According to the latest research, last year, 2/3rd of organisations were hit by a cyberattack. An independent survey, ‘The Impossible Puzzle of Cybersecurity’ of 3,100 IT managers was carried out across 12 countries. The report is pretty clear. Just as cybersecurity protection technologies are advancing, so are the capabilities of cyber attackers and overstretched IT Security teams are struggling to stay on top.
Three major reasons why organisations are struggling to reduce the risk:
As per the research findings, 68% organisations were hit by a cybersecurity attack last year, out of those that had been hit, the average number of attacks in that year was two. Ten percent organisations were hit by 4 or more attacks.
Nine in ten organisations that were cyber-hit claimed to have up-to-date attack protection measures in place during the attack. This is a clear reminder that organisations must operate in “assume breach” mode. They should realize that no matter how robust the perimeter protection is, the risk of breach cannot be eliminated completely.
But do you know, what gives these IT security managers nightmares? The consequences of cybersecurity breaches.
Data Loss: Nearly, 1/3rd organizations placed this as their top concerns. Organizations need to ensure that they invest adequately in data loss protection (DLP), backup and recovery.
Cost: Almost, 21% of organisations cited cost of response as 2nd biggest concern arising from cybersecurity attacks. According to another research, for small and medium sized businesses, average cost of security breach has increased by 61% from $229k in 2018 to $369k in 2019.
Business Damage: 56% organisations rated this as their 3rd major concern. According to the reports, 85% of consumers were hesitant to do business with an organisation, if they are worried about its security practices. The reputational effects of a significant cybersecurity attack can be as costly as the initial response costs.
Phishing emails are the most common attack vector, used in 33% of cases. Internet used as a medium is second in the list, used in 30% of attacks. 23% of cyberattacks were through software vulnerabilities and 14% via USB stick or other external devices as the means of entry.
For 20% of incidents, organizations couldn’t identify the attack vector, which indicates that effective incident response capabilities are absent in those organisations. There are also regional variations in the prevalence of these threat vectors. For instance, in India, software vulnerabilities top the list, while in Mexico, a quarter of attacks have been via USB sticks or external devices. So, if you don’t know which security door is left open, it’s hard to shut it.
The absence of a single popular vector shows that organizations need to take a multi-pronged approach to minimise the risk, which includes
Page blockers, spam filters and policies warning against clicking on links or attachments from unknown sources so as to reduce the likelihood of web-based or email attacks.
Reduce the risk from software vulnerabilities by keeping on top of patch updates.
Physical port restrictions should be present at endpoint level so as to deal with the risk of attacks being introduced through USB drives and external devices.
As per the reports, organisations suggested that attacks that they experienced included multiple elements:
These numbers clearly suggest that most of the businesses are experiencing multi-faceted attacks. For instance, phishing messages trigger the launch of malicious code and leads to unlawful systems access violation and give rise to a data breach.
Neumetric is one of the top cybersecurity companies in Bangalore that helps manage cybersecurity risk through people, processes and technologies. The cybersecurity experts at Neumetric believe that IT departments devote 26% of their time to manage cybersecurity, which is ideally not enough. As per the research, 86% of managers say that they require greater cybersecurity skills within their organisation.
Therefore, organisations should look for ways to do more with less. For instance, businesses can incorporate enhanced Security Information and Event Management (SIEM) capabilities and increased automation in areas such as backups, patch management and reporting.
Eight in ten organisations struggle to recruit security talent and when it comes to seeking out training opportunities to bridge the skills gap, organisations and their staff have a big role to play. They must focus on boosting their cybersecurity skills and preventing such attacks. Any data loss can leave an organisation’s reputation completely in ruins. Cybersecurity should be given the highest priority.