Report: Nearly Every Enterprise Hit by Successful Cyber Incident
You only have to turn on the TV or open a newspaper to see that cyberattacks have been on the rise over the last number of years. However, according to a recent report, the impact may be bigger than we even think.
According to the Anomaly Cybersecurity Insights Report, which surveyed more than 800 cybersecurity leaders, nearly 90 percent of enterprise organizations said they had been the victim of a successful cyberattack in the last three years. These incidents can have included a data breach, disruption, or damage caused to their business through ransomware attacks. Two-thirds of these leaders said they had been impacted by ransomware, particularly during this period.
What’s more, these cybersecurity leaders also reported that these attacks have only been increasing during the pandemic. Eighty-three percent of those surveyed said they had seen an increase in attacks over the past two years and 87 percent said they have seen a rise in phishing emails, which are one of the most common vectors of attack.
While this survey focused primarily on enterprise cybersecurity leaders, these trends are universal across every business size and industry. SMBs have also been hit by cyberattacks in the past year in significant percentages. Unfortunately, they are less likely to be able to shoulder the cost burden (to the tune of millions of dollars) that can be associated with recovery.
Many reasons have fueled this rapid rise in attacks. An increased pace of digital transformation during the pandemic, fueled by the rapid shift to remote work, has rapidly expanded the attack surface. Additionally, we have seen a rise in supply chain attacks (like SolarWinds and Kaseya) and an increase in geopolitical tensions worldwide that lead to an increase in nation-state attacks.
Yet, even amidst this rise in attacks, businesses aren’t necessarily better prepared to defend against them. Only 32 percent said they feel their cybersecurity teams can keep up with the latest cyber threats, with an average of 3.6 days to detect a known attack. Meanwhile, only around half reported that they strongly believe their security teams can appropriately prioritize threats or evolve their security technologies to detect known threats.
That said, cybersecurity leaders did say they are working to evolve their strategies in 2022. Nearly three-quarters of respondents said they are seeing an increase in their security budgets over the past year and have reported investments in items such as threat intelligence and extended detection and response (XDR) technologies, as two examples. Additionally, 78 percent said they are reassessing their cybersecurity strategies to account for new trends, such as the digitization caused by the pandemic.
While the level of attacks hitting organizations may be dire, the increase in investments and the emergence of new technologies should give SMBs some hope for the future. While attacks will inevitably only increase in the years to come, continuing to act strategically around cybersecurity and investing in the latest technologies gives hope to defend your organization and customers against the impacts of these nefarious actors.