Organisations are getting cyberattacked from all directions, from a wide variety of hacking tools. This leaves IT experts unable to cope and struggling to keep up. This is according to a new report by the endpoint security firm Sophos.
The survey suggests that the attack techniques are varied and often multi-staged which makes it that much harder for security experts to keep their networks intact. Some 20 per cent of the respondents (out of 3,100 surveyed) said they didn't know how they got breached.
Still, the most popular methods seem to be ransomware and phishing.
When asked what their biggest weaknesses are, the repondents said they see software exploits, unpatched vulnerabilities and zero-day threats as their biggest security fear.
Phishing is also mentioned, while attacks on the supply chain were mentioned just 16 per cent of the time.
Looking at possible fixes, the majority (66 per cent) would love their budgets to increase. That would allow them not only to acquire state-of-the-art tech solutions, but also more manpower. The latter seems to be particularly difficult, due to the ever-widening skills gap.
“Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 per cent of incidents, but they were also used in some fashion in 35 per cent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, principal research scientist, Sophos.
“Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”
The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.
The full report, in PDF, can be found here.
Gloss