The cyberattacks they are constantly growing and coming from anywhere. So IT managers are unable to react to their repeated attacks, due to budget, technology, but unfortunately also know-how. According to a survey conducted by the security company software and hardware, Sophos, named "The Impossible Puzzle of Cybersecurity".
IT executives from medium-sized companies in the US, Canada, Mexico, Colombia, Brazil, the United Kingdom, France and South Africa participated in this. Still showed how the techniques attack are varied and often multiple, increasing the difficulty of defending networks. One in five IT managers who took part in research, they did not know what was the vulnerability that allowed the attack.
According to Chester Wisniewski, Sophos' chief research scientist, organizations that simply correct external problems remain vulnerable within themselves. The 53% of those who fell victim to a cyberattack reported being hit by phishing email and 30% of ransomware.
It is not surprising that 75% of IT managers believe that software exploits, vulnerabilities that are not properly corrected, and zero-day threats are some of the greatest security risks. Others consider phishing as the greatest security risk.
The Cybercriminals they are constantly creating ways to strike an organization and usually the first in their choices is the attack on supply chain. This is why managers have to target their forces there. On the other hand, in South Africa, only 16% said it actually considered it a risk.
Other findings from Sophos' research show that IT managers reported that 26% of their team time spent on security management. However, 86% agrees that security expertise can be improved and 80% wants a stronger team to locate, investigate, and respond to security incidents.
Regarding the budget of each company, 66% stated that the organization's budget in its field cybersecurity is less than what it needs. In addition, 75% agrees that keeping an organization up-to-date in this area is extremely difficult. The lack of knowledge in the field of security, budget and modern technology suggests that managers are struggling to cope with the attacks instead of preparing for the next.
Finally, Wisniewski says that being informed organizations potential threats are difficult but if organizations can adopt a system security with means that work to share information and react automatically to threats, IT security teams will be able to cope with it that comes out much more quickly and easily.