Report: 41% of Cyberattack Victims Suffer Data Breach


By Emma Okonji

Sophos, a global network and endpoint security firm has released findings of its latest survey, which showed that 41 per cent of cyberattack victims suffer from severe data breach.

It also revealed that phishing emails impacted 53 per cent of those hit by cyberattack, and Ransomware impacted 30 per cent of attacked victims.
The report stated that the situation was getting worse as Information Technology (IT) managers were struggling to keep up with such cyberattacks globally.

The report revealed that IT managers were inundated with cyberattacks coming from all directions and were struggling to keep up due to lack of security expertise, budget and up to date technology.

The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa

The Sophos survey showed how attack techniques were varied and often multi-staged, increasing the difficulty to defend networks.
One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet, the report stated.

Analysing the report, Principal Research Scientist at Sophos, Chester Wisniewski, said: “Cybercriminals are evolving their attack methods and often use multiple payloads to maximise profits.

“Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 per cent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain. “Organisations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”

The wide range, multiple stages and scale of today’s attacks are proving effective, it noted.

For example, it showed that 53 per cent of those who fell victim to a cyberattack were hit by a phishing email, and 30 per cent by ransomware. Similarly, 41 per cent said they suffered a data breach, while 75 per cent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk, according to the report, which added that 50 per cent consider phishing a top security risk.

It, however, stated that only 16 per cent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals would likely add to their repertoire of attack vectors.

“Cybercriminals are always looking for a way into an organisation, and supply chain attacks are ranking higher now on their list of methods.
“IT managers should prioritise supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets.

“While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicised, other cybercriminals often adopt them for their ingenuity and high success rate,” Wisniewski said.

According to him, “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organisation using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”

According to the Sophos survey, IT managers reported that 26 per cent of their team’s time was spent managing security, on average, yet, 86 per cent agreed that security expertise could be improved and 80 per cent of them want a stronger team in place to detect, investigate and respond to security incidents.

“With cyber threats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats.”