Cyberattacks might happen or take time, but they are definitely a certainty. It is well to be noted that almost all the organisations, i.e., 94% of them, experienced a cyberattack in some form or another in 2022, as per research from Sophos that was released on April 4.
Notably, all the organisations must assume that they will be targets of cyberattacks in 2023, the researchers went on to warn.
The consistent barrage of such malicious events has put organisations under a lot of pressure. Most of them have been confronting threats that are too advanced to be dealt with internally, and a majority of the organisations report that cyberthreats negatively impact the ability to complete IT projects or even give time for strategic issues. It is well to be noted that many of the organisations are struggling and have indeed been overwhelmed to complete both strategic initiatives as well as regular operational tasks, says John Shier, field CTO-commercial for Sophos.
All this, according to him, manifests itself in organisations that are reactive as well as unable to improve their respective current situations because they are consistently on the back foot.
The said report is based on a study that was conducted in January and February 2023 and was undertaken by 3000 leaders who are responsible for cybersecurity and IT in 14 countries. Almost all the respondents, i.e., 93%, said that essentially all security operations tasks happen to be challenging, and just half of the security alerts get investigated. Apparently, three-quarters of the respondents reported that they had difficulties pinpointing the main cause behind cyberattacks.
Shier added that it is not that the security control measures are failing, although for some that may be the scenario, but rather that the overall system isn’t operating. Just like many complex systems, the security infrastructure wants many layers to operate together with redundancies applied all across.
The top five cyberthreats that are a concern to IT as well as cybersecurity leaders include theft of data, cyber phishing, ransomware, extortion, and DDoS attacks. Only 1% of the respondents said that they weren’t concerned about any cyberthreats that would affect their company this year. The fact is, as per Shier, that it need not be the way it is. Rather, organisations should at once and sincerely evaluate their respective capabilities, look into gaps, and come up with a plan to alleviate the issues.
Shier added that there is too often a conditioning of underestimating the risk and at the same time overstating the capabilities. This mostly leads to several firms thinking and acting as if they are secure, whereas in most cases it is always the other way around.