This is despite most organizations having up-to-date protections in place
IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm, according to a Sophos research report, The Impossible Puzzle of Cybersecurity. In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68%) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26% of IT’S time, on average, is spent on cybersecurity issues.
Nine out of 10 (91%) of respondents said they were running up-to-date cybersecurity protections at the time of a successful attack, according to the report.
“This reveals that, despite good intentions and behaviors, threats are getting through,” according to the report. “This may be through weaknesses in the cybersecurity, or because there are security holes that haven’t been plugged or gaps in their protection – while an organization might have been running up-to-date endpoint protection, this doesn’t mean all other devices were secure.”
The survey also showed that attacks are coming via multiple channels, including email (accounting for 33%) and web (30%), software vulnerabilities (23%), unauthorized USB sticks or other external devices (14%), and more. However, worryingly, a fifth (20%) of IT managers said they didn’t know how their networks were compromised.
In terms of the attacks that succeeded, over half of them (53%) were phishing attacks; a third (35%) resulted in malware infections; another 35% pointed to software exploits; and 30% said they were hit with ransomware.
IT managers consider their greatest risk to be phishing mails (50% flagged this as the number-one threat), followed by software exploits (45%). Third on the list is people, including internal staff, contractors and visitors.
“We humans are ranked a top-three security concern by 44% of respondents, and clearly present IT teams with quite a different type of cybersecurity challenge,” the report noted.
Wi-Fi security also weighs heavily on the minds of IT managers, with more than a third (36%) ranking it as a top-three concern, followed by unknown devices (31%).
IT managers surveyed also mentioned a shortage of key skills on staff, which makes it that much harder to keep up with the volume of incidents and the scope of risks. Most respondents (86%) said that they needed more skills to combat threats, but 80% also said that they struggled to recruit the right people. Two-thirds of respondents said that their budgets for people and technology were too low.
Unsurprisingly, the inability to fend off attacks has led to significant concerns on the part of IT managers: Data loss was the number one concern for 31% of respondents, followed by cost and damage to the business (21%).