Sophos survey: cyber criminal activities are usually found on servers or in the network – the duration of the stay and the first point of attack are often unknown (PHOTO)

Wiesbaden (ots) – the most Important survey results:

* Most of the activities of cyber criminals from an international point of view on servers (37 percent) or in the network
(37 percent); 17 percent are found on the endpoints, and less than 10 percent on mobile devices.

* 28 percent of German companies require one to four hours until the detection of cyber attacks in the System, 37
Percent between four and twelve hours.

* The international average for companies that investigate per month one or several potential security incidents, to spend 48 days in a year with forensic tasks.

Sophos presents the results of his global survey with more than 3,100 IT decision makers from small and medium-sized companies in 12 countries, including the USA, Germany, France and the United Kingdom. The evaluations of the international responses show that companies are discovering the biggest attacks by cyber criminals mainly on servers (37 percent) and in networks (37 percent). At the Endpoints, only 17 percent and on mobile devices, only 10 percent are detected. The results of the survey in German companies are largely similar. France confirmed for Endpoints 22 percent, India with almost 19 percent of top international riders on mobile devices.

„IT managers should protect business-critical servers and networks, and attackers deter at all in the access to an IT System,“ says Michael Veit, IT Security expert at Sophos. „In addition to the protection of the Server and networks the focus must be on the Endpoint, since most cyber-attacks begin there. A higher than expected number of IT managers I can say, as the attacks get into the System and how long you are already in the IT infrastructure.“

High risk due to a lack of transparency in the IT Security

20 percent of all international respondents, IT managers, were exposed in the past year, of one or more cyber attacks, can not determine exactly how the attackers are getting into the environment. In Germany, 21 per cent of the respondents confirmed this in Brazil with 26 percent. 17 percent don’t know, according to the survey, how long the danger was already in the company before it was detected. 16 percent in Germany were of the same opinion. In order to mitigate the lack of transparency, need IT-Manager + EDR (Endpoint Detection and Response). Thus, the starting points of the attacks and the digital footprints of the attacker can be detected by a network.

„If the IT Manager does not know the origin or the movement of an attack in the System, can neither reduce the risk nor the attack break the chain, in order to prevent further Infiltration,“ says Michael Veit. „EDR helps identify risks and is an integral part of the much-needed Threat Intelligence in the enterprise.“

High forensic time and reduce effort with EDR

According to the survey, companies that investigate on a monthly basis one or several potential security incidents spend an average of 48 days in a year (or four days in a month) with the investigation. It is not surprising that the German IT Manager, the identification of suspicious events (37 percent), alarm management (13 percent), and the prioritization of suspicious events (14 percent) as the three main features of EDR-scale solutions, in order to shorten the time for identification and response to security alerts.

„Most of the simpler cyber attacks can be stopped within seconds of the Endpoints, without a major Alarm. Persistent attacker, the spread, for example, targeted Ransomware such as SamSam, take the time necessary to infiltrate a System. You have to guess poorly chosen passwords on systems that are accessible from the outside (RDP, VNC, VPN, etc.). You have a foothold, they move as inconspicuously as possible through the network until the damage is done,“ said Veit. „As soon as cyber criminals know that certain types of attacks work, replicate these are typically in the entire System. If IT managers operate, however, with EDR, an intense defense, you can investigate an incident faster and more infections in the whole System. Targeted to Detect and Block attack patterns, reducing the time needed, the IT Manager with the investigation of potential incidents.“

57 percent of all respondents (60 per cent in Germany) stated that they are planning the introduction of an EDR solution. EDR also helps to close the skills gap. 80 percent of the international respondents to the IT Manager your choice, according to the survey, a stronger Team, with the German companies, the number jumps to 81 percentage points.

Survey results in Detail

Further information is available in the document „the Seven Inconvenient truths of the Endpoint Security“ under https://www.sophos.com/de-de/truths.aspx

The „Seven Inconvenient truths of the Endpoint Security“survey was conducted by Vanson Bourne, an independent specialist in market research, from December 2018 to January 2019. The survey was carried out at 3100 for IT decision makers in 12 countries and on six continents-in the USA, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India, and South Africa. All respondents are from companies with 100 to 5,000 employees.

Sophos

More than 100 million users in 150 countries rely on Sophos‘ Complete Security solutions as the best protection against complex threats and data loss. Sophos offers award winning encryption, Endpoint Security, Web, Email, Mobile and Network Security solutions that is easy to manage, install, and use. The offer is supported by a worldwide network of own analysis centres, SophosLabs,. Sophos is headquartered in Boston, USA and Oxford, UK. In Germany, the company has its headquarters in Wiesbaden, Germany and is represented in Austria and Switzerland, depending on a location. For more information www.sophos.de.

Sophos
Joerg Schindler, public relations Manager CEEMEA
joerg.schindler@sophos.com
+49-721-25516-263

TC Communications
Arno Lücht, +49-8081-954619
Thilo Christian +49-8081-954617
Ulrike Masztalerz, +49-30-55248198
Ariane Wendt +49-172-4536839
sophos@tc-communications.de