View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with Sophos
  1. Partner content
May 22, 2023

Cybersecurity in 2023 is a two-speed system

New research from Sophos indicates that cybercriminals are adapting faster than IT cybersecurity departments.

By Tech Monitor Staff

Anyone working in IT security will tell you that they’re party to an arms race. The digitalisation of the global economy over the past two decades has seen the common variety cyberattack as the best means for criminal organisations to turn a profit. Consequently, both IT security departments and cybercriminal cartels have been racing to undermine one another’s efforts in a constant tête-à-tête of breaches and patches.

New independent research commissioned by Sophos indicates that the advantage in this race is passing inexorably to cybercriminals. In a survey of 3,000 business leaders in charge of cybersecurity for their organisations across 14 countries, more than 94% of respondents revealed that they had experienced some form of cyberattack in the past year. A staggering 93% of organisations, meanwhile, stated that they found the execution of essential security operations tasks ‘challenging.’ Worse yet are the percentages of respondents who’ve fallen victim to cyberattacks over the past 12 months. While ransomware was the runaway favourite tool of subversion for cybercriminals, 27% of organisations had undergone phishing attacks, while 26% and 24% had undergone data exfiltration and cyber extortion respectively.

Often the cause for these devastating breaches has been the so-called active adversary, the threat actor capable of adapting their techniques, tactics and procedures in real-time in response to defensive actions by IT departments and their partners. 23% of organisations said that their attacks were launched by these types of hackers, though it seems that they’re more interested in the larger, juicier targets on offer – for companies worth $10m or less, the rates of reported active adversary attacks fell to just 11%.

Response time

So far, so depressing – a sentiment compounded by the general feeling of fatigue amongst respondents fending off cyberattacks. According to the survey, some 93% of companies found the execution of essential cybersecurity operation tasks ‘challenging,’ with the median time to detect, source and eliminate threats averaging up to 15 hours for firms with 3001-5,000 staff. What’s more, some 55% of respondents argued that fending off cyberattacks was negatively impacting the work of their IT teams on other projects.

How should organisations respond? One obvious move would be to reduce the attack surface capable of being suborned by hackers. By reducing the base number of opportunities cybercriminals can harness to breach your company’s systems, IT cybersecurity teams can focus their efforts more efficiently. Adaptive defences are also essential, not least in coping with active adversaries who adopt the same offensive posture by default.

Respondents agree. Three-quarters of those surveyed said that they planned to add Endpoint Detection and Response (EDR) and/or Extended Detection and Response (XDR) tools within a year. Meanwhile, 44% were contemplating an investment in managed detection and response (MDR) services. Sophos can help out in all three. Its EDR, network, firewall, cloud and email solutions help to block 99.98% of threats automatically, while its built-in account health checks highlight areas where existing corporate defences are lacking.

Only by matching the adaptive capability of the next generation of cybercriminals can firms hope to protect themselves from the rising tide of cybercrime. By harnessing Sophos tools that draw on telemetry from a huge network of corporate clients and third-party cybersecurity controls, companies can do this and more – thereby preventing themselves and their customer base from falling victim to opportunistic cybercriminal cartels.

Readers can consult the full survey from Sophos here.

Main image by Maksim Shmeljov/Shutterstock

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.