Data and securityCyber SecurityFive reasons cyberattacks succeed

Five reasons cyberattacks succeed

Security professionals have named the main reasons why cyberattacks are successful, providing insight into what public sector organisations need to do to protect themselves

Security professionals have named the main reasons why cyberattacks are successful, providing insight into what public sector organisations need to do to protect themselves.

Malware protection specialist Lastline surveyed attendees at the Black Hat 2017 security conference in Las Vegas and found that nearly 55% of respondents have suffered a cyberattack within their respective organisations, with 20% being hit with ransomware.

While human error is a contributing factor behind these attacks, the survey also found scarce resources to help security teams respond, and a lack of best practice being implemented to prevent future attacks.

The experts surveyed highlighted the following issues:

Human error continues to be a key cause of cyberattacks: 84% of respondents whose company has suffered a cyberattack attribute it, at least in part, to human error, likely exacerbated by understaffed security teams and a flood of alerts and false positives. 43% say technology detected the attack but the security team took no action, while another 41% attribute the attack to a combination of technology and human error.

Ransomware is on the rise, but not necessarily effective: One in five organisations has been victimised by ransomware. Of those hit, just 8% paid the ransom while nearly two-thirds refused.

Information resources to understand and mitigate attacks are scarce: Overall, 42% of respondents have no helpful source about the specific attack and are left to figure it out themselves, while 52% seek online information from security experts and vendors, and another 19% rely on peers.

Organisations are playing roulette with infected computers: Only 28% of respondents follow best practices and erase and rebuild a computer’s software after a potential malware attack. Seventy percent either manually erase (46%) or rely on AV tools to identify and clean the malware (24%), often resulting in the malware staying in place on the infected machine to continue its attack.

Cybercrime: risk versus reward: Despite the recent rise in ransomware, just 1% believes it is the most profitable crime with the lowest risk of getting caught. That distinction goes to cyber espionage (43%) followed by enterprise financial fraud/embezzlement (31%), and identity theft and online banking fraud (25%). This suggests a mentality change is required.

The case for pre-emptive hacking: When questioned whether hackers should be hired to test security systems, six out of ten respondents were open to the idea, suggesting a willingness to try every possible resource to ensure effective security. Only 43% responded with a definite “no.”

“The threat of a cyberattack is something that organisations have to deal with on a daily basis,” said Christopher Kruegel, CEO, Lastline. “This survey highlights the need to adopt best practices and equip security teams with better tools to eliminate false positives and provide crucial information to help them prioritise and address those events that present the highest potential risk.”

Related Articles

Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

2d Austin Clark
Three-quarters of government organisations not DMARC compliant

Cyber Security Three-quarters of government organisations not DMARC compliant

4d Jay Ashar
MoD invites applications for the design phase of Cyber Risk Tooling

Cyber Security MoD invites applications for the design phase of Cyber Risk Tooling

4w Jay Ashar
How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

Cyber Security How the UK’s cybersecurity skill shortage could affect the public sector’s resilience against the next WannaCry?

4w Chris Huggett
Government announces projects to boost diversity in cyber security

Cyber Security Government announces projects to boost diversity in cyber security

2m Austin Clark
Learning, development and diversity will help close the cyber skills gap in 2019

Cyber Security Learning, development and diversity will help close the cyber skills gap in 2019

2m Simon Hember
Top public sector tech trends in 2019

Change Management Top public sector tech trends in 2019

2m Gary Flood
Microsoft aims to boost public sector cloud security through new guidance

Cloud Computing Microsoft aims to boost public sector cloud security through new guidance

2m Austin Clark