fbpx
Search
Close this search box.

Your Cyber Risk Doubled in 2018

Digital lock on a green circuit board.

In a recent SANS Survey of IT Professionals who voiced concerns about endpoint security, several alarming patterns emerged, all pointing to continued escalation of risk to organizations of every size.

Devices Everywhere

Organizations are increasingly deploying a greater number and wider variety of connected devices.  This list includes:  desktop computers, employer-owned laptops, network devices and servers, mobile devices, even cloud-based systems, Internet of Things (IoT) devices, mobile and network devices, and wearables.

The variety of connected devices is challenging the “standard remediation model.”  In addition, the BYOD or Bring Your Own Device policy, which allows employees to connect their personal devices to corporate networks adds a greater level of uncertainty and lack of control for IT teams.  Leveraging tools such as ‘automatic updates,’   Windows Server Update Services, and even many patching services fails to address the range of devices and the complexity of a hyper-connected environment.

As the number of devices has grown, knowledge about who is using what systems has diminished.  According to this survey, only 34% of respondents could consistently connect users to systems.  This is a key finding since not knowing who is using your systems and when, adds another significant level of complexity to identifying anomalous behavior.

Detection Methods

Of the infections identified in 2018, 47% were caught by antivirus. Yet detection technologies that look at user and system behavior or provide context awareness were much less involved in detecting breaches. “Only 23% of respondents’ compromises were detected through attach behavior modeling and only 11% of compromises with behavior analytics. Because user and machine behaviors are the cause of most endpoint breaches, these technologies are critical for endpoint detection and response.”¹

Even more concerning is that 84% of endpoint breaches included more than the endpoints. While the majority of attacks started on the endpoints, the breach then spread to the servers.

The inability for most organizations to detect breaches is complicated by many factors: the number and variety of devices, the legacy solutions and processes used to remediate vulnerabilities, the limited skill sets of IT staffs in general, the lack of information about the user of the network resources and the resulting inability to understand normal versus anomalous behavior. Given these compounding issues, it is not surprising that the number of “those who didn’t know whether they’d been breached” doubled, rising from 10% to 20%.


Takeaway

Successful cyber risk management starts with understanding your weaknesses, and offering full coverage of your assets.  Leveraging a team that is certified, experienced and trained on the solutions being deployed and is always monitoring your network is critical to achieving optimal results (effective risk mitigation).

Since most organization operate with a limited IT budget, effective risk mitigation is simply out of reach.  They lack the resources to pay for effective tools, training for those tools, training for effective response and enticing salaries and benefits to attract and retain qualified talent.  Given these challenges, it is no surprise that the number of organizations unable to recognize an active breach has doubled in the past year.

Fiscally prudent organizations have realized that outsourcing security services to a qualified provider is the most financially efficient way to achieve effective cyber risk mitigation.  If you would like to discuss your risk and how to optimize your results, please contact us below to schedule a meeting with one of our advisors.

CALL US: (877) 486-8056 EMAIL US


¹Endpoint Protection and Response: A SANS Survey,” June 2018

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

IT Outsourcing Company Trends - Corsica Technologies

11 Emerging Trends in Technology and IT Outsourcing

Things change fast in the world of technology. From emerging trends in cybersecurity to EDI and data integration, it’s challenging for midmarket companies to meet the technology needs of their internal and external customers. For many organizations, outsourcing is the

Read more
EDI Issues and Challenges - Corsica Technologies

7 Pitfalls To Avoid On Your EDI Journey

Electronic Data Interchange (EDI) is an essential technology for exchanging transactional data between business partners, also known as Trading Partners in the EDI community. From orders, invoices, and advance shipment notifications to benefit enrollments, claims processing, and payment authorizations, numerous

Read more
Cybersecurity Trends 2024 - Corsica Technologies

10 Cybersecurity Trends Emerging In 2024

When it comes to cybersecurity, things are never static. So far, 2024 is consistent with this theme. We’re seeing a mix of familiar trends intensifying alongside startling new developments. From the cybersecurity skills crunch to AI-powered attacks, 2024 is shaping

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.