SlideShare a Scribd company logo

2022 Cymulate Breaches Survey - Five Key Takeaways

Download as DOCX, PDF
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices

The most rewarding research I've done within Cymulate has been when I direct speak to experts from companies. Their perspective on the current state of cybersecurity in the moment is extremely useful. It's the best method of gaining knowledge regarding cybersecurity issues directly from experts in the sector. It's a fair and effective method to apply the best practices for protecting businesses from cyberattacks, lower the risk and ensure continuity in the business. In 2021, just before the conclusion of the year our survey, we conducted an investigation of ransomware. Although the volume of ransomware-related hacks has been increasing to an alarming degree the participants of the breach survey offered specific and specific tips that were based on their own experiences and the ways they've succeeded in limiting the effect of ransomware and its duration. As the threat grew and was affecting businesses, posing security risks that were not addressed by IT or cybersecurity experts, experts spoke about the importance of cyber-security to executives of the business. They ensured that their organizations received additional security personnel, increased security solutions integration, adopted various best practices and instituted proactive offensive tests and revamped their strategies for responding to any incidents. The research revealed that when ransomware attacks occur, the severity and extent of the attack could be reduced if the appropriate precautions are implemented.

Technology
1 of 6
2022 Cymulate Breaches Survey- Five Key Takeaways The most rewarding research I've done within Cymulate has been when I direct speak to experts from companies. Their perspective on the current state of cybersecurity in the moment is extremely useful. It's the best method of gaining knowledge regarding cybersecurity issues directly from experts in the sector. It's a fair and effective method to apply the best practices for protecting businesses from cyberattacks, lowe r the risk and ensure continuity in the business. In 2021, just before the conclusion of the year our survey, we conducted an investigation of ransomware. Although the volume of ransomware-related hacks has been increasing to an alarming degree the participants of the breach survey offered specific and specific tips that were based on their own experiences and the ways they've succeeded in limiting the effect of ransomware and its duration. As the threat grew and was affecting businesses, posing security risks that were not addressed by IT or cybersecurity experts, experts spoke about the importance of cyber -security to executives of the business. They ensured that their organizations received additional security personnel, increased security solutions integ ration, adopted various best practices and instituted proactive offensive tests and revamped their strategies for responding to any incidents. The research revealed that when ransomware attacks occur, the severity and extent of the attack could be reduced if the appropriate precautions are implemented. In the 2022 Cymulate Breaches Survey we sought for IT and cybersecurity professionals from all over the globe to gain more insight into the root causes of security breaches, the consequences they have as well as mitigation factors. In a range of sectors such as banking tech, finance, and technology and even government, medical and many other 858 people who were from North America, APAC & LATAM, as well as a range of other sectors, took the time to answer these questions. Respondents worked in an range of jobs, such as IT security, business development, cybersecurity and risk management for companies with under 100 to more than 100K employees. Critical Findings to Reduce the Number of Breaches and Breach Damage and Duration To ensure that the information is reliable and avoid bias, we teamed up to collaborate with an independent research firm, Global Surveys. The interesting results we came across can be viewed in the form of five key lessons. Worrying Human Risk Factor Human element in cyberattacks is a persistent problem for many. The user's phishing activity was the main cause behind more than half of the cyberattacks (56
percent). Together with the threat from Insiders (29 percent) that can be defined as being a result of employees' activities that involve phishing and activities, regardless of malicious motive, the percentage of breaches that stem from humans as their source is alarming around 85 percent. It is crucial to increase the effectiveness of the camp aigns used to inform people about phishing and ensure that they're constantly updated to reflect the continuously evolving phishing methods. Everyone in the company must be aware that cyber -attacks are not only averted through email, but also through other forms of communication, such as messaging apps , social media accounts, as well as via phone calls. Furthermore, the numbers suggest that a greater and deeper understanding of cyber security across the whole enterprise is crucial. Employees, and users , should be informed about the importance of confirming sources and the risks of downloading and installing software and also the importance of maintaining proper hygiene of data and the importance of security for credentials as well as other aspects. Criticality of Best Practices Beyond that, businesses should be able include the lowest privilege, authentication, as well as authorization techniques, like multifactor authentication. Lack of adoption of the best practices can be a reliable predicator of any sec urity breach that an organization may suffer. Similar with the report 2021 State of Cybersecurity Awareness that examined more than one million real-world-based attacks carried out by Cymulate clients in 2021. Cymulate customers in 2021. These tests have already shown the ways hackers take advantage of the absence of least rights as well as MFA implementation. Hidden Dangers of Third Parties The second leading cyber attack source was third -party sources associated with the business. It was comprised of employees of third-party companies as additionally contractors, suppliers and even third-party apps/data source and feeds. In an era where the vast majority of companies are connected, being able to discern the risk and risk posed by third-party sources and their risks is crucial. The ability to leak-proof asset segmentation that is secure, with no restrictions on access rights MFA implemented, and audit trail are essential. The study also revealed that only 22% of breaches were publicly disclosed. This means that companies remain in business even after breaches have occurred and it is vital that they include the provision for prompt disclosure in the service level agreements signed with all suppliers who are third -party suppliers. Adopting a Reactive Approach Is More Expensive and Less Effective It's human nature to think the notion that "it won't happen to me." It's the most frequent mindset that blocks many companies from taking proactive steps to guard against security breaches despite advancements in technology and the increasing access to proactive cyber-security tools.
The study revealed that adopting an approach of reactive action - acting only after the breach has occurred increased the risk of recurring incidents that could lead to disastrous consequences. Respondents who had been previously breached multiple times were 60% more likely to be breached more than those who were not breached. Because of the exorbitant post-breach expenses that include the hiring of specialists in security (35 percentage) alon g with public announcement (22 percent) and also employing PR experts (12 percent)) in addition to paying penalties for violations of regulations (4 percent)) shifting to a proactive approach is safer and less costly. Including Executives in the Decisional |Process is Critical The research showed that the involvement of business executives throughout the process is crucial as is the rate of cyber attacks did not directly correlate with the frequency of meetings that executives and managers have been in cont act with cyber security experts to discuss risk decreasing. The meetings that were held at least 15 times in a year or more didn't be a victim of any breaches, while those who attended 10 times during the year experienced only one violation. The frequency of meetings decreased, and the rate of breaches increased significantly. Alongside the presence at meetings we also examined the level of awareness among executives about security breaches. The presence of executives at meetings on risk management is directly associated with a decrease in the amount of breaches. However, if the executives are only conscious about security issues, then the relationship between increased awareness and enhanced security is not as clear. This is consistent with our findings from our study on ransomware. The involvement of management in the prevention and detection of data breaches and increasing productivity is crucial. Breach Damage to Small and Medium Businesses is Proportionally Highest As a security professional, I've often heard managers of smaller and mid-sized firms claim that they're "less important" to attackers and are more likely to not be targeted, suffer less damage and recovered faster. However, this is not the case. The information from the survey indicates that th e small (250 between 2500 and 2500 people) and small businesses' (250 employees or less) chance of being targeted by a smear campaign is about the same than the likelihood of extra -large or larger businesses (2500 or more employees). All businesses are targeted. There is no other way to tell "I'm not big enough to be a target." Furthermore, if are a medium or small firm, the impact on your business might be much greater. It's more difficult to recovery than larger businesses with more capabilities, resources, and staff who are able to invest more in implementing most efficient methods and applying more effective options.
Additionally, these data We also looked into the most effective strategies and solutions, including the use of offensive security strategie s. Top Four Breach Prevention Practices The survey results identified four good practices to use to avoid, reduce and correct violations. The effects on the rate of how these practices are implemented is four practices that were identified:  Multifactor authentication is now widely used (67 per cent).  The awareness and phishing campaigns of corporations (53 percent)  Training and planning for the event of an emergency (44 percent)  Adoption with the lowest rights with a low percentage (43 percent) This translated into an average of 1.1 breaches in the last year. Three other practices included in the survey are:  Security of applications within pipelines within CI/CD (20 20%)  Transferring MS Exchange to a cloud-managed model (15 15 percent)  Employing MSSPs to handle the majority of their tasks (10 10-percent)  which led to averaging 2.1 breaches in the last year. This is one of the most interesting figures inside the document. Utilizing MFA as well as corporate-wide campaigns that educate employees on phishing and use and applying IR plans, as well as adopting organizations who have implemented least privileges dramatically reduced the amount of breaches. While not as prominently as those that have added security features to applications in CI/CD pipelines, switched the use of MS Exchange to cloud-managed models or hired MSSPs to transfer a part of their work have also benefited from this, leading to reductions in the frequency of security incidents. The seven principles mentioned above should be followed by all. Top Four Breach Prevention Solutions The findings of the survey identified four solutions that are the most effective to incorporate to reduce, prevent and manage security risks. The impact on the speed that people use these four solutions:  Web Application Firewalls (WAFs) and API protection (47 percent)  EDR (45%)  Identity Access Management (44%)  Email Security Gateways (41%)
It is understandable that the entire IT world seems to be dependent upon software and this typically has the web as the front-end. Particularly, when we look at the last twenty-one years State of Cybersecurity Awareness revealed that hackers weren't just adept at exploiting front-end applications and enhancing WAFs is a complex procedure that often takes a long time. I think that the methods employed today aren't just Web Application Firewall adoption, but actually API security, as API technology has become vital and more extensive than before. Offensive Testing Techniques Adoption Since it is the most well-known extensive security posture management tool, we were curious to know how many users employed offensive testing techniques. Apart from the conventional pen-testing carried out through third party vendors (62 percent) and pen-testing within-house (59 per cent) We saw an increase of o rganizations adopting advanced testing methods to test offensive purposes. Attack Surface Management adoption reached (53 percent) and was followed by Breach Analysis Simulation (48 percent) Purple Teaming (34 percent) as well as automated red Teaming Camp aigns that had 33 percent. It's encouraging to observe the increasing use of offensive tests which is being used by more than half the test participants. In our next survey we'll look at the use of tactics that are adversarial more thoroughly. In conducting a direct survey of global organizations and gathering their feedback, we can highlight independent, third-party-validated top practices and the most effective solutions. We would like to see more companies adopt these best practices and implement these strategies to increase their security and reap greater value from their security budgets while reducing the risk they are exposed to overall. Additionally, those who implement them will be able reduce the damage with little or no interruption to their operations should a incident. I am happy to see the strong link between application of most effective practices, strategies,, and testing techniques which are offensive and results. DIGITAL DEVICES LTD Long before Apple set an average consumers mindset to replacing their handheld gadgets in two years, Digital Devices Ltd believed in Moore's law that computing will double every two years. With our heritage from the days of IBM Personal Computer XT, our founders have gone through the technology advancements of the 1990s and 2000s realizing that technology is an instrumental part of any business's success. With such a fast pace industry, an IT department can never be equipped with the tools and training needed to maintain their competitive edge. Hence, Digital Devices has put together a team of engineers and vendor partners to keep up with the latest industry trends and recommend clients on various solutions and options available to them. From forming close relationships with networking and storage vendors like Juniper, SolarWinds and VMWare to high-performance computing by HPE or AWS Cloud solutions,
Digital Devices Limited offers the latest technology solutions to fit the ever-growing needs of the industry. Our experts can guide you through the specifications and build cost efficiencies while providing high end, state-of-the-art customer services. We research and analyses market and its current demand and supply chain by offering wide range of bulk supplies of products like AKG C414 XLII, Shireen Cables DC-1021, Shireen Cables DC-2021, Dell p2419h monitor, Dell U2419H, Dell P2719H, Dell P2219H, Lenovo 62A9GAT1UK, LG 65UH5F-H and Complete IT Infrastructure products and services.

Recommended

From One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate ChangeFrom One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate Change
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
What CEOs Really Want From CIOs of today (2).pdf
What CEOs Really Want From CIOs of today (2).pdfWhat CEOs Really Want From CIOs of today (2).pdf
What CEOs Really Want From CIOs of today (2).pdf
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functionsSecurity of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
New Hacktivism Model Trends Worldwide
New Hacktivism Model Trends WorldwideNew Hacktivism Model Trends Worldwide
New Hacktivism Model Trends Worldwide
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
What Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets BreachedWhat Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets Breached
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
How Extended Security Posture Management Empowers Every Security Team
How Extended Security Posture Management Empowers Every Security TeamHow Extended Security Posture Management Empowers Every Security Team
How Extended Security Posture Management Empowers Every Security Team
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Designing Channels 6GHz
Designing Channels 6GHzDesigning Channels 6GHz
Designing Channels 6GHz
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
IoT Devices Security from Within - Why IoT devices require a different securi...
IoT Devices Security from Within - Why IoT devices require a different securi...IoT Devices Security from Within - Why IoT devices require a different securi...
IoT Devices Security from Within - Why IoT devices require a different securi...
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 

Recommended

From One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate ChangeFrom One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate Change
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
What CEOs Really Want From CIOs of today (2).pdf
What CEOs Really Want From CIOs of today (2).pdfWhat CEOs Really Want From CIOs of today (2).pdf
What CEOs Really Want From CIOs of today (2).pdf
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functionsSecurity of the Data Secure the Data SASE, CNAPP and CSMA functions
Security of the Data Secure the Data SASE, CNAPP and CSMA functions
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
New Hacktivism Model Trends Worldwide
New Hacktivism Model Trends WorldwideNew Hacktivism Model Trends Worldwide
New Hacktivism Model Trends Worldwide
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
What Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets BreachedWhat Happens to Your Data When a Company Gets Breached
What Happens to Your Data When a Company Gets Breached
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
How Extended Security Posture Management Empowers Every Security Team
How Extended Security Posture Management Empowers Every Security TeamHow Extended Security Posture Management Empowers Every Security Team
How Extended Security Posture Management Empowers Every Security Team
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Designing Channels 6GHz
Designing Channels 6GHzDesigning Channels 6GHz
Designing Channels 6GHz
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
IoT Devices Security from Within - Why IoT devices require a different securi...
IoT Devices Security from Within - Why IoT devices require a different securi...IoT Devices Security from Within - Why IoT devices require a different securi...
IoT Devices Security from Within - Why IoT devices require a different securi...
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Forecasting Metaverse Threats: Will it Become Metaworse?
Forecasting Metaverse Threats: Will it Become Metaworse?Forecasting Metaverse Threats: Will it Become Metaworse?
Forecasting Metaverse Threats: Will it Become Metaworse?
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
XDR - The latest TLA or the Newest Cyber Shield.
XDR - The latest TLA or the Newest Cyber Shield.XDR - The latest TLA or the Newest Cyber Shield.
XDR - The latest TLA or the Newest Cyber Shield.
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
How Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business GrowthHow Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business Growth
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
The Way Quantum Computing Will Change Encryption Forever
The Way Quantum Computing Will Change Encryption ForeverThe Way Quantum Computing Will Change Encryption Forever
The Way Quantum Computing Will Change Encryption Forever
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
A digital attack surface map is in order.
A digital attack surface map is in order.A digital attack surface map is in order.
A digital attack surface map is in order.
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
The thirst of a worker can cause toxic resumes
The thirst of a worker can cause toxic resumesThe thirst of a worker can cause toxic resumes
The thirst of a worker can cause toxic resumes
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
3 Reasons Manufacturers Are a Prime Target for Cyberattacks
3 Reasons Manufacturers Are a Prime Target for Cyberattacks3 Reasons Manufacturers Are a Prime Target for Cyberattacks
3 Reasons Manufacturers Are a Prime Target for Cyberattacks
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
No More Ransom - Six Years of Innovating to Fight Ransomware Together
No More Ransom - Six Years of Innovating to Fight Ransomware TogetherNo More Ransom - Six Years of Innovating to Fight Ransomware Together
No More Ransom - Six Years of Innovating to Fight Ransomware Together
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Safeguarding Against the Five Stages Of a Ransomware Attack
Safeguarding Against the Five Stages Of a Ransomware AttackSafeguarding Against the Five Stages Of a Ransomware Attack
Safeguarding Against the Five Stages Of a Ransomware Attack
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Part 1: Data Distribution Service
Part 1: Data Distribution ServicePart 1: Data Distribution Service
Part 1: Data Distribution Service
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
How Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business GrowthHow Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business Growth
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Manual user provisioning is dangerous
Manual user provisioning is dangerousManual user provisioning is dangerous
Manual user provisioning is dangerous
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Worker's thirst can lead to poisoned resumes
Worker's thirst can lead to poisoned resumesWorker's thirst can lead to poisoned resumes
Worker's thirst can lead to poisoned resumes
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
What's the cause behind the rise in RANSOMWARE attacks?
What's the cause behind the rise in RANSOMWARE attacks?What's the cause behind the rise in RANSOMWARE attacks?
What's the cause behind the rise in RANSOMWARE attacks?
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Danger Debrief | June 2022
Danger Debrief | June 2022Danger Debrief | June 2022
Danger Debrief | June 2022
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 

More Related Content

More from Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices

Forecasting Metaverse Threats: Will it Become Metaworse?
Forecasting Metaverse Threats: Will it Become Metaworse?Forecasting Metaverse Threats: Will it Become Metaworse?
Forecasting Metaverse Threats: Will it Become Metaworse?
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
XDR - The latest TLA or the Newest Cyber Shield.
XDR - The latest TLA or the Newest Cyber Shield.XDR - The latest TLA or the Newest Cyber Shield.
XDR - The latest TLA or the Newest Cyber Shield.
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
How Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business GrowthHow Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business Growth
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
The Way Quantum Computing Will Change Encryption Forever
The Way Quantum Computing Will Change Encryption ForeverThe Way Quantum Computing Will Change Encryption Forever
The Way Quantum Computing Will Change Encryption Forever
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
A digital attack surface map is in order.
A digital attack surface map is in order.A digital attack surface map is in order.
A digital attack surface map is in order.
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
The thirst of a worker can cause toxic resumes
The thirst of a worker can cause toxic resumesThe thirst of a worker can cause toxic resumes
The thirst of a worker can cause toxic resumes
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
3 Reasons Manufacturers Are a Prime Target for Cyberattacks
3 Reasons Manufacturers Are a Prime Target for Cyberattacks3 Reasons Manufacturers Are a Prime Target for Cyberattacks
3 Reasons Manufacturers Are a Prime Target for Cyberattacks
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
No More Ransom - Six Years of Innovating to Fight Ransomware Together
No More Ransom - Six Years of Innovating to Fight Ransomware TogetherNo More Ransom - Six Years of Innovating to Fight Ransomware Together
No More Ransom - Six Years of Innovating to Fight Ransomware Together
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Safeguarding Against the Five Stages Of a Ransomware Attack
Safeguarding Against the Five Stages Of a Ransomware AttackSafeguarding Against the Five Stages Of a Ransomware Attack
Safeguarding Against the Five Stages Of a Ransomware Attack
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Part 1: Data Distribution Service
Part 1: Data Distribution ServicePart 1: Data Distribution Service
Part 1: Data Distribution Service
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
How Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business GrowthHow Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business Growth
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Manual user provisioning is dangerous
Manual user provisioning is dangerousManual user provisioning is dangerous
Manual user provisioning is dangerous
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Worker's thirst can lead to poisoned resumes
Worker's thirst can lead to poisoned resumesWorker's thirst can lead to poisoned resumes
Worker's thirst can lead to poisoned resumes
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
What's the cause behind the rise in RANSOMWARE attacks?
What's the cause behind the rise in RANSOMWARE attacks?What's the cause behind the rise in RANSOMWARE attacks?
What's the cause behind the rise in RANSOMWARE attacks?
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 

More from Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices (15)

Forecasting Metaverse Threats: Will it Become Metaworse?
Forecasting Metaverse Threats: Will it Become Metaworse?Forecasting Metaverse Threats: Will it Become Metaworse?
Forecasting Metaverse Threats: Will it Become Metaworse?
 
XDR - The latest TLA or the Newest Cyber Shield.
XDR - The latest TLA or the Newest Cyber Shield.XDR - The latest TLA or the Newest Cyber Shield.
XDR - The latest TLA or the Newest Cyber Shield.
 
How Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business GrowthHow Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business Growth
 
The Way Quantum Computing Will Change Encryption Forever
The Way Quantum Computing Will Change Encryption ForeverThe Way Quantum Computing Will Change Encryption Forever
The Way Quantum Computing Will Change Encryption Forever
 
A digital attack surface map is in order.
A digital attack surface map is in order.A digital attack surface map is in order.
A digital attack surface map is in order.
 
The thirst of a worker can cause toxic resumes
The thirst of a worker can cause toxic resumesThe thirst of a worker can cause toxic resumes
The thirst of a worker can cause toxic resumes
 
3 Reasons Manufacturers Are a Prime Target for Cyberattacks
3 Reasons Manufacturers Are a Prime Target for Cyberattacks3 Reasons Manufacturers Are a Prime Target for Cyberattacks
3 Reasons Manufacturers Are a Prime Target for Cyberattacks
 
No More Ransom - Six Years of Innovating to Fight Ransomware Together
No More Ransom - Six Years of Innovating to Fight Ransomware TogetherNo More Ransom - Six Years of Innovating to Fight Ransomware Together
No More Ransom - Six Years of Innovating to Fight Ransomware Together
 
Safeguarding Against the Five Stages Of a Ransomware Attack
Safeguarding Against the Five Stages Of a Ransomware AttackSafeguarding Against the Five Stages Of a Ransomware Attack
Safeguarding Against the Five Stages Of a Ransomware Attack
 
Part 1: Data Distribution Service
Part 1: Data Distribution ServicePart 1: Data Distribution Service
Part 1: Data Distribution Service
 
How Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business GrowthHow Cyber Resilience Enables Business Growth
How Cyber Resilience Enables Business Growth
 
Manual user provisioning is dangerous
Manual user provisioning is dangerousManual user provisioning is dangerous
Manual user provisioning is dangerous
 
Worker's thirst can lead to poisoned resumes
Worker's thirst can lead to poisoned resumesWorker's thirst can lead to poisoned resumes
Worker's thirst can lead to poisoned resumes
 
What's the cause behind the rise in RANSOMWARE attacks?
What's the cause behind the rise in RANSOMWARE attacks?What's the cause behind the rise in RANSOMWARE attacks?
What's the cause behind the rise in RANSOMWARE attacks?
 
Danger Debrief | June 2022
Danger Debrief | June 2022Danger Debrief | June 2022
Danger Debrief | June 2022
 

2022 Cymulate Breaches Survey - Five Key Takeaways

  • 1. 2022 Cymulate Breaches Survey- Five Key Takeaways The most rewarding research I've done within Cymulate has been when I direct speak to experts from companies. Their perspective on the current state of cybersecurity in the moment is extremely useful. It's the best method of gaining knowledge regarding cybersecurity issues directly from experts in the sector. It's a fair and effective method to apply the best practices for protecting businesses from cyberattacks, lowe r the risk and ensure continuity in the business. In 2021, just before the conclusion of the year our survey, we conducted an investigation of ransomware. Although the volume of ransomware-related hacks has been increasing to an alarming degree the participants of the breach survey offered specific and specific tips that were based on their own experiences and the ways they've succeeded in limiting the effect of ransomware and its duration. As the threat grew and was affecting businesses, posing security risks that were not addressed by IT or cybersecurity experts, experts spoke about the importance of cyber -security to executives of the business. They ensured that their organizations received additional security personnel, increased security solutions integ ration, adopted various best practices and instituted proactive offensive tests and revamped their strategies for responding to any incidents. The research revealed that when ransomware attacks occur, the severity and extent of the attack could be reduced if the appropriate precautions are implemented. In the 2022 Cymulate Breaches Survey we sought for IT and cybersecurity professionals from all over the globe to gain more insight into the root causes of security breaches, the consequences they have as well as mitigation factors. In a range of sectors such as banking tech, finance, and technology and even government, medical and many other 858 people who were from North America, APAC & LATAM, as well as a range of other sectors, took the time to answer these questions. Respondents worked in an range of jobs, such as IT security, business development, cybersecurity and risk management for companies with under 100 to more than 100K employees. Critical Findings to Reduce the Number of Breaches and Breach Damage and Duration To ensure that the information is reliable and avoid bias, we teamed up to collaborate with an independent research firm, Global Surveys. The interesting results we came across can be viewed in the form of five key lessons. Worrying Human Risk Factor Human element in cyberattacks is a persistent problem for many. The user's phishing activity was the main cause behind more than half of the cyberattacks (56
  • 2. percent). Together with the threat from Insiders (29 percent) that can be defined as being a result of employees' activities that involve phishing and activities, regardless of malicious motive, the percentage of breaches that stem from humans as their source is alarming around 85 percent. It is crucial to increase the effectiveness of the camp aigns used to inform people about phishing and ensure that they're constantly updated to reflect the continuously evolving phishing methods. Everyone in the company must be aware that cyber -attacks are not only averted through email, but also through other forms of communication, such as messaging apps , social media accounts, as well as via phone calls. Furthermore, the numbers suggest that a greater and deeper understanding of cyber security across the whole enterprise is crucial. Employees, and users , should be informed about the importance of confirming sources and the risks of downloading and installing software and also the importance of maintaining proper hygiene of data and the importance of security for credentials as well as other aspects. Criticality of Best Practices Beyond that, businesses should be able include the lowest privilege, authentication, as well as authorization techniques, like multifactor authentication. Lack of adoption of the best practices can be a reliable predicator of any sec urity breach that an organization may suffer. Similar with the report 2021 State of Cybersecurity Awareness that examined more than one million real-world-based attacks carried out by Cymulate clients in 2021. Cymulate customers in 2021. These tests have already shown the ways hackers take advantage of the absence of least rights as well as MFA implementation. Hidden Dangers of Third Parties The second leading cyber attack source was third -party sources associated with the business. It was comprised of employees of third-party companies as additionally contractors, suppliers and even third-party apps/data source and feeds. In an era where the vast majority of companies are connected, being able to discern the risk and risk posed by third-party sources and their risks is crucial. The ability to leak-proof asset segmentation that is secure, with no restrictions on access rights MFA implemented, and audit trail are essential. The study also revealed that only 22% of breaches were publicly disclosed. This means that companies remain in business even after breaches have occurred and it is vital that they include the provision for prompt disclosure in the service level agreements signed with all suppliers who are third -party suppliers. Adopting a Reactive Approach Is More Expensive and Less Effective It's human nature to think the notion that "it won't happen to me." It's the most frequent mindset that blocks many companies from taking proactive steps to guard against security breaches despite advancements in technology and the increasing access to proactive cyber-security tools.
  • 3. The study revealed that adopting an approach of reactive action - acting only after the breach has occurred increased the risk of recurring incidents that could lead to disastrous consequences. Respondents who had been previously breached multiple times were 60% more likely to be breached more than those who were not breached. Because of the exorbitant post-breach expenses that include the hiring of specialists in security (35 percentage) alon g with public announcement (22 percent) and also employing PR experts (12 percent)) in addition to paying penalties for violations of regulations (4 percent)) shifting to a proactive approach is safer and less costly. Including Executives in the Decisional |Process is Critical The research showed that the involvement of business executives throughout the process is crucial as is the rate of cyber attacks did not directly correlate with the frequency of meetings that executives and managers have been in cont act with cyber security experts to discuss risk decreasing. The meetings that were held at least 15 times in a year or more didn't be a victim of any breaches, while those who attended 10 times during the year experienced only one violation. The frequency of meetings decreased, and the rate of breaches increased significantly. Alongside the presence at meetings we also examined the level of awareness among executives about security breaches. The presence of executives at meetings on risk management is directly associated with a decrease in the amount of breaches. However, if the executives are only conscious about security issues, then the relationship between increased awareness and enhanced security is not as clear. This is consistent with our findings from our study on ransomware. The involvement of management in the prevention and detection of data breaches and increasing productivity is crucial. Breach Damage to Small and Medium Businesses is Proportionally Highest As a security professional, I've often heard managers of smaller and mid-sized firms claim that they're "less important" to attackers and are more likely to not be targeted, suffer less damage and recovered faster. However, this is not the case. The information from the survey indicates that th e small (250 between 2500 and 2500 people) and small businesses' (250 employees or less) chance of being targeted by a smear campaign is about the same than the likelihood of extra -large or larger businesses (2500 or more employees). All businesses are targeted. There is no other way to tell "I'm not big enough to be a target." Furthermore, if are a medium or small firm, the impact on your business might be much greater. It's more difficult to recovery than larger businesses with more capabilities, resources, and staff who are able to invest more in implementing most efficient methods and applying more effective options.
  • 4. Additionally, these data We also looked into the most effective strategies and solutions, including the use of offensive security strategie s. Top Four Breach Prevention Practices The survey results identified four good practices to use to avoid, reduce and correct violations. The effects on the rate of how these practices are implemented is four practices that were identified:  Multifactor authentication is now widely used (67 per cent).  The awareness and phishing campaigns of corporations (53 percent)  Training and planning for the event of an emergency (44 percent)  Adoption with the lowest rights with a low percentage (43 percent) This translated into an average of 1.1 breaches in the last year. Three other practices included in the survey are:  Security of applications within pipelines within CI/CD (20 20%)  Transferring MS Exchange to a cloud-managed model (15 15 percent)  Employing MSSPs to handle the majority of their tasks (10 10-percent)  which led to averaging 2.1 breaches in the last year. This is one of the most interesting figures inside the document. Utilizing MFA as well as corporate-wide campaigns that educate employees on phishing and use and applying IR plans, as well as adopting organizations who have implemented least privileges dramatically reduced the amount of breaches. While not as prominently as those that have added security features to applications in CI/CD pipelines, switched the use of MS Exchange to cloud-managed models or hired MSSPs to transfer a part of their work have also benefited from this, leading to reductions in the frequency of security incidents. The seven principles mentioned above should be followed by all. Top Four Breach Prevention Solutions The findings of the survey identified four solutions that are the most effective to incorporate to reduce, prevent and manage security risks. The impact on the speed that people use these four solutions:  Web Application Firewalls (WAFs) and API protection (47 percent)  EDR (45%)  Identity Access Management (44%)  Email Security Gateways (41%)
  • 5. It is understandable that the entire IT world seems to be dependent upon software and this typically has the web as the front-end. Particularly, when we look at the last twenty-one years State of Cybersecurity Awareness revealed that hackers weren't just adept at exploiting front-end applications and enhancing WAFs is a complex procedure that often takes a long time. I think that the methods employed today aren't just Web Application Firewall adoption, but actually API security, as API technology has become vital and more extensive than before. Offensive Testing Techniques Adoption Since it is the most well-known extensive security posture management tool, we were curious to know how many users employed offensive testing techniques. Apart from the conventional pen-testing carried out through third party vendors (62 percent) and pen-testing within-house (59 per cent) We saw an increase of o rganizations adopting advanced testing methods to test offensive purposes. Attack Surface Management adoption reached (53 percent) and was followed by Breach Analysis Simulation (48 percent) Purple Teaming (34 percent) as well as automated red Teaming Camp aigns that had 33 percent. It's encouraging to observe the increasing use of offensive tests which is being used by more than half the test participants. In our next survey we'll look at the use of tactics that are adversarial more thoroughly. In conducting a direct survey of global organizations and gathering their feedback, we can highlight independent, third-party-validated top practices and the most effective solutions. We would like to see more companies adopt these best practices and implement these strategies to increase their security and reap greater value from their security budgets while reducing the risk they are exposed to overall. Additionally, those who implement them will be able reduce the damage with little or no interruption to their operations should a incident. I am happy to see the strong link between application of most effective practices, strategies,, and testing techniques which are offensive and results. DIGITAL DEVICES LTD Long before Apple set an average consumers mindset to replacing their handheld gadgets in two years, Digital Devices Ltd believed in Moore's law that computing will double every two years. With our heritage from the days of IBM Personal Computer XT, our founders have gone through the technology advancements of the 1990s and 2000s realizing that technology is an instrumental part of any business's success. With such a fast pace industry, an IT department can never be equipped with the tools and training needed to maintain their competitive edge. Hence, Digital Devices has put together a team of engineers and vendor partners to keep up with the latest industry trends and recommend clients on various solutions and options available to them. From forming close relationships with networking and storage vendors like Juniper, SolarWinds and VMWare to high-performance computing by HPE or AWS Cloud solutions,
  • 6. Digital Devices Limited offers the latest technology solutions to fit the ever-growing needs of the industry. Our experts can guide you through the specifications and build cost efficiencies while providing high end, state-of-the-art customer services. We research and analyses market and its current demand and supply chain by offering wide range of bulk supplies of products like AKG C414 XLII, Shireen Cables DC-1021, Shireen Cables DC-2021, Dell p2419h monitor, Dell U2419H, Dell P2719H, Dell P2219H, Lenovo 62A9GAT1UK, LG 65UH5F-H and Complete IT Infrastructure products and services.