You’re under attack! Get insights from the Sophos State of Cybersecurity 2023 report.
Key Takeaways:
- Cybersecurity at most organizations isn’t keeping up with modern cybercriminals
- Last year (2022), 94% of organizations suffered cyberattacks
- You know things need to change, but you need the expertise and resources
- You need a sophisticated cybercrime-fighting partner
Cybercriminals seem to have an infinite amount of funds and ambition to cause havoc, making it a challenge to keep up with them, as revealed in a recent report from Sophos, a global leader in cybersecurity. No one is safe – 94% of organizations suffered a cyberattack in 2022, and every company, regardless of size or revenue, should understand that there’s a target on its back.
The very tools – such as automation – that accelerate the speed of business are being used by bad actors to deploy a range of clever attacks at scale. Defenders cannot keep up, limited by a gap in expertise, almost constant alerts, and time-consuming incident response.
Additionally, 93% of organizations find it difficult to operationalize the detection of threats and response, and you have a cybersecurity environment with a huge impact on business finances, operations, and resourcing.
In this article, we’ll summarize the report's main points, which resulted from input from 3,000 IT/cybersecurity leaders in 14 countries in January and February 2023. You can also check out a quick summary video of this report by clicking here!
Key findings
Data is the lifeblood of modern organizations, and the top concern is data exfiltration – theft or removal of data, and misconfiguration of security tools is the number one perceived risk. In addition, the study reported
- Only 48% of security alerts are investigated due to limited resources.
- For organizations with 3,001 to 5,000 employees, it takes a median time of 15 hours to detect, investigate, and respond to an alert.
- Cyberthreats are too advanced for their organization to address on their own, say 52%.
- Dealing with cyber threats negatively impacts resources, taking IT focus away from value-added projects per 55% of study participants.
- 64% want their IT team to spend more time on operational strategy than fighting cybercrime.
There’s also a personal toll – 57% of IT professionals reported they lose sleep worrying about cyberattacks. Other than data theft, phishing, ransomware, cyber extortion, DDoS, business email compromise, and active adversaries are the top concerns.
The worries are justified
We cannot ignore that cybercrime is a reality and its increasing sophistication. The cybercrime economy is thriving, and the barriers to entry for would-be criminals have been lowered by the growth of the “as a service” model. This includes access-as-a-service, phishing-as-a-service, and scamming-as-a-service.
Active adversary attacks have become more common. These bad actors adapt their tactics, techniques, and procedures (TTPs) using real-time, hands-on-keyboard responses not only to defeat cybersecurity technology but to evade detection. This type of attack was experienced by 23% of respondents in 2022
The current state of cybersecurity
Endpoint, firewall, and other security control misconfigurations are a concern, followed by zero-day attacks and a lack of in-house cybersecurity expertise. The report points out the direct relationship between a skills shortage and the misconfigurations that create defense gaps.
And of those threats that bypass defenses, fewer than half of security alerts are investigated, per the report, due to the need for cybersecurity-savvy staff. This lack of expertise means that 75% of IT professionals find identifying the root cause a significant challenge.
The financial impact
In their State of Ransomware report, Sophos places the average ransomware remediation at $1.4 million. This includes cleanup costs, but those aren’t the only impact – the hourly resource cost for every security alert investigation, considering the salary of an IT security specialist, is quite high. And burnout is a significant issue, adding more tasks to already full IT plates.
An MSP partner is needed
Cyberthreats are now too advanced for their company to deal with without outside help, according to 52% of IT professionals. This number rises to 64% for small businesses with 100-250 employees. This is brought home by the business impact: more than half of respondents say handling cybersecurity threats negatively impacts work on other projects.
Endsight: Cybersecurity is in our DNA
The solution lies in a sophisticated, experienced, and dedicated cybersecurity MSP partner like Endsight, Sophos’ MSP Partner of the Year. We:
- Deploy advanced solutions that are proactive rather than reactive.
- Extend and enhance internal security team capabilities with up-to-the-minute expertise in incident response and threat hunting.
- Find the right solutions to move your business forward
Endsight is an acknowledged leader in cybersecurity. In addition to our Sophos award, Year after year, we’ve won a CRN Managed Service Provider 500 award in the Security 100 category.
We excel in providing complete technology support solutions that create optimal IT management along with human-friendly technical support with cybersecurity experts that keep you one step ahead of attackers.
Our core values not only bring peace of mind regarding cybersecurity protection – we offer an honest partnership, commitment to your long-term success, and unparalleled, dependable service. Reach out today.
Last year, 94% of organizations suffered a cyberattack. You’re next. Don’t risk everything – build a strong defense with the experts at Endsight. Learn more about cybersecurity with our training resources and then book a free assessment.