Companies feel they are losing the cybersecurity battle, according to research released by Sophos this week. IT managers are inundated with cyberattacks from all directions and struggling to plug all the security gaps.
In the survey, titled The Impossible Puzzle of Cybersecurity, Sophos surveyed 3,100 IT managers across 12 countries about their cybersecurity experiences. The respondents, who worked for organizations with between 100 and 5,000 users, reported difficulties in protecting their infrastructures, leading to a large number of successful hacks.
According to the survey, two out of three organizations (68%) suffered a cyber attack in 2018 that they were unable to prevent from entering their network. Nine out of 10 (91%) said they were running up-to-date cybersecurity protection at the time.
Why are companies still getting hit even though they are taking tangible steps to reduce their cybersecurity risk? The report muses that there are some security holes not being plugged.
For example, an up-to-date malware signature list won’t stop attackers hijacking your accounts, while rock-solid authentication won’t help if you’re not protecting your computers from ransomware. Good cybersecurity demands defense in depth and proper risk assessment so that you can protect your weakest spots from attack first.
The survey also revealed that companies are facing attacks via multiple channels, including email (highlighted as a source of attacks by 33%) and web (30%) among others. Software vulnerabilities and unauthorised USB sticks or other external devices were also common attack vectors. Perhaps even more worrying is that 20% of IT managers didn’t know how their networks were compromised.
In many cases, companies aren’t just dealing with one type of attack.
According to Sophos’s report:
Respondents […] revealed that they had suffered a wide range of attacks over the last year.
Over half (53%) of the organizations hit suffered phishing emails; 35% reported malicious code; 35% pointed to software exploits; and 30% highlighted ransomware.
The third problem facing IT departments is a shortage of key skills – 26% of the IT team’s time is spent on cybersecurity issues, demonstrating the intensive effort involved in staving off attacks.
A large proportion of respondents (86%) said that they needed more skills to combat these threats. The problem is they can’t get them: 8 in 10 said that they struggled to recruit the right people.
Part of the problem is that they can’t muster the finances to pay what the market demands. Two-thirds of respondents said that their budgets for people and technology were too low.
The inability to fend off increasingly complex attacks worries companies because of its potential implications. Data loss was the number one concern for 31% of respondents, followed by cost and damage to the business, which were the biggest concerns for 21% of people.
To find out more about what IT managers think, read the full survey.
If you work in IT, tell about the pressures you face.