OXFORD, UK — Julho 10, 2019 —

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced the findings of its global survey, The Impossible Puzzle of Cybersecurity, which reveals IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology. The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.

Cybercriminals Use Multiple Attack Methods and Payloads for Maximum Impact

The Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.

“Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, principal research scientist, Sophos. “Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”

The wide range, multiple stages and scale of today’s attacks are proving effective. For example, 53 percent of those who fell victim to a cyberattack were hit by a phishing email, and 30 percent by ransomware. Forty-one percent said they suffered a data breach.

Weak Links in Security Increasingly Lead to Supply Chain Compromises

Based on the responses, it’s not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk. Fifty percent consider phishing a top security risk. Alarmingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.

“Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritize supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicized, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski. “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”

Lack of Security Expertise, Budget and Up to Date Technology

According to the Sophos survey, IT managers reported that 26 percent of their team’s time is spent managing security, on average. Yet, 86 percent agree security expertise could be improved and 80 percent want a stronger team in place to detect, investigate and respond to security incidents.  Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is challenge.

Regarding budget, 66 percent said their organization’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with 75 percent agreeing that staying up to date with cybersecurity technology is a challenge for their organization. This lack of security expertise, budget and up to date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and handling what’s coming next

“Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski. “If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow. Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.”

Synchronized Security Solves the Impossible Puzzle of Cybersecurity

With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats. Sophos Synchronized Security, a single integrated system, provides this much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents. More information about Synchronized Security is available at Sophos.com.

 

The Impossible Puzzle of Cybersecurity survey was conducted by Vanson Bourne, an independent specialist in market research, in December 2018 and January 2019. This survey interviewed 3,100 IT decision makers in 12 countries and across six continents in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa. All respondents were from organizations with between 100 and 5,000 employees.

Sobre a Sophos

A Sophos é líder mundial em soluções inovadoras e avançadas em segurança que defendem contra ataques cibernéticos, incluindo o serviço MDR (Managed Detection and Response) e serviços de resposta a incidentes, além de um amplo portfólio de tecnologias de segurança de endpoint, rede, e-mail e nuvem. Uma das maiores provedoras globais pure-play de segurança cibernética, a Sophos se incumbe da defesa de mais de 600.000 organizações e de mais de 100 milhões de usuários contra adversários ativos, ransomwares, phishing, malwares e outros ataques. Os produtos e serviços da Sophos são interconectados através do painel de gerenciamento do Sophos Central e administrados pelo Sophos X-Ops, a unidade de inteligência de ameaças da empresa que oferece abrangência entre domínios. A inteligência do Sophos X-Ops otimiza todo o ecossistema de segurança cibernética adaptativa da Sophos, que inclui um Data Lake centralizado que se utiliza de um rico acervo de APIs abertas disponíveis para clientes, parceiros, desenvolvedores e outros fornecedores de cibersegurança e tecnologia da informação. A Sophos oferece Cybersecurity as a Service para as organizações que necessitam de soluções de segurança gerenciada. O cliente também pode gerenciar a sua própria segurança cibernética, utilizando a plataforma de operações de segurança da Sophos, ou operar seguindo uma abordagem híbrida para complementar suas equipes internas com os serviços da Sophos, como a caça e remediação de ameaças. A venda de produtos e serviços da Sophos é feita por parceiros revendedores e provedores de serviços gerenciados (MSP) em todo o mundo. A Sophos está sediada em Oxford, no Reino Unido. Mais informações se encontram disponíveis no site www.sophos.com.