Cybercriminals increase attacks via multiple channels

With cyber threats coming from the supply chain, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen challenges.

This is even as a study has shown that cybercriminals have increased attack techniques via multi-channels, and often multi-staged, hence increasing the difficulty to defend networks. This multiple-channel of attack also implies that there is no one defensive strategy.

The study, which was global, was done by network and endpoint security firm, Sophos, on “The Impossible Puzzle of Cybersecurity”, and polled 3,100 IT decision-makers from mid-sized businesses in the U.S., Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.

The research stressed that Information Technology (IT) managers are flooded with cyber-attacks from all directions, and are struggling to keep up due to a lack of security expertise, budget, and up-to-date technology. Noting that the wide range, multiple-stage attacks are proving effective, Principal Research Scientist, Sophos, Chester Wisniewski, said cybercriminals are evolving their attack methods, and often use multiple payloads to maximize profits.

Wisniewski added that the software exploits were the initial point of entry in 23 percent of the attacks, but were also used in 35 percent of all attacks.

“Organisations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses. For example, 53 percent of those who were victims to a cyber-attack was hit by a phishing email, and 30 percent by ransomware, while 41 percent said they suffered a data breach,” he added.

Also, cybersecurity experts spend 26 percent of their time managing security, but still struggle with a lack of expertise, budget and up to date technology. This is as 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as a top security risk.

It is however surprising that only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors. Wisniewski further noted that cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods.

“Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination,” he added.

According to the Sophos survey, IT managers reported that 26 percent of their team’s time is spent managing security, yet 86 percent agree security expertise could be improved and 80 percent want a stronger team in place to detect, investigate and respond to security incidents. Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is challenging.

The experts also noted that 66 percent of the organization’s cyber-security budget (including people and technology) is below what it needs to be, while 75 percent agree that staying up to date with cybersecurity technology is a challenge for their organization.