Inundated with cyberattacks from all directions

Residential Estate Security Handbook 2019 Editor's Choice, Information Security, Security Services & Risk Management

Sophos has released the findings of its global survey, The Impossible Puzzle of Cybersecurity, which reveals IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology. The survey polled 3100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.

Multiple attack methods and payloads

The Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.

“Cybercriminals are evolving their attack methods and often use multiple payloads to maximise profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, principal research scientist, Sophos. “Organisations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”

The wide range, multiple stages and scale of today’s attacks are proving effective. For example, 53 percent of those who fell victim to a cyberattack were hit by a phishing email, and 30 percent by ransomware. Forty-one percent said they suffered a data breach.

Supply chain compromises

Based on the responses, it’s not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk. Fifty percent consider phishing a top security risk. Alarmingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.

“Cybercriminals are always looking for a way into an organisation, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritise supply chain as a security risk, but don’t because they consider these as attacks perpetrated by nation states on high-profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicised, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski.

“Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organisation using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”

Lack of security expertise, budget and up-to-date technology

According to the Sophos survey, IT managers reported that 26 percent of their team’s time is spent managing security, on average. Yet, 86 percent agree security expertise could be improved and 80 percent want a stronger team in place to detect, investigate and respond to security incidents. Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is a challenge.

Regarding budget, 66 percent said their organisation’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with 75 percent agreeing that staying up to date with cybersecurity technology is a challenge for their organisation. This lack of security expertise, budget and up-to-date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and handling what’s coming next.

“Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski. “If organisations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow.

“Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time- and cost-effective for businesses to grow their security maturity with simple-to-use tools that coordinate with each other across an entire estate.”

Download the report at www.securitysa.com/*sophos2 (redirects to https://secure2.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-impossible-puzzle-of-cybersecurity-wp.pdf).

Key survey findings: South Africa

Cybercriminal tactics have evolved into using multiple attack methods and often multiple payloads to maximise profits:

• Software exploits were the initial cause of 17 percent of incidents and used in 23 percent of cyberattacks, demonstrating how exploits are used at multiple stages of the attack chain.

• Phishing emails impacted 47 percent of those hit by a cyberattack.

• Ransomware impacted 38 percent of attack victims.

• 39 percent of attack victims suffered a data breach.

• Nation state adversaries have proven how successful supply chain attacks are, which means common cybercriminals are likely to adopt the attack method.

• Supply chain attacks are a launch pad to emerging automated, active-adversary attacks.

• IT teams spend 27 percent of their time managing security, yet still struggle with

a lack of expertise, budget and up-to-date technology:

• 74 percent said recruiting people with the cybersecurity skills they need is a challenge.

• 65 percent said their organisation’s cybersecurity budget is below what it needs to be.

• 73 percent believe that staying up to date with cybersecurity technology is a challenge.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Autonomous construction site protection
Editor's Choice Perimeter Security, Alarms & Intruder Detection
Ajax provides an autonomous security solution for a German construction site that is easy and flexible to install. It provides security against intrusions and theft via a 360-degree view.

Read more...
SMART and secure estates in Cape Town
Technews Publishing Axis Communications SA Gallagher DeepAlert Nemtek Electric Fencing Products Editor's Choice
In February 2024, SMART Security Solutions emigrated to the Western Cape to host its first SMART Estate Security Conference in the region in many years. For the day, we took over the prestigious D’Aria Wine Estate.

Read more...
SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Read more...
Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Read more...
AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

Read more...
Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...