In a recent survey by Vanson Bourne, a UK based Research Company, more than two-thirds (68%) of organizations say a cyber-attack hit them in the last year. Larger organizations suffered more attacks (73%) than smaller ones (63%). There are two likely reasons for this difference:
a) Larger organizations are more targeted by cybercriminals as they are considered to be more lucrative victims
b) Larger organizations are capable of detecting a cyber-attack compared their smaller counterparts as they have more IT resources to detect and investigate issues
Of course, we have to assume that many cyberattacks still go undetected. The actual number could well be higher. One explanation for this discrepancy is that cyberattack targets are not equally dispersed around the globe. When looking at individual threats, we often see explicit geographic targeting at play.
1. Most Risks (36.7%) are discovered on the server
Servers are generally considered “safe” by IT administrators as users don’t log into them, but in fact, the data shows they are the most at risk. Modern attacks often start at endpoints before moving laterally to servers, the higher-value targets. The fact that organizations are catching the threats on the servers rather than the endpoints suggests a lack of visibility into what’s happening earlier in the threat chain, as well as endpoint security gaps. It is also possible that attacks are noticed on the server because that is when they can cause the most significant impact on the business.
2. Nearly one in 10 threats are discovered on mobile devices
With 9.6% of threats detected on mobile devices, the data suggests that mobile threats are a significant danger. Organizations need to ensure all devices with access to corporate information are adequately secured.
3. Organizations lack the tools they need to assess dwell time accurately
With 17% of threats, organizations do not know how long it was in their environment before being discovered. For the vast majority of small- and mid-sized organizations, being able to understand how significant a threat penetrated the organization requires time, tools, and expertise that they don’t have.
4. Organizations lose 41 days each year investigating non-issues
Organizations spend, on average, four days a month studying potential security issues, or 48 days a year. However, only 15% turn out to be actual infections. As a result, organizations are spending 85% of the time investigating non-issues, equivalent to around 41 days each year. This has significant financial and productivity implications:
a) Direct cost—the financial and resourcing impact of spending such significant amounts of time investigating non-issues
b) Opportunity cost—the IT activities that staff are not getting to because they are studying non-issues
This colossal inefficiency also helps explain why the most desired endpoint detection & response (EDR) feature is the identification of suspicious events. By having practical tools in place to help organizations identify what is suspicious, they can focus their limited resources in the right places rather than searching for needles in a haystack. Being able to identify suspicious events better, organizations will:
a) Improve efficiency: Use their limited resources more effectively
b) Reduce exposure: Find and address actual security incidents faster
c) Minimize risk: Focus resources on the suspicious events that are most likely to put the organization at risk
5. More than half of organizations don’t see the value of their EDR solutions
EDR has swiftly become must-have technology. According to a recent survey, approximately 93% of IT managers surveyed either have or plan to have EDR in their security arsenals. Of the small number of respondents who don’t currently have EDR, a massive 89% plan to add it to their defenses, with 61% planning to do so within the next six months. In light of the earlier revelations about time spent investigating security incidents and the lack of visibility into the threat chain, these EDR plans make a lot of sense.
The survey had a specific learning tone for enterprises as it revealed distinct differences in some areas between those who had been victims of a cyber-attack and those who had avoided hackers. Organizations that generally fall victim are:
a) More cautious—they investigate twice as many incidents as other organizations
b) Spend more time on cybersecurity—they spend four days a month investigating potential incidents
The reality is that EDR can help address many of the challenges mentioned above. Start with understanding cyber-attacks. There is clearly a knowledge gap here as 17% of IT managers don’t know how long the threat was in their environment, and 20% don’t know how it got in. This Fraud Awareness Week lets us pull up our socks and understand the importance of EDR that is given a miss.
If you want to know more about Cyber Security and Information Security, then download our latest whitepapers on Security