Story image

How cybercriminals are most likely to be caught

07 Mar 2019

Sophos announced the findings of its global survey, 7 Uncomfortable Truths of Endpoint Security, which reveals IT managers are more likely to catch cybercriminals on their organisation’s servers and networks than anywhere else. 

The survey polled more than 3,100 IT decision makers from mid-sized businesses in 12 countries including Australia, the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Japan, India, and South Africa.

Of the 200 Australian IT managers surveyed, it was revealed that one third discovered the most significant cyber attack on their organisation’s servers and 43 per cent were caught on the networks. Only 17 per cent were discovered on endpoints and eight per cent were found on mobile devices. 

These statistics are in line with the global averages for servers (37 per cent), networks (37 per cent), endpoints (17 per cent), and mobile devices (10 per cent).

Fifteen per cent of IT managers at Australian companies who were victim to one or more cyber attacks last year can’t pinpoint how the attackers gained entry—slightly better than the global average—or how long the threat was in the environment before it was detected. 

To improve this lack of visibility, IT managers need endpoint detection and response (EDR) technology that exposes threat starting points and the digital footprints of attackers moving laterally through a network.

On average, Australian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey. 

It comes as no surprise that local IT managers ranked identification of suspicious events (28 per cent), alert management (17 per cent) and prioritisation of suspicious events (15 per cent) as the top three features they need from EDR solutions to reduce the time taken to identify and respond to security alerts.

Less than half (43 per cent) of Australia-based survey respondents have EDR capabilities, with 56 per cent stating they were planning to implement an EDR solution within the next 12 months. 

Having EDR also helps address a skills gap. Three in four IT managers in Australia wish they had a stronger team in place, according to the survey.

Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
Infoblox appoints channels head for A/NZ
Kenneth Cartwright’s appointment extends Infoblox’s position in secure cloud-managed network services throughout the region.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.