Phishing emails impacted one in two Indian organisations that were hit by a cyberattack and IT managers are inundated with cyber attacks coming from all directions as they struggle to keep up due to a lack of security expertise, budget and up-to-date technology, a new survey by global cybersecurity major Sophos said on Thursday.
The survey included 3,100 IT decision-makers from mid-sized businesses in India, the US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, and South Africa.
“Cyber criminals are evolving their attack methods and often use multiple payloads to maximise profits. Software exploits were the initial point of entry in 41 per cent of incidents, but they were also used in some fashion in 35 per cent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” Sunil Sharma, Managing Director-sales, Sophos India & SAARC, said in a statement.
“Organisations that are only patching externally facing high-risk servers are left vulnerable internally and cyber criminals are taking advantage of this and other security lapses,” he added.
The wide range, multiple stages and scale of today’s attacks are proving effective. Fifty-four per cent of those who fell victim to a cyber-attack was hit by a phishing email, 39 per cent by ransomware and 48 per cent said they suffered a data breach.
Based on the responses, it’s not surprising that 50 per cent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as top security risks, while 43 per cent consider phishing as a security risk. (IANS)
The company deploys a number of sensors that are looking for information from cyber incidents around the world -- sort of metadata about what's going on -- whether it's from PCs, servers or in the Cloud
As governments the world over deliberate over how to tackle growing nation-state cyber attacks and protect sensitive data, a top Microsoft official said that collaborations between the governments, tech companies and third-party cybersecurity agencies can help address the growing menace.
According to Rob Lefferts, CVP-Program Management M365 Security at Microsoft, the company takes nation-state cyber attacks very seriously. “We have a whole research team dedicated to understand the behaviour of nation-state attacks. We partner with governments around the globe to help protect citizens against such attacks,” Lefferts told IANS during an interaction.
Microsoft spends over $1 billion annually on Cyber-Security and uses Artificial Intelligence (AI) and Machine Learning (ML) in a big way to gain accurate insights and faster automated response to real-time threats.
“We are using AI and ML as a tool to empower defenders and to more effectively protect organizations. When we talk to companies in India, 92 per cent of organisations have either already adopted or looking to adopt AI in their approach towards cybersecurity,” said Lefferts. For Microsoft, it is a strategic investment for the company.
“We took a very, very strong approach over six years ago around investing over $1billion a year in research and development of security technologies. The goal is to help us better protect, detect and respond to real-world threats in today’s environment,” stressed the Microsoft executive. The company deploys a number of sensors that are looking for information from cyber incidents around the world — sort of metadata about what’s going on — whether it’s from PCs, servers or in the Cloud.
“We do not collect actual content but metadata of behaviours. We collect more than 8 trillion of those signals every day. And then, we use those models to better protect organisations,” informed Lefferts. “Every day, 3,500 Microsoft security professionals track threats and provide better enforcement protection for our customers,” he added. According to him, Microsoft learns from its customers and actual users.
“What’s exciting is the ability to turn that information around at incredible speed to protect customers. Since we’re using Cloud-powered technologies, those updates and new protections come to customers almost instantaneously. In fact, in many cases, we use behavioural analytics to detect problems before they’re even problems,” Lefferts told IANS. Collaboration is very critical in the cybersecurity space.
“One is collaboration across the security industry. Then there is collaboration around actual incidents and problems as they occur. This is a place where it’s not just a matter of machines; we need machines to empower humans,” he noted.
In 2018, top 34 global technology and securities firms, led by Microsoft and Facebook, signed a “Cybersecurity Tech Accord” to defend people from malicious attacks by cybercriminals and nation-states. The 34 companies include Cisco, HP, Nokia, Oracle, VMware, Dell, CA Technologies, Symantec, Bitdefender, F-Secure, RSA and Trend Micro, among others.