At this point, it seems like everyone knows or knows of a person or business that has been hit with a cyberattack. In a recent survey, 68% of organizations reported cyberattacks in 2018 and, of those, 90.5% reported that they were running up-to-date protection at the time of said attack. So, if we know they exist and are taking preventative measures, the question becomes, why are organizations still struggling to reduce cyber risk?

One problem is that attacks come from multiple directions at once.  In a blind survey conducted by Sophos, organizations reported that 33% of attacks came through email, 23% of attacks came through a software vulnerability, 14% through a USB or external device, 10% through the web, and, most concerning of all, 20% didn’t know how the attack got in.

In the same survey, respondents were asked to identify their top 3 security risks. These risks were identified in the following order; phishing emails, software exploits, people (staff, contractors, visitors), insecure wireless networking and unknown devices.

Another problem is that cyberattacks have become more complex, often deploying multi-stage or blended attacks at once.  One example would be a phishing email that also installs malicious code to take advantage of a software exploit to deploy ransomware.

Phishing, or spear phishing (a more targeted version), was the most common type of attack reported against organizations in 2018. 1.5 million new phishing sites are created every month. In 2019, ransomware from phishing emails increased 109 percent over 2017. Click here for more information on phishing and how you can stop it.

The risk can also come from overburdened IT teams, trouble finding IT techs, and not having the right technology in place. According to the above blind survey, organizations reported that an average of 26% of an IT teams’ time was spent managing cybersecurity, 86% reported a greater need for cybersecurity skills, and 66% report a budget insufficient to support the right people AND the right technology.

Take our Network Assessment or contact us for a free 1-hour assessment to test your security.