IT managers are more likely to detect cybercriminals on their servers and networks than anywhere else, according to research 7 Uncomfortable Truths of Endpoint Security of Sophos.
Discovering internet attacks
In fact, IT managers have discovered 37% of the most significant online attacks on their organization's servers and 37% on their networks.
Only 17% was discovered in endpoints and 10% was found on mobile devices. More than 3.100 IT managers from medium-sized businesses in 12 countries like USA, Canada, Mexico, Colombia, Brazil, the United Kingdom, France, Germany, Australia, Japan, India and South Africa.
"Servers store financial, labor and other sensitive data and with stricter laws such as GDPR, which require organizations to report any data breaches, servers' security packages are at a high level. "It makes sense for IT managers to focus on protecting critical business servers to prevent attackers from entering the network, which in turn leads to more hacker detection in these two areas," said Chester Wisniewski, chief researcher. Sophos. "However, IT managers can not ignore endpoints because most cyber attacks start from there, but a higher-than-expected number of IT managers still can not determine how threats enter the system."
Exposing the starting points of an attack
Twenty percent of IT managers who have been the victims of one or more cyber attacks last year can not detect how attackers gained access, and 17 percent do not know how long the threat was in their environment before they find it, according to the survey.
In order to improve this delay, IT managers need endpoint detection and response technology (EDR), which outlines the threat starting points and digital fingerprints of attackers running through a network.
"If IT managers do not know the origin or movement of an attack, then they cannot minimize the risk and break the chain of attack to prevent further penetration," Wisniewski said. “EDR helps IT managers identify risks and implement a process to secure the network. "If technology is more focused on detection, EDR can find, block and recover the threat faster."
On average, organizations that are investigating one or more potential security incidents each month spend about 48 days a year (four days a month) to investigate them, according to the survey. Not surprisingly, IT managers rank 27%, Notification Management (18%), and 13% as the three key features needed by EDR solutions.
Most online attacks can stop within seconds in the endpoints without sending a notification. Stubborn attackers, including those running targeted ransomware such as SamSam, take the time they need to break a system by finding badly selected passwords on remote systems (RDP, VNC, VPN, etc.).
Fifty-seven percent of respondents said they are planning to implement an EDR solution within the next 12 months. The existence of EDR also contributes to addressing a skills gap. 80% of IT managers want to have a stronger team, according to the survey.