2 min

IT managers are bombarded with cyber-attacks from all directions. Attack techniques vary and have different stages. Because of this diversity, no defence strategy works miracles.

On top of that, IT managers struggle with this due to a lack of expertise, budget and up-to-date technology. The Impossible Puzzle of Cybersecurity, a global study commissioned by security company Sophos, shows this.

Cybercriminals develop methods of attack and often use multiple payloads to maximize profits. Software exploits were the first point of entry in 23 percent of cases, but they were also used in various ways in 35 percent of all attacks. This shows how exploits are used in multiple phases of the attack chain. Organisations that only patch externally are internally vulnerable. Cybercriminals use this and other security holes to their advantage, says Chester Wisniewski, principal research scientist at Sophos.


Of those surveyed, 53 percent said they had been hit by a cyber attack using a phishing email, 30 percent by ransomware, and 41 percent had ever experienced a data breach. This shows that the wide range, phasing and scale of attacks are effective.

At least 75 percent of respondents consider software abuse, unpatented vulnerabilities and zero-day threats to be the main security risks. More than half of them see phishing as a major security risk. What’s striking and perhaps even alarming is that only 16 percent of IT managers cite the supply chain as a major security risk. This reveals an additional weakness that cybercriminals are likely to include in their attack repertoire.

Insufficient expertise, budget and up-to-date technology

Lack of sufficient security expertise, budget and up-to-date technology is still a thorn in the side of many companies. The survey shows that IT managers spend an average of 26 percent of their time on security, while 86 percent agree that security expertise can be improved. The 80 percent of the respondents said they wanted a stronger team to detect, investigate and respond to security incidents. However, the recruitment of security talent still plays a major role. For example, 79 per cent of the respondents experience finding people with cybersecurity expertise as a challenge.

In addition, 66 percent say the organization’s cyber security budget is lower than it should be, and 75 percent confirm that keeping up to date with cybersecurity technology is a challenge for their organization. IT managers are clearly struggling to respond to cyber-attacks, which makes proactive planning and anticipation of the future difficult.

The study was carried out in December 2018 and January 2019 by Vanson Bourne, an independent market research specialist. For the study, 3,100 IT decision-makers were interviewed in the US, Canada, Mexico, Colombia, Brazil, the United Kingdom, France, Germany, Australia, Japan, India and South Africa. All respondents were from organisations with between 100 and 5,000 employees.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.