• Home
  • /
  • Malware
  • /
  • Businesses fail to close the gap on exploits

Businesses fail to close the gap on exploits

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 07 Feb 2018
In 2017, healthcare was the top target for ransomware, followed by energy, professional services and retail, says Sophos.
In 2017, healthcare was the top target for ransomware, followed by energy, professional services and retail, says Sophos.

IT security remains a highly challenging and complex area for organisations across the globe, fuelled by the ever-increasing complexity of malware attacks and the financial incentives for attackers.

This is according to a recent Sophos report titled The State of Endpoint Security Today, which surveyed 2 700 mid-sized organisations in 10 countries worldwide, including South Africa. The study says despite the high-profile headlines of 2017, businesses are still not prepared to face today's fast-evolving threats.

It says ransomware continues to be a major issue across the globe, with 54% of organisations surveyed hit in the last year, and a further 31% expecting to be victims of an attack in the future.

Healthcare was the top target, followed by energy, professional services and retail, says the study.

Although both healthcare and financial services hold high-value data, healthcare is often perceived as a soft target, leading to increased frequency of attack, says Sophos. That assumption is not without merit - healthcare tends to have an aging IT infrastructure, leaving security holes, as well as restricted resources for improving IT security. Healthcare organisations are also considered to be more likely to pay a ransom.

In South Africa, more than 50% of organisations were hit by ransomware last year and on average they were struck twice, the study reveals. Seventy percent were running up-to-date endpoint protection when last impacted by ransomware, it adds.

The median total cost of a ransomware attack was around R1.7 million including ransom, downtime, manpower, device cost, network cost, and lost opportunities, with 48% incurring costs below this level and 52% incurring costs above this level.

Moreover, more than 50% of organisations surveyed did not have anti-exploit technology, which means they are easy prey for data breaches and complex threats like WannaCry, says Sophos.

Also, 70% of IT professionals were unable to identify the correct definition of anti-exploit technology, despite how critical it is for modern attack prevention, says the study. Only 34% have predictive next-generation technologies, such as machine or deep learning; which 48% plan to implement within a year, it adds.

"The lack of awareness and lack of protection against exploits is alarming. We've seen resurgence in cyber criminals looking for vulnerabilities to actively use in countless attack campaigns, says Dan Schiappa, senior vice president and general manager of products for Sophos.

"Five or six years ago we saw one per year, and last year as many as five new office exploits have been used for cyber criminal activity," says Sophos. "When cyber criminals are deliberately seeking out both known and zero-day vulnerabilities and an organisation has a deficit in defences, it adds up to a bad security situation."

This relentless attack methodology, combined with the growth in ransomware as a service, the anticipation of more complex threats, and the resurgence of worms like WannaCry and NotPetya, puts businesses in serious need of a security makeover, observes Sophos.

Organisations of all sizes are starting 2018 with inadequate protection against ransomware, despite last year's international headlines," adds Schiappa. "Given the ingenuity, frequency, and financial impact of attacks, all businesses should re-evaluate their security to include predictive security technology that has the capabilities needed to combat ransomware and other costly cyber threats.

"Given the speed at which cyber threats have evolved, it is not surprising that many IT managers are unable to stay ahead of the next-generation technology required for security. Yet this knowledge gap could be placing operations at risk. Organisations need effective anti-ransomware, anti-exploit, and deep learning technology to stay secure in 2018 and beyond," he concludes.