Anyone working in IT security will tell you that they’re party to an arms race. The digitalisation of the global economy over the past two decades has seen the common variety cyberattack as the best means for criminal organisations to turn a profit. Consequently, both IT security departments and cybercriminal cartels have been racing to undermine one another’s efforts in a constant tête-à-tête of breaches and patches.
New independent research commissioned by Sophos indicates that the advantage in this race is passing inexorably to cybercriminals. In a survey of 3,000 business leaders in charge of cybersecurity for their organisations across 14 countries, more than 94% of respondents revealed that they had experienced some form of cyberattack in the past year. A staggering 93% of organisations, meanwhile, stated that they found the execution of essential security operations tasks ‘challenging.’ Worse yet are the percentages of respondents who’ve fallen victim to cyberattacks over the past 12 months. While ransomware was the runaway favourite tool of subversion for cybercriminals, 27% of organisations had undergone phishing attacks, while 26% and 24% had undergone data exfiltration and cyber extortion respectively.
Often the cause for these devastating breaches has been the so-called active adversary, the threat actor capable of adapting their techniques, tactics and procedures in real-time in response to defensive actions by IT departments and their partners. 23% of organisations said that their attacks were launched by these types of hackers, though it seems that they’re more interested in the larger, juicier targets on offer – for companies worth $10m or less, the rates of reported active adversary attacks fell to just 11%.
Response time
So far, so depressing – a sentiment compounded by the general feeling of fatigue amongst respondents fending off cyberattacks. According to the survey, some 93% of companies found the execution of essential cybersecurity operation tasks ‘challenging,’ with the median time to detect, source and eliminate threats averaging up to 15 hours for firms with 3001-5,000 staff. What’s more, some 55% of respondents argued that fending off cyberattacks was negatively impacting the work of their IT teams on other projects.
How should organisations respond? One obvious move would be to reduce the attack surface capable of being suborned by hackers. By reducing the base number of opportunities cybercriminals can harness to breach your company’s systems, IT cybersecurity teams can focus their efforts more efficiently. Adaptive defences are also essential, not least in coping with active adversaries who adopt the same offensive posture by default.
Respondents agree. Three-quarters of those surveyed said that they planned to add Endpoint Detection and Response (EDR) and/or Extended Detection and Response (XDR) tools within a year. Meanwhile, 44% were contemplating an investment in managed detection and response (MDR) services. Sophos can help out in all three. Its EDR, network, firewall, cloud and email solutions help to block 99.98% of threats automatically, while its built-in account health checks highlight areas where existing corporate defences are lacking.
Only by matching the adaptive capability of the next generation of cybercriminals can firms hope to protect themselves from the rising tide of cybercrime. By harnessing Sophos tools that draw on telemetry from a huge network of corporate clients and third-party cybersecurity controls, companies can do this and more – thereby preventing themselves and their customer base from falling victim to opportunistic cybercriminal cartels.
Readers can consult the full survey from Sophos here.
Main image by Maksim Shmeljov/Shutterstock