If it seems as if you learn about a new cyberattack on an organization virtually every time you turn on the news or read the latest headlines, you are not too far off. Cyberattacks are on the upswing internationally, and the increasingly complex threat landscape has worried organizations of all sizes as well as the cybersecurity professionals tasked with keeping them safe. One staggering statistic from the United Nations said that there was a 600% increase in malicious emails over just the first few months of the pandemic in early 2020, and the pace has not slowed since.
Here in Canada, the number of successful attacks by cybercriminals that are disrupting and damaging computer systems and networks is staggering. The 2020 Cyberthreat Defense Report (CDR) by CyberEdge Group found that 78% of Canadian organizations had experienced at least one cyberattack within a 12-month period. By 2021, that number had grown to 85.7%. That’s despite the fact that Canadian firms are spending an average of 11.1% of their IT budgets on cybersecurity, according to the 2021 CyberEdge report.
So what can organizations do to minimize its risk? The Ponemon Institute surveyed nearly 3,000 security professionals in nine countries to put together its “Costs and Consequences of Gaps in Vulnerability Response” report. Their recommendations of how to protect against cyber criminals may offer some reassurance in an evolving threat landscape.
Seeking the causes of data breaches
Of course, there are many potential causes of data breaches, but there are several common methods that criminals favor, according to the survey. They found that the top three are human error, external attack from a cybercriminal, and an internal attack carried out by a malicious insider.
If you have a small internal IT support team, it can be challenging to address all the potential root causes, yet doing what you are able to do with the resources you have is critical to minimizing the number of significant cyber threats to your organization. The good news is that some steps can be taken even with limited IT resources.
Preventing data breaches through patching
One of the most efficient methods of combating a root cause of data breaches that is simple for internal IT professionals to execute is keeping patches up to date. Patches repair known security vulnerabilities and other bugs in software and networks.
This simple process goes quite a long way toward prevention. An astonishing sixty percent of the survey’s respondents said patching would have prevented at least some of the data breaches their organizations faced over the past 12 months.
One reason for the disconnect between what should be done and what it being done is internal bureaucracy. Although the study noted that IT security operations and internal IT professionals are primarily responsible for patching, 88 percent of respondents noted that they are required to coordinate with other departments when patching vulnerabilities. The survey determined that coordination could add delays of as many as 12 days. That makes sense when you consider that other departments involved may be hesitant to patch because they fear downtime. However, time is critical when it comes to cybersecurity. On average, it takes 16 days for an IT team to patch a critical vulnerability after it is discovered, the study found, and quite a bit of damage can happen in that time frame.
Technology can combat cyber threats
While developing a process that ensures timely patching is critical, utilizing the right technology to combat cybercriminals is also key.
The IT threat environment is continually evolving, which makes it challenging for internal IT departments, who are also balancing day-to-day tasks, to keep up with the latest data on how hackers are infiltrating systems.
The majority of survey respondents (60 percent) acknowledged that attackers are outpacing enterprises by using emerging technologies such as machine learning and Artificial Intelligence. In contrast, 52 percent of enterprises are using manual processes to patch vulnerabilities instead of automation.
By increasing your internal IT team’s use of automation, minimizing internal obstacles to patching, and bringing in additional IT security professionals when needed to ensure timely implementation, your organization can stay on track when it comes to patching.
While cyberattacks are increasing – Canada was the fourth hardest-hit country in December 2021 – your IT team can protect your organization by staying up to date with patches and leveraging new technologies to do so. In turn, you can help your cybersecurity team by increasing the number of IT professionals dedicated to protecting your networks and systems and enlisting external assistance when needed. Don’t know where to start? Reach out to us for advice and support.