Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place.

IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm.

That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’S time, on average, is spent on cybersecurity issues.

Nine out of 10 (91 percent) of respondents said they were running up-to-date cybersecurity protections at the time of a successful attack, according to the Sophos, who published the report.

“This reveals that, despite good intentions and behaviors, threats are getting through,” according to the report, released Friday. “This may be through weaknesses in the cybersecurity, or because there are security holes that haven’t been plugged or gaps in their protection – while an organization might have been running up-to-date endpoint protection, this doesn’t mean all other devices were secure.”

The survey also showed that attacks are coming via multiple channels, including email (accounting for 33 percent) and web (30 percent), software vulnerabilities (23 percent), unauthorized USB sticks or other external devices (14 percent), and more. However, worryingly, a fifth (20 percent) of IT managers said they didn’t know how their networks were compromised.

In terms of the attacks that succeeded, over half of them (53 percent) were phishing attacks; a third (35 percent) resulted in malware infections; another 35 percent pointed to software exploits; and 30 percent said they were hit with ransomware.

IT managers consider their greatest risk to be phishing mails (50 percent flagged this as the number-one threat), followed by software exploits (45 percent). Third on the list is people, including internal staff, contractors and visitors.

“We humans are ranked a top-three security concern by 44 percent of respondents, and clearly present IT teams with quite a different type of cybersecurity challenge,” the report noted.

Wi-Fi security also weighs heavily on the minds of IT managers, with more than a third (36%) ranking it as a top-three concern, followed by unknown devices (31 percent).

Click to enlarge.

IT managers surveyed also mentioned a shortage of key skills on staff, which makes it that much harder to keep up with the volume of incidents and the scope of risks. Most respondents (86 percent) said that they needed more skills to combat threats, but 80 percent also said that they struggled to recruit the right people. Two-thirds of respondents said that their budgets for people and technology were too low.

Unsurprisingly, the inability to fend off attacks has led to significant concerns on the part of IT managers: Data loss was the number one concern for 31 percent of respondents, followed by cost and damage to the business (21 percent).

Don’t miss our free live Threatpost webinar, “Streamlining Patch Management,” on Wed., July 24, at 2:00 p.m. EDT. Please join Threatpost editor Tom Spring and a panel of patch experts as they discuss the latest trends in Patch Management, how to find the right solution for your business and what the biggest challenges are when it comes to deploying a program. Register and Learn More

Suggested articles