SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
How cybercriminals are most likely to be caught
Thu, 7th Mar 2019
FYI, this story is more than a year old

Sophos announced the findings of its global survey, 7 Uncomfortable Truths of Endpoint Security, which reveals IT managers are more likely to catch cybercriminals on their organisation's servers and networks than anywhere else.

The survey polled more than 3,100 IT decision makers from mid-sized businesses in 12 countries including Australia, the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Japan, India, and South Africa.

Of the 200 Australian IT managers surveyed, it was revealed that one third discovered the most significant cyber attack on their organisation's servers and 43 per cent were caught on the networks. Only 17 per cent were discovered on endpoints and eight per cent were found on mobile devices.

These statistics are in line with the global averages for servers (37 per cent), networks (37 per cent), endpoints (17 per cent), and mobile devices (10 per cent).

Fifteen per cent of IT managers at Australian companies who were victim to one or more cyber attacks last year can't pinpoint how the attackers gained entry—slightly better than the global average—or how long the threat was in the environment before it was detected.

To improve this lack of visibility, IT managers need endpoint detection and response (EDR) technology that exposes threat starting points and the digital footprints of attackers moving laterally through a network.

On average, Australian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey.

It comes as no surprise that local IT managers ranked identification of suspicious events (28 per cent), alert management (17 per cent) and prioritisation of suspicious events (15 per cent) as the top three features they need from EDR solutions to reduce the time taken to identify and respond to security alerts.

Less than half (43 per cent) of Australia-based survey respondents have EDR capabilities, with 56 per cent stating they were planning to implement an EDR solution within the next 12 months.

Having EDR also helps address a skills gap. Three in four IT managers in Australia wish they had a stronger team in place, according to the survey.