International. Information technology (IT) managers are more likely to catch cybercriminals on their organization's servers and networks than anywhere else. This was revealed by the global study "Inconvenient Truths of Endpoint Security", conducted by the firm Sophos.
In fact, IT managers discovered 37 percent of their most significant cyberattacks on their organization's servers and 37 percent on their networks. Only 17 percent were discovered at endpoints and 10 percent were found on mobile devices. Sophos surveyed more than 3,100 enterprise IT decision makers in 12 countries: the United States, Canada, Mexico, Colombia, Brazil, the United Kingdom, France, Germany, Australia, Japan, India and South Africa.
"Servers store sensitive financial data, from employees, owners and others, which with increasingly strict laws such as the General Data Protection Regulation or GDPR, require organizations to report data thefts, this puts security risks on the server at a high level all the time. It makes sense for IT managers to focus on protecting business-critical servers and stopping attackers first before they enter the network and this leads to more detections of cybercriminals in these two areas," said Chester Wisniewski, principal research scientist at Sophos. "However, IT managers can't ignore endpoints, because most cyberattacks start there, although more than expected numbers of IT managers still can't identify how threats are getting into the system and when."
20 percent of IT managers who were victims of one or more cyberattacks last year were unable to identify how attackers gained their way in, and 17 percent don't know how long the threat was in the environment before it was detected, according to the survey. To improve this lack of visibility, IT managers need endpoint detection and response (EDR) technology that exposes threat starting points and the fingerprints of attackers moving laterally across a network.
"If IT managers don't know the origin or movement of an attack, then they can't minimize the risk and disrupt the assault chain to prevent further infiltration," Wisniewski said. "EDR helps IT managers identify risks and put in place a process for organizations at both ends of the security maturity model. If the IT department is more focused on detection, EDR can find, block, and remediate more quickly. If you're still building a security foundation, EDR is an integral piece that provides much-needed threat intelligence."
On average, organizations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey. Not surprisingly, IT managers ranked suspicious event identification (27 percent), alert management (18 percent), and suspicious event prioritization (13 percent) as the top three features they need from EDR solutions to reduce the time needed to identify and respond to security alerts.
"Most spray and pray cyberattacks can be stopped in a matter of seconds at endpoints without causing alarm. Persistent attackers, including those running targeted ransomware like SamSam, take the time they need to breach a system by searching for poorly chosen and guessable passwords in remote assessment systems (RDP, VNC, VPN, etc.), establishing a foothold, and moving quietly around until the damage is done," Wisniewski said. If IT managers have a defense-in-depth with EDR, they can also investigate an incident more quickly and use the resulting threat intelligence to help find the same infection in a state. Once cybercriminals know that certain types of attacks work, they typically replicate them within organizations. Uncovering and blocking attack patterns helps reduce the number of days IT managers spend investigating potential incidents."
57 percent of respondents said they planned to implement an EDR solution in the next 12 months. Having EDR also helps address a skills gap. 80 percent of IT managers wish they had a stronger team in place, according to the survey. More information is available in the 7 Inconvenient Truths of Endpoint Security and Sophos News.
The 7 Inconvenient Truths of Endpoint Security study was conducted by Vanson Bourne, an independent market research specialist agency, in December 2018 and January 2019. It interviewed 3,100 IT decision makers in 12 countries and on six continents, in the United States, Canada, Mexico, Colombia, Brazil, the United Kingdom, France, Germany, Australia, Japan, India and South Africa. All respondents were from organizations with between one hundred and five thousand employees.
