By Prince Osuagwu
Cybercriminals are deploying multiple attack methods to get a perfect result of compromising data of unsuspecting members of the public, leading one of global leaders in network and endpoint security, Sophos, to advise users to also protect themselves with multiple security applications so as not to feel the full impact of the attackers.
The company in a global survey, The Impossible Puzzle of Cybersecurity, released recently, revealed that IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to lack of security expertise, budget and up- to-date technology.
The report says that with cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats.
It recommended Sophos Synchronized Security, a single integrated system, which provides much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents.
The survey collected data from 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.
The Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.
Principal research scientist, Sophos, Chester Wisniewski said: “Cybercriminals are evolving their attack methods and often use multiple payloads to maximise profits. Software exploits were the initial point of entry in 23 per cent of incidents, but they were also used in some fashion in 35 per cent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain.
Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”
The wide range, multiple stages and scale of today’s attacks are proving effective. For example, 53 percent of those who fell victim to a cyber attack were hit by a phishing email, and 30 percent by ransomware. Forty-one percent said they suffered a data breach.
Causes of major attacks
“The report noted that it was not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk. Fifty percent consider phishing a top security risk. Alarmingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.
“Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritize supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicized, other cybercriminals often adopt them for their ingenuity and high success rate”