50% of companies targeted by same hackers in repeat attacks
If a criminal attacked you, you would probably do everything at your disposal to make sure that the same incident would never happen again. Interestingly, it seems that not all companies learn from their mistakes.
According to the data presented by the team of Atlas VPN, 50% of businesses worldwide have experienced recurring attacks from the same hackers, with companies in the United Kingdom suffering the most.
What is more, out of the businesses that experienced repeated attacks, a whopping 61% of them did not remediate the breaches, leaving the companies vulnerable to any further attacks.
The figures are based on the Ponemon Institute's The State of Threat Hunting and the Role of the Analyst (2021) survey, which was sponsored by Team Cymru. The survey included responses from 1,778 IT and IT security professionals in North America, Latin America, the United Kingdom, and Europe. All of the organizations represented in this study have security/threat analysts who gather and/or use threat intelligence, as well as engage in threat hunting and/or threat reconnaissance.
Out of all the countries featured in the survey, companies in the UK have had the most cybersecurity incidents due to an inability to prevent the recurrence of an attack from the same threat actor. This challenge affected 55% of the organizations in the UK.
Looking at the data region by region, North American companies have faced the most cyber incidents by repeat offenders — 50%. The same is true for 49% of European organizations and 48% of Latin American organizations.
The top five security threats affecting organizations are cloud vulnerabilities (65%), denial of service attacks (60%), phishing and social engineering attacks (52%), malicious insider threats (45%), as well as DNS-based attacks (44%).
Low-value security alerts and shortage of staff are the main security challenges for organizations
As cyber attacks are growing more sophisticated, breaches are becoming everyday events rather than worst-case scenarios. But what are the challenges that organizations face when dealing with cyber incidents?
The number one challenge named by survey respondents is the fact that their systems generate too many low-value security alerts. When security analytics systems are unable to effectively prioritize alerts, it wastes the team's time by asking it to clear low-value alerts while highly important alerts linger at the bottom of the queue. Therefore, 69% of companies see it as a significant challenge.
Shortage of staff is the second biggest issue. In total, 60% of companies have a shortage of in-house expertise that could utilize security technologies, 56% say they lack the staff to pick up the workload, while 53% lack employees or skills to deliver lasting data-driven outcomes.
Other difficulties include no access to business context data needed for event correlation (42%), inability to prioritize alerts based on potential business impact (38%), and ineptitude to understand the evolution of threats (36%).
Overall, 68% of respondents believe that investing into a more mature threat hunting team would significantly impact the security of the organization.