50% of businesses worldwide have experienced recurring attacks from the same hackers, with companies in the United Kingdom suffering the most; Atlas VPN finds.
For businesses that experienced repeat attacks, 61% did not remediate the breaches, leaving the same companies vulnerable to further attacks.
The figures are based on the Ponemon Institute‘s ‘The State of Threat Hunting and the Role of the Analyst 2021‘ survey, which was sponsored by Team Cymru. The survey included responses from 1,778 IT and IT security professionals in North America, Latin America, the United Kingdom, and Europe.
All of the organisations represented in the study have security/threat analysts who gather and/or use threat intelligence, as well as engage in threat hunting and/or threat reconnaissance.
The data found that 55% of companies in the UK experienced data breaches; making the island the most prone country to cybersecurity incidents. They were followed by organisations in North America (50%), Europe (49%), and Latin America (48%).
The top five security threats affecting organisations are cloud vulnerabilities (65%), denial of service attacks (60%), phishing and social engineering attacks (52%), malicious insider threats (45%), as well as DNS-based attacks (44%).
Low-Value Security Alerts and Shortage of Staff Are the Main Security Challenges for Organisations
As cyber-attackers continue to develop and utilise more sophisticated techniques, breaches are becoming regular occurrences, as opposed to worst-case scenarios. But what are the challenges that organisations face when dealing with cyber incidents?
The number one challenge of survey respondents is that “their systems generate too many low-value security alerts”. When security analytics systems cannot effectively prioritise alerts, it wastes the team’s time by asking it to clear low-value alerts while highly important alerts linger at the bottom of the queue. Therefore, 69% of companies see the experience as a significant challenge.
Shortage of staff is another prevalent issue. In total, 60% of companies have a “shortage of in-house expertise that could utilise security technologies”, 56% say they “lack the staff to pick up the workload”, while 53% “lack employees or skills to deliver lasting data-driven outcomes”.
Sharing her thoughts on the situation, Ruth Cizynski, a cybersecurity researcher and writer at Atlas VPN, comments, “As long as organisations do not address existing vulnerabilities and security issues, they risk being hit by cybercriminals again. Organisations should prioritise internal processes that they can control over external security risks that they cannot.”