Cybersecurity is not getting any simpler. While protection technologies are continuing to advance rapidly, the same can also be said for the cybercriminals who try to circumvent them. Meanwhile, the increasing intricacies of threats entail that stretched IT teams have a lot to do.
Sophos recently commissioned an independent study to understand these challenges. 3,100 IT managers across 12 countries were surveyed by research house Vanson Bourne. The survey illustrates enlightening insights into the levels and types of cyberattacks as well as the challenges in managing cybersecurity.
The Survey
Vanson Bourne, a UK-based research house, interviewed 3,100 IT decision-makers between December 2018 and January 2019. To offer a representative side split within each country, the respondents were equally split between 100-1000 user organizations and 1001-5000 user organizations.
The Results
Two Out of Three Organizations Experienced a Cyberattack in 2018
Alarmingly, 9 in 10 respondents said that their organization was running up-to-date cybersecurity during the period of the attack. This shows that in spite having good intentions and behaviors, threats still get through. It may be because there are security holes that haven’t been plugged, gaps in their protection, or weaknesses in the cybersecurity.
Cyberattacks Lead to Several Areas of Concern
For IT managers, the risk of cyberattacks leads to several concerns, such as:
- Data loss
- Cost
- Damage to the business
The Reasons Why Organizations Still Struggle to Lessen Cyber Risk
Despite investments in security technologies, it’s still considered the norm to be hit by a cyberattack. The survey showed three primary reasons why organizations find it challenging to lower cyber risk:
- Attacks come from different directions.
Email and web are the main ways cyberattacks get into an organization’s environment. However, IT managers can’t just focus on these. Software vulnerabilities and external devices also play a role.
- Cyberattacks are coordinated, multi-stage, and blended.
Organizations who fell victim to a cyberattack revealed they experienced a wide range of attacks over the last year. Evidently, multi-stage attacks are now the norm. Phishing, software exploits, and ransomware are challenges IT teams are faced with.
- Talent, time, and technology are in short supply.
As what was gathered, organizations face all kinds of attacks and must secure different threat vectors. The survey showed that IT teams, on average, spend 26% of their time managing cybersecurity. This is not the ratio for the majority of the respondents.
Most respondents say they require better cybersecurity skills in their organization. However, getting the expertise to address these attacks is a big challenge. 8 in 10 organizations struggle to recruit in the right skills. There is a limited supply of and high demand for cybersecurity skills.
Conclusion
While there are heavy and ongoing investments in cybersecurity technology, the job for OT teams around the world isn’t getting any simpler. Instead of continuing to follow the same approach to cybersecurity, it is now time to move to cybersecurity as a system. By allowing security products to share information and collaborate together in real-time, you can stay on top of the threats while making space for significant IT resources.