IT managers are more likely to catch cyber-criminals on their servers and networks than anywhere else, according to a cyber security product company. A survey by Sophos polled more than 3,100 IT decision makers from mid-sized businesses in 12 countries including the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.
Chester Wisniewski, principal research scientist at Sophos said: “Servers store financial, employee, proprietary, and other sensitive data, and with stricter laws like GDPR that require organisations to report data breaches, server security stakes are at an all-time high. It makes sense that IT managers are focused on protecting business-critical servers and stopping attackers from getting on the network in the first place and this leads to more cybercriminal detections in these two areas. However, IT managers can’t ignore endpoints because most cyberattacks start there, yet a higher than expected amount of IT managers still can’t identify how threats are getting into the system and when.”
Some one in five, 20 per cent of IT managers who were victim to one or more cyberattacks last year cannot pinpoint how the attackers gained entry, and 17 percent don’t know how long the threat was in the environment before it was detected, according to the survey. According to the cyber firm, IT managers need endpoint [such as, an internet-connected PC] detection and response (EDR) that exposes threat starting points and the digital footprints of attackers moving laterally through a network.
Wisniewski said: “If IT managers don’t know the origin or movement of an attack, then they can’t minimise risk and interrupt the attack chain to prevent further infiltration. EDR helps IT managers identify risk and put a process in place for organisations at both ends of the security maturity model. If IT is more focused on detection, EDR can more quickly find, block and remediate; if IT is still building up a security foundation, EDR is an integral piece that provides much needed threat intelligence.”
On average, organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey. It comes as no surprise that IT managers ranked identification of suspicious events (27 percent), alert management (18 percent) and prioritisation of suspicious events (13 percent) as the top three features they need from EDR.
For the full 14-page ‘Seven Uncomfortable Truths of Endpoint Security’ survey visit the Sophos website.
