- 14 Mar 2019 6:41 AM
- Budapest Business Journal
Identifying and determining the importance of suspicious events, as well as alert management, is seen as key in combatting threats.
In a new global survey of network and endpoint protection, Sophos surveyed IT decision-makers at 3,500 medium-sized companies in 13 countries: the U.S., Canada, Mexico, Colombia, Brazil, the U.K., France, Germany, Australia, Japan, India, South Africa, and Hungary.
One of the most significant differences between Hungary and the other participating countries is that in 2018, some 85% of Hungarian companies did not suffer from cyberattacks, while in other countries, only an average of 30% of respondents claimed that no cyberattacks had occurred.
The "7 Uncomfortable Truths of Endpoint Security" survey also shows that in Hungary IT managers are more likely to discover digital criminals at endpoints (nearly 60%), while in other countries participating in the survey they are typically spotted on their organizationsʼ servers and networks.
"IT professionals should not ignore endpoints, as most digital attacks start with them, yet IT managers are not able to identify how and when attacks started in the system," says Gábor Szappanos, Sophos virus expert.
The survey reveals that 20% of IT managers who were affected by one or more attacks last year were unable to determine how the attackers got access, while 17% did not know how long the threat had been in their immediate environment before the discovery.
According to Sophos, to address the lack of transparency, IT managers need EDR (endpoint detection and response) technology, which explores the starting points of threats and the digital traces of attackers left behind during lateral movement within the network.
The findings also state that organizations investigating one or more potential security incidents spend an average of 48 days a year on their investigation (four days per month).
IT managers have identified three factors as the most important for EDR solutions: identifying suspicious events (Hungary: 66%, globally: 27%); alert management (Hungary: 40%, globally: 18%); and determining the importance of suspicious events (Hungary: 30%, globally: 13%). These are measures that can reduce the time for identifying and responding to security signals, says the survey.
"Most random digital attacks can be stopped at the endpoints in seconds without alarm," Szappanos notes. "Persistent attackers using targeted blackmail viruses such as SamSam take a long time to break the system by detecting misplaced, easily guessible passwords for remotely accessible devices (RDP, VNC, VPN, etc.), consolidate their position, and move unnoticed until the damage is done."
Some 57% of international respondents (on average) say they plan to implement EDR in the next 12 months. In Hungary, however, fewer than 20% say the same.