Connect with us

GRBusiness

Sophos Global Survey hints Software exploits as initial cause of 23% IT security incidents

Published

5 years ago

on

Cybersecurity by Sophos

BY: Sandra Ani

  • used in 35 percent of cyberattacks

Sophos, a global leader in network and endpoint security, today announced the findings of its global survey, The Impossible Puzzle of Cybersecurity, which reveals IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology. The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.

Cybercriminals Use Multiple Attack Methods and Payloads for Maximum Impact

 The Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet.

“Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, principal research scientist, Sophos. “Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.”

The wide range, multiple stages and scale of today’s attacks are proving effective. For example, 53 percent of those who fell victim to a cyberattack were hit by a phishing email, and 30 percent by ransomware. Forty-one percent said they suffered a data breach.

Weak Links in Security Increasingly Lead to Supply Chain Compromises

Based on the responses, it’s not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk. Fifty percent consider phishing a top security risk. Alarmingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors.

“Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritize supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicized, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski. “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”

Lack of Security Expertise, Budget and Up to Date Technology

According to the Sophos survey, IT managers reported that 26 percent of their team’s time is spent managing security, on average. Yet, 86 percent agree security expertise could be improved and 80 percent want a stronger team in place to detect, investigate and respond to security incidents.  Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is challenge.

Key Survey Findings:

  • Cybercriminal tactics have evolved into using multiple attack methods and often multiple payloads to maximize profits
    • Software exploits were the initial cause of 23 percent of incidents and used in 35 percent of cyberattacks, demonstrating how exploits are used at multiple stages of the attack chain
    • Phishing emails impacted 53 percent of those hit by a cyberattack
    • Ransomware impacted 30 percent of attack victims
    • 41 percent of attack victims suffered a data breach
  • Only 16 percent consider supply chain a top security risk, exposing an additional weak spot
    • Nation state adversaries have proven how successful supply chain attacks are, which means common cybercriminals are likely to adopt the attack method
    • Supply chain attacks are a launch pad to emerging automated, active-adversary attacks
  • IT teams spend 26 percent of their time managing security, yet still struggle with a lack of expertise, budget and up to date technology
    • 79 percent said recruiting people with the cybersecurity skills they need is challenge
    • 66 percent said their organization’s cybersecurity budget is below what it needs to be
    • 75 percent believe that staying up to date with cybersecurity technology is a challenge

Regarding budget, 66 percent said their organization’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with 75 percent agreeing that staying up to date with cybersecurity technology is a challenge for their organization. This lack of security expertise, budget and up to date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and handling what’s coming next.

“Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski. “If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow. Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.”

Synchronized Security Solves the Impossible Puzzle of Cybersecurity

With cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats.

Sophos Synchronized Security, a single integrated system, provides this much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents. More information about Synchronized Security is available at Sophos.com.

The Impossible Puzzle of Cybersecurity survey was conducted by Vanson Bourne, an independent specialist in market research, in December 2018 and January 2019.

This survey interviewed 3,100 IT decision makers in 12 countries and across six continents in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa. All respondents were from organizations with between 100 and 5,000 employees.

Related Topics:

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

Continue Reading

Finance

Banks To Now Charge 0.5% Cybersecurity Levy As Directed By CBN; Netizens React

Published

2 weeks ago

on

May 7, 2024

By

The Central Bank of Nigeria (CBN) has directed deposit money banks in the country to start charging 0.5% cybersecurity levy on some transactions done by their customers.

The apex bank gave the directive in a circular dated May 6, 2024 and sent to all commercial, merchant, non-interest and payment service banks as well as mobile money operators and payment service providers.

“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2) (a) of the Act, ‘a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act’, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA),” the circular partly read.

The Cybersecurity Levy implementation notice

The apex bank said that the implementation of the levy would start two weeks from the date of the circular.

“The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’. Deductions shall commence within two weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the fifth business day of every subsequent month,” the circular said

The apex bank added that this new levy will not be applied on transactions such as loan disbursements and repayments, salary payments, intra-account transfers within the same bank or between different banks for the same customer, intra-bank transfers between customers of the same bank.

Also exempted from the levy were inter-branch transfers within a bank, cheque clearing and settlements, ⁠Letters of Credits, ⁠Banks’ recapitalisation-related funding only bulk funds movement from collection accounts, savings and deposits including transactions involving long-term investments, among others.

This current implementation however is not sitting well with some netizens as they reacted to the new development.

Here were some of their reactions from X.

Continue Reading

Finance

EFCC Chairman Tasks Nigerian Youths Against Crimes And Fraudulent Acts

Published

2 weeks ago

on

May 4, 2024

By

The Chairman of Economic Finance Crime Commission (EFCC), Ola Olukoyede, has stressed the need for Nigerian Youth to see themselves as agents of positive change that have a lot to contribute to the socioeconomic development of the Nation.

Speaking at the 2nd edition of a Leadership Trainings Programme in Abuja, Olukoyede, who was represented by the Head Enlightenment and Re-orientation unit, (EFCC), Aisha Mohammed, said the commission’s dream is to see the youth contribute meaningfully to the society, emphasizing on the need to work together in bringing positive change to society.

The Economic and Financial Crimes Commission Boss declared the readiness of his agency to work with all Stakeholders, including the youth towards changing the narrative and reposition the country to greater exploit.
Also speaking, the representative of the Executive Secretary of Tertiary Education Trust Fund (TETFUND), Sonny Echono, appealed to the youths is to eschew social vices that could deter their full potential in life.

Other speakers at the event, including the Chairperson, Zero Tolerance for Social Immoralities Initiative (ZEITI) Africa, Rasak Jeje called on all stakeholders to join hands in collective pursuit of empowering new generation of leaders to curb the rising tides of social Vice among Nigerian youths.

The Chairperson, Zero Tolerance for Social Immoralities Initiative (ZEITI) Africa, Rasak Jeje made the call while addressing journalists at the 2nd edition of it Leadership Trainings Programme in Abuja on Thursday.
He said the training was aimed to intimate students leaders with knowledge and insights that will help them drive positive change and become exemplary leaders in their respective spheres.

Continue Reading

Finance

AISA Has Refunded The Fees Paid By Yahaya Bello To EFCC

Published

3 weeks ago

on

April 27, 2024

By

The Economic and Financial Crimes Commission (EFCC) says the American International School Abuja (AISA) has refunded the fees paid by the immediate past governor of Kogi state, Yahaya Bello, for his children attending the school.

In response to a letter addressed to the Lagos zonal commander of the EFCC, the school said $845,852 was paid in tuition “since the 7th of September 2021 to date”.

AISA said the sum to be refunded is $760,910 because it had deducted educational services already rendered.

“Please forward to us an official written request, with the authentic banking details of the EFCC, for the refund of the above-mentioned funds as previously indicated as part of your investigation into the alleged money laundering activities by the Bello family.

Since the 7th September 2021 to date, $845,852.84 (Eight Hundred and Forty-Five Thousand, Eight Hundred and Fifty Two US Dollars and eighty four cents) in tuition and other fees has been deposited into our Bank account.

We have calculated the net amount to be transferred and refunded to the State, after deducting the educational services rendered as $760,910.84. (Seven Hundred and Sixty Thousand, Nine Hundred and Ten US Dollars and Eighty Four cents).

No further additional fees are expected in respect of tuition as the students’ fees have now been settled until they graduate from ASIA.”

In a chat with The Cable, the spokesperson of the EFCC, Dele Oyewale, confirmed that the school has refunded the money.

‘’The money has been paid into public account,” Dele Oyewale was quoted as saying

Continue Reading

Trending