Story image

How cybercriminals are most likely to be caught

07 Mar 2019

Sophos announced the findings of its global survey, 7 Uncomfortable Truths of Endpoint Security, which reveals IT managers are more likely to catch cybercriminals on their organisation’s servers and networks than anywhere else. 

The survey polled more than 3,100 IT decision makers from mid-sized businesses in 12 countries including Australia, the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Japan, India, and South Africa.

Of the 200 Australian IT managers surveyed, it was revealed that one third discovered the most significant cyber attack on their organisation’s servers and 43 per cent were caught on the networks. Only 17 per cent were discovered on endpoints and eight per cent were found on mobile devices. 

These statistics are in line with the global averages for servers (37 per cent), networks (37 per cent), endpoints (17 per cent), and mobile devices (10 per cent).

Fifteen per cent of IT managers at Australian companies who were victim to one or more cyber attacks last year can’t pinpoint how the attackers gained entry—slightly better than the global average—or how long the threat was in the environment before it was detected. 

To improve this lack of visibility, IT managers need endpoint detection and response (EDR) technology that exposes threat starting points and the digital footprints of attackers moving laterally through a network.

On average, Australian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey. 

It comes as no surprise that local IT managers ranked identification of suspicious events (28 per cent), alert management (17 per cent) and prioritisation of suspicious events (15 per cent) as the top three features they need from EDR solutions to reduce the time taken to identify and respond to security alerts.

Less than half (43 per cent) of Australia-based survey respondents have EDR capabilities, with 56 per cent stating they were planning to implement an EDR solution within the next 12 months. 

Having EDR also helps address a skills gap. Three in four IT managers in Australia wish they had a stronger team in place, according to the survey.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.