IT managers and security teams spend a good number of their work hours managing security. Yet they are challenged with issues such as a lack of expertise, budget and up to date technology. And as a result of which they are struggling to plug all the security gaps, finds a new report.
In the survey, titled The Impossible Puzzle of Cybersecurity, conducted by Vanson Bourne and sponsored by Sophos, researchers poll 3,100 IT managers across 12 countries including India. The respondents, who worked for organizations with between 100 and 5,000 users, reported difficulties in protecting their infrastructures, leading to a large number of successful hacks.
As per the survey, globally, two out of three organizations (68%) suffered a cyber attack in 2018 that they were unable to prevent from entering their network. Nine out of 10 (91%) said they were running up-to-date cybersecurity protection at the time.
Lack of Security Expertise, Budget and Technology
Coming specifically to Indian businesses, the survey, Indian IT managers reported that 32% of their team’s time is spent managing security, on average. Yet, only 8 percent believe they have strong team in place to detect, investigate and respond to security incidents.
“Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Chester Wisniewski, principal research scientist, Sophos.
Regarding budget, eight out of 10 respondents said their organization’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with almost everyone agreeing that staying up to date with cybersecurity technology is a challenge for their organization.
This lack of security expertise, budget and up to date technology indicates IT managers are struggling to respond to cyber attacks instead of proactively planning and handling what’s coming next.
Filling the security loopholes
Why are companies still getting hit even though they are taking tangible steps to reduce their cybersecurity risk? The report clarifies that there are some security holes not being plugged.
For example, an up-to-date malware signature list won’t stop attackers hijacking your accounts, while rock-solid authentication won’t help if you’re not protecting your computers from ransomware. Good cybersecurity demands defense in depth and proper risk assessment so that you can protect your weakest spots from attack first.
The survey also revealed that companies are facing attacks via multiple channels, including email (highlighted as a source of attacks by 33%) and web (30%) among others. Software vulnerabilities and unauthorized USB sticks or other external devices were also common attack vectors. Perhaps even more worrying is that 20% of IT managers didn’t know how their networks were compromised.
Synchronized Security solves the puzzle
With cyber threats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats.
“If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow,” explains Wisniewski.
He believes that having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.