TechInAfrica – Sophos has announced the findings of its global survey called the Impossible Puzzle of Cybersecurity. The findings show that IT managers are surrounded by cyberattacks from all directions and struggling to address the issue. This was because of the lack of security expertise, budget, and advanced technology.
Sophos collected the survey from 3,100 IT decision makers from mid-sized companies with between 100 and 5,000 employees spread in several countries in the world, including Australia, Brazil, Canada, Colombia, France, Germany, India, Japan, Mexico, South Africa, and the United States.
According to the survey, the attacks have various technics and multi-staged which increase the hardship of protecting networks. Around one out of five IT managers surveys had no idea how they were attacked while at the same time they did not know how to protect themselves from the attacks.
Chester Wisniewski, Principal Research Scientist at Sophos, said: “Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain.”
He continued, “Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”
Furthermore, about 75% of IT managers surveyed said that software as a top security risk while 50% of them agreed that phishing was a top security risk. Meanwhile, only 16% of them said that supply chain as a top security risk which resulted in an additional weak spot that cybercriminals tend to use as their repertoire of attack vectors.
“Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritize supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. While it is true that nation-states may have created the blueprints for these attacks, once these techniques are publicized, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski.
“Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”
For more comprehensive results of the Impossible Puzzle of Cybersecurity Survey by Sophos, you can read the original article here.
Source: biztechafrica.com