The latest report by cybersecurity firm Anomali shows a steady increase in cyberattacks, spawning new ideas on how organizations can protect themselves.
The “2022 Anomali Cybersecurity Insights Report,” is a survey of 800 cybersecurity decision-makers commissioned by Anomali, conducted between September 9 and October 13, 2021, with responses from manufacturing, telecommunications, and finance professionals in the U.S., U.K. and Canada.
87% of respondents said that their organizations were victims of cyberattacks in the last three years. 83% of respondents experienced an increase in attempted cyberattacks when the pandemic broke out, while 87% were affected by phishing emails, many of which revolved around the coronavirus.
Ransomware has affected more than 50% of respondents in the last three years. 39% of them said to have paid the ransom. 58% of them paid somewhere between $100,000 and almost $1 million, while 7% paid $1 million or more.
In addition, financial losses from cyberattacks, phishing campaigns and data breaches have increased. In 2019, 15% of the organizations surveyed suffered losses of $500,000 or more. By 2020, this percentage had increased by almost 100% to 28%.
In terms of mitigating these threats, 49% of respondents agreed that their security teams are able to face threats head-on on the basis of trends, severity and impact. 46% said they strongly agree that their security technologies are capable of detecting known threats, and 32% strongly agree that their security teams are struggling amid the rapidly changing nature of cyber threats.
Respondents said that it took them an average of 3.6 days to detect attacks by cybercriminal organizations, 3.5 days to detect individual hacker attacks, 3.3 days for advanced persistent threats (APTs) and 2.9 days for nation-states. After the 2020 Solar Wind attack, it took organizations an average of 2.9 days to respond, and 3.1 days to recover.
To improve the detection of security problems with older systems, respondents use new technologies: 59% have used threat intelligence, 48% have used extended detection and response (XDR) technologies and 43% are using the MITRE ATT&CK Framework.
In addition, 78% of security experts surveyed reassessed their cybersecurity strategy after the outbreak of the pandemic, 74% increased their security budgets last year, and 38% found that nearly 40% of their IT budget had been reallocated to cybersecurity.
Finally, respondents were asked what factors they take into account when assessing new security technologies. 48% chose the level of support available to users as the most important factor to consider. User-friendliness was mentioned by 46% of respondents, while the ability to integrate with other security systems was mentioned by 44%.