TRENDING
////////////////////////////////////////////////////////////////////
“
IT’S NOT
SURPRISING
THAT 75% OF
IT MANAGERS
CONSIDER
SOFTWARE
EXPLOITS,
UNPATCHED
VULNERABILITIES
AND/OR ZERO-DAY
THREATS AS A TOP
SECURITY RISK.
example, 53% of those who fell victim to a
cyberattack were hit by a phishing email and
30% by ransomware. A total of 41% said
they suffered a data breach.
Weak links in security increasingly
lead to supply chain compromises
Based on the responses, it’s not surprising
that 75% of IT managers consider software
exploits, unpatched vulnerabilities and/or
zero-day threats as a top security risk. Fifty
percent consider phishing a top security
risk. Alarmingly, only 16% of IT managers
consider supply chain a top security risk,
exposing an additional weak spot that
cybercriminals will likely add to their
repertoire of attack vectors.
“Cybercriminals are always looking for
a way into an organisation, and supply
chain attacks are ranking higher now on
their list of methods. IT managers should
prioritise supply chain as a security risk,
but don’t because they consider these
attacks perpetrated by nation states on high
profile targets. While it is true that nation
states may have created the blueprints for
these attacks, once these techniques are
publicised, other cybercriminals often adopt
them for their ingenuity and high success
rate,” said Wisniewski. “Supply chain attacks
18
INTELLIGENTCIO
Chester Wisniewski – Principal Research
Scientist, Sophos
are also an effective way for cybercriminals
to carry out automated, active attacks where
they select a victim from a larger pool of
prospects and then actively hack into that
specific organisation using hand-to-keyboard
techniques and lateral movements to evade
detection and reach their destination.”
Lack of security expertise, budget
and up to date technology
According to the Sophos survey, IT
managers reported that 26% of their team’s
time is spent managing security, on average.
Yet, 86% agree security expertise could be
improved and 80% want a stronger team
in place to detect, investigate and respond
to security incidents. Recruiting talent is also
an issue, with 79% saying that recruiting
people with the cybersecurity skills they need
is a challenge.
Regarding budget, 66% said their
organisation’s cybersecurity budget
(including people and technology) is
below what it needs to be. Having current
technology in place is another problem,
with 75% agreeing that staying up to
date with cybersecurity technology is a
challenge for their organisation. This lack
of security expertise, budget and up to
date technology indicates IT managers are
struggling to respond to cyberattacks instead
of proactively planning and handling what’s
coming next.
“Staying on top of where threats are
coming from takes dedicated expertise,
but IT managers often have a hard time
finding the right talent or don’t have a
proper security system in place that allows
them to respond quickly and efficiently to
attacks,” said Wisniewski. “If organisations
can adopt a security system with products
that work together to share intelligence
and automatically react to threats, then
IT security teams can avoid the trap of
perpetually catching up after yesterday’s
attack and better defend against what’s
going to happen tomorrow. Having a
security ‘system’ in place helps alleviate the
security skills gap IT managers are facing.
It’s much more time and cost effective for
businesses to grow their security maturity
with simple to use tools that coordinate with
each other across an entire estate.”
Synchronised security solves the
impossible puzzle of cybersecurity
With cyberthreats coming from supply
chain attacks, phishing emails, software
exploits, vulnerabilities, insecure wireless
networks and much more, businesses
need a security solution that helps
them eliminate gaps and better identify
previously unseen threats. Sophos
Synchronized Security, a single integrated
system, provides this much needed visibility
to threats by integrating Sophos endpoint,
network, mobile, Wi-Fi, and encryption
products to share information in real-time
and automatically respond to incidents. n
“
ONE IN FIVE
IT MANAGERS
SURVEYED
DIDN’T KNOW
HOW THEY WERE
BREACHED AND
THE DIVERSITY OF
ATTACK METHODS
MEANS NO ONE
DEFENSIVE
STRATEGY IS A
SILVER BULLET.
www.intelligentcio.com