In this, our first USA threat report, we find that cyberattack frequency is at unprecedented levels; 92% of security professionals said the volume of attacks they faced has increased. Attackers are employing a diverse range of tactics and techniques as they bid to extort, disrupt and infiltrate organizations. As a result, breaches are inevitable.
Our research found that: 97% of USA organizations have suffered a data breach as a result of a cyberattack in the past 12 months and the average organization has experienced 2.70 breaches. 49% of organizations have been breached between 3 and more than 10 times. The level of attack frequency revealed in this report shows that, however fast USA businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster.
84% of security professionals surveyed say attacks have become more sophisticated.
In addition to the general escalation in intensity, this report reveals the prime causes of successful breaches. OS vulnerability was the top cause of breaches for US organizations (27%) followed by web application attacks and ransomware but breaches via the supply chain (9%) and island hopping (5%) are starting to creep up. Clearly, the extended enterprise ecosystem is generating considerable security concerns.
Networks top the list for breach risk among respondents, with nearly half saying it’s their biggest breach risk. But close behind is workloads and apps; cited as the biggest risk for a third of organizations. This is perhaps not surprising as businesses run more and more apps in a bid for flexibility and productivity gains; ensuring their security will become of critical importance.
88% of all North American respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home. Just under a third (32%) recounted that attack volumes had gone up by between 25 and 100% with 4% of these stating that attacks had increased by between 50 and 100%.
1 respondent out of 250 stated that they did not have more of their employees working from home than usual because of COVID-19 and the mean percentage increase in attacks for North American respondents excluding this one person was 19.39.
The financial services sector mean percentage was below the overall average at 16.47 with more than three quarters of organizations (78%) witnessing the majority of increases in the less than 25% category.
Companies in the 501 – 1000 employee category experienced the highest mean percentage increase in attacks of 24.58, with 38% stating that they had witnessed increases in attacks between 25 and 49%.
Team sizes between 31-40 had the highest mean average of 23.55 and 40% said they had experienced an increase in cyberattacks of between 25 and 49%.
Nearly half of those surveyed reported very significant gaps in terms of the effectiveness of their disaster recovery planning around communication with their external parties
88% of all North American respondents stated that they had seen an increase in overall cyberattacks as a result of employees working from home.