-profile targets. While it is true that nation-states have been able to create plans for these attacks, once these techniques have been made public, other cybercriminals often adopt them for their ingenuity and high success rate. " said Wisniewski. "Supply chain attacks are also an effective way for cybercriminals to conduct automated active attacks. They choose a victim from among a larger number of prospects, and then actively pirate this specific organization using keyboard manipulation techniques and detection side movements and reach their destination. "
According to the Sophos survey, IT managers reported spending an average of 26 percent of their team's time on security management. Yet 86% believe that security skills could be improved and 80% want a stronger team to detect, investigate and respond to security incidents. Talent recruitment is also a problem, with 79% of them stating that it is difficult to recruit people with the cybersecurity skills they need.
Regarding the budget, 66% said the budget for cybersecurity within their organization (staff and technology included) was lower than it should have been. Having the current technology in place is another problem, with 75% of respondents agreeing that staying up to date with cybersecurity technology is a challenge for their organization. This lack of up-to-date security, budget and technology expertise indicates that IT managers are struggling to respond to cyber attacks instead of proactively planning and managing future events.
"To control threats requires specific expertise, but IT managers often struggle to find the right talent or lack an adequate security system to respond quickly and effectively to attacks." said Wisniewski. "If companies can adopt a security system with products that work together to share information and respond automatically to threats, IT security teams can avoid the trap of perpetual catch-up after yesterday's attack and better defend against what will happen tomorrow. Implementing a security "system" helps reduce the security skills gap faced by IT managers. It is much faster and more cost-effective for businesses to increase their security maturity with simple-to-use tools that coordinate across a succession. "
With cyber threats from supply chain attacks, phishing e-mails, software explosions, vulnerabilities, unsecured wireless networks, and more, businesses need a security solution that makes them more secure. helps eliminate gaps and better identify previously unknown threats. Sophos Synchronized Security, a single integrated system, provides this essential threat visibility by integrating Sophos endpoint, network, mobile, Wi-Fi and encryption products to share real-time information and automatically react to incidents. More information on synchronized security is available on the Sophos.com site.
The Impossible Puzzle of Cybersecurity survey was conducted by Vanson Bourne, independent market research specialist, in December 2018 and January 2019. – SG
[ad_2]
Source link
