Sophos released their state of cybersecurity study and the findings are clear – companies are not equipped to handle cybersecurity threats. The study, published last week, surveyed over 3,000 IT managers at companies around the world about their cybersecurity experiences, concerns and future plans. From their responses, the study’s authors identified seven key facts about cybersecurity, all of which point to the need for companies to focus more heavily on the issue. Here are the crucial takeaways companies need to understand about digital security moving forward:
- Cyberattacks are now the norm, not the exception. Of all organizations surveyed, 68 percent reported being victims of a cyberattack last year, with larger organizations of over 1,000 employees facing even more attacks. In the U.S., 71 percent of organizations were victims of cyberattacks. The question is no longer if a cyber attack will happen but when.
- On average, it took organizations 13 hours to realize they’d been attacked. That’s a long time for a hacker to have access to important company documents. What’s worse, though, is that many organizations, particularly smaller companies, didn’t know at all how long it took them to identify an attack. They lacked the time, tools, money and experience required to find out how long the attack had been active.
- One in five IT managers didn’t know how the threat entered their organizations. Understanding a threat’s entry point is key to preventing further attacks. This is, again, particularly an issue for smaller companies that lack the money and tools to fully investigate and understand attacks. Often those companies only have resources to fix attacks, not to study them.
- Organizations lose 41 days each year investigating low priority alerts. Only about 15 percent of investigations turn out to be related to actual infections. This costs companies immense amounts of money — money that could be spent on better cybersecurity systems.
- Eighty percent of IT managers feel unprepared to manage attacks. The majority of managers admitted to wishing they had a stronger security team in place, meaning they lack the expertise needed to ensure cybersecurity.
- More than half of organizations aren’t using their cybersecurity solutions to their fullest extent. The majority of organizations had an Endpoint Detection and Response (EDR) tool, but over 50 percent lacked the resources, such as cybersecurity expertise, to fully utilize this technology.
- Organizations that suffered attacks in the past year lost more time investigating potential attacks than those who hadn’t previously been victims of breaches. Companies that have been victims investigate twice as many potential attacks and lose one-third more time investigating attacks as compared to companies who haven’t been victims of breaches before. One potential cause of this lost time is that prior victims still have poor cybersecurity, so more threats get through and there are more potential incidents to investigate.
What does all of this mean? Bottom line: companies must prioritize cybersecurity. It can be time-consuming and expensive, but weak cybersecurity is clearly costing companies a lot of time and money already. Organizations should work to ensure that their IT managers have the training and expertise they need to handle threats. Outsourcing cybersecurity to larger, more well-equipped companies could also save a lot of money in the long run.
The best way to prevent a breach is by having a cybersecurity plan in place and regularly updated. MDL Technology offers dedicated monitoring and support for your cybersecurity needs. Learn more about our services on our website.