Phishing emails impacted one in two Indian organisations that were hit by a cyber attack and IT managers are inundated with cyber attacks coming from all directions as they struggle to keep up due to a lack of security expertise, budget and up-to-date technology, a new survey by global cyber security major Sophos said.
The survey included 3,100 IT decision-makers from mid-sized businesses in India, the US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, and South Africa.
“Cyber criminals are evolving their attack methods and often use multiple payloads to maximise profits. Software exploits were the initial point of entry in 41 per cent of incidents, but they were also used in some fashion in 35 per cent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” Sunil Sharma, Managing Director-sales, Sophos India & SAARC, said in a statement.
“Organisations that are only patching externally facing high-risk servers are left vulnerable internally and cyber criminals are taking advantage of this and other security lapses,” he added.
The wide range, multiple stages and scale of today’s attacks are proving effective. Fifty-four per cent of those who fell victim to a cyber attack were hit by a phishing email, 39 per cent by ransomware and 48 per cent said they suffered a data breach.
Based on the responses, it’s not surprising that 50 per cent of IT managers consider software exploits, unpatched vulnerabilities and/or zero-day threats as top security risks, while 43 per cent consider phishing as a security risk.