Sophos is a cybersecurity company. It does a lot of tracking and recently concluded that — whether the business knows it or not — 94% of all organizations have seen some form of a cyber attack in the last year.
And the message Sophos wants all businesses to know is that they WILL be a target of a cyber attack in 2023. Period.
The problem most companies have — says Sophos spokesman, John Shier — is that they’re woefully ill-prepared to handle an attack. “Many organizations are overwhelmed and struggling to accomplish both routine operational tasks and strategic initiatives,” Shier said. “This manifests itself in organizations that are reactive and unable to improve their situation because they are constantly on the back foot.”
The Sophos conclusion that 94% of companies have experienced a cyber attack comes from a survey it did in January and February of 3,000 business leaders in 14 countries. Almost all — 93% — said doing essential security is a challenge company-wide. They said just half of their cyber attacks are investigated.
And a frightening 75% said they have serious difficulty pinning down the cause of any attack and where that attack came from within their system.
“It’s not so much that security controls are failing, though for some that might be the case, but rather the overall system not operating,” Shier said. “Like many complex systems, security infrastructure requires many layers operating together with redundancies applied throughout.”
Shier said these are the top-5 cyberthreats identified by the leaders surveyed:
- Data theft
- Phishing
- Ransomware
- Extortion
- DDoS attacks
Sadly, the survey found that just 1% are concerned about the threats to their companies from a cyber attack.
Shier said all businesses need to know where they stand in case of an attack. They need to know their capability to repel one, and to know where their weaknesses lie. Plans must be made — immediately — to take care of those issues.
“There’s too often a habit of understating risks and overstating capabilities,” Shier pointed out. “This leads to many organizations thinking and acting like they are secure when it couldn’t be further from the truth.”
Source link: CyberSecurityDive — http://bit.ly/401l37e
