Almost Every Organization Suffered a Cyberattack, Says Sophos

Serving some statistics

• For 41% of organizations, data exfiltration remains the top security concern for 2023, followed by phishing (40%), ransomware attacks (35%), and others. 
• 23% of respondents stated suffering an active adversary attack in 2022. Active adversaries are threat actors who adapt their TTPs on the spot in response to security technologies and defenders.
• Security control misconfigurations are the most widely reported perceived security risk, with 27.4% of organizations including it in their top three security risks. 
• This is followed by zero-day vulnerabilities (26.8%), shortage of in-house cybersecurity experts or skills (24.7%), and stolen credentials and access (24%).

Why this matters

• With the urgent and unpredictable nature of cybersecurity, business-focused efforts are often impeded, resulting in an average of 64% of respondents wishing for more time dedicated to strategic issues rather than constant firefighting by the IT team.
• An organization is financially impacted in several ways due to the challenging cybersecurity environment, with major cyber incidents incurring the highest bills, including clean-up and resource expenses. 

The bottom line

• Sophos recommends a three-step-approach to addressing the current situation:
• Implement a more scalable incident response process that speeds up response time.
• Use adaptive defenses to delay adversaries. 
• Create a virtuous cycle that enhances protection and reduces costs.