More than a quarter of entities hit by a cyber attack were hit more than five times in a year.
Forty-seven percent of enterprise-scale firms were targeted more than six times, and 33% fought off attackers more than 25 times.
This means that one-in-three of firms were attacked on average twice a month.
In addition, 17% all firms attacked this year said the impact was serious enough to ‘materially threaten the solvency or viability of the company’.
This was revealed by the Hiscox Cyber Readiness Report 2021 which provided some statistics and facts about the impact of cyber crime.
According to Anna Collard, SVP content strategy & evangelist at KnowBe4 Africa, the report highlights the enormous challenge that businesses face when it comes to securing their assets.
“It is not just an attack, pay the ransom and go. It is attack, attack again and keep on attacking,” she says.
First point of entry
When it came to the first point of entry of the threat actors, it's mostly corporate-owned servers (37%) and cloud-based servers (31%), followed by company Web sites (29%) and employee error such as phishing or spoofing (28%).
“This is the time for the organisation to turn and face the threat head on,” says Collard. “It is too risky to think that these attacks happen to someone else, or that your systems are too good to be breached. There is always a vulnerability, or a bad decision made by an employee.”
Speaking to the repeated attacks, Collard says the more successful a breach, the more the organisation is targeted.
“The victims of these attacks are paying the ransom and then they are being hit again. The problem is that many organisations are just paying up to protect sensitive information and this is encouraging the attackers to keep on coming back for more.”
The report also revealed that over half of those targeted (58%) paid the ransom, either to recover data or to prevent publication of sensitive information.
Fighting back
Collard says that organisations can fight back and put themselves back in control, starting with investing in people, process and technologies, and applying best practices across the organisation.
Organisations should focus on the internal systems and processes they can control, instead of the security threats and concerns they cannot, Collard advises.
“Ensure that vulnerabilities are minimised by ensuring that patch management and updates are properly managed. Hire the right people and make sure they have the right tools at their disposal. And train everyone, all the time, so that security is embedded into the very fabric of the company and its culture,” she says.
Share