Cyberthreat Defence Report 2021
2021 has seen a marked rise in online threat from criminal actors and cyber groups; sadly too, it’s also seen a huge jump in cyberattacks, the likes of which haven’t been seen in 6 years.
As we begin to roundup the year of 2021, it’s time to delve into the statistics and see how well the online corporate world has done when it comes to its advancements and stance towards defence against online threats. The CyberEdge Group have released their Cyberthreat Defence Report, which outlines some of the most crucial findings from the year – ones that will prove enlightening for future predictions and areas of investment when it comes to IT security in 2022.
The survey was compiled from a pool of responses from 600 enterprise IT security professionals.
The Headline Statistics
It’s no secret that ransomware has been a rising and heavily prevalent concern over the course of the past year, with two thirds of organisations reporting to be victims to one or more attacks. With the increase in breach incidents and data compromise, attackers have gotten more sophisticated – but so too has their tactics; the rise from 48% to 72% in the amount of companies that have been able to recover compromised data following a ransomware incident has paved a rocky path that has seen more victims paying ransoms (an increase of 57%), therefore paying for future ransomware attempts from cyber criminal groups.
Confidence is much lower with information security professionals today; 8 years ago, 38% of respondents of the same survey felt that it was more likely than not that they would be compromised by a successful attack – this number has now doubled to 76%.
One of the most highlighted risks to organisational cyber defence is third party risk management, with 73% of the 600 participants surveyed observing an increase. Alongside this concern, is the risk posed by unofficial BYOD policies, which is thought to be responsible for the 5.5% increase in successful attacks, the highest rise seen in 6 years.
Mobile Device Security
2021’s report rated mobile devices as “the most challenging to secure,” as a direct result of remote working protocols and organisational inability to prepare and deploy a secure Bring Your Own Device (BYOD) solution that protects at the same level or higher from the types and sophistication of online-borne attacks.
Of the 600 IT professionals surveyed, all reported an increase in remote workers, with 59% declaring a rise in the BYOD adoption. The issue around device security has not been unfamiliar with tech professionals throughout the course of this year and last; of the surveyed decision makers, security on mobile devices ranked as one of the lowest when it comes to confidence in their ability to defend against cyberthreat via that channel (3.92 out of 5, 5 being highly confident).
One of the main threats that information security professionals deem most concerning, with around half of those interviewed claiming it as the chief, is account takeover and compromise (usually via tailored phishing or whaling schemes), and credential stuffing. Human error has been found to be accountable for 88% of breach incidents, and with business system compromise as a primary concern, it seems that more controls are required to restore IT leaders’ confidence against cyber-borne threats via this sort of exploitation.
Future Security Initiatives
Worryingly, CyberEdge’s report found that, even in the midst of an increase in repeated breach attempts, IT security spending increases are actually slowing – within surveyed UK decision makers in the study, it was found that only 10.9% of IT budget is allocated to security: one of the lowest distributions across the globe. Approximately 9 in 10 organisations have also been affected by cyberattacks that target mobile and web applications, highlighting this as a key and necessary area for investment and development.
When it comes to future-proofing mobile security devices, one of the most useful methods to protect against vulnerabilities from applications, like unpatched exploits or services that are shady about the device access and data permissions, is to implement either application blacklisting or whitelisting. CyberEdge’s survey found that 32.9% of information security leaders have it on the agenda for 2021, however there’s still a good handful (12%) that don’t. It’s a wonder why considering last year alone, around 46% of organisations had at least one employee download a malicious mobile-based application.
It’s not all been doom and gloom. CyberEdge’s report crowns the UK as experiencing the least amount of successful cyber attacks over the course of the last year (71%), with China (91.5%), Germany (91.5%) and Mexico (90.6%) above the average with the most. That being said, there’s still a way to go, especially when it comes to mobile device defence.
Are you looking for assistance with your organisation’s mobile device security? To find out more about how Serbus can assist in securing your remote workers and ensure an advanced level of protection on your devices, get in touch today by emailing [email protected], or call our office on +44 (0)1432 870 879.
Source: CyberEdge Threat Defence Report 2021