Supply chain attacks: corporate security gaps

Edited by LineaEDP21 / 10/2021 According to the Acronis Digital Readiness 2021 Report, 53% of companies are vulnerable to supply chain attacks

Acronis, a global specialist in Cyber Protection, has turned the spotlight on the growing number of supply chain attacks through its Digital Readiness Report 2021, a comprehensive analysis of the current Cyber Security landscape and the main pain points that have hindered companies and workers remotely during the global pandemic. In last year's Acronis research, over 80% of global companies admitted that they lack the necessary preparation for the transition to teleworking, thus exposing some precise corporate vulnerabilities that need to be promptly remedied. Based on this year's survey, administered to 3,600 IT managers and teleworkers at small and medium-sized businesses in 18 countries, the report says 53% of companies globally have a false perception of security with respect to attacks on supply chains. Despite attacks on major global software vendors, such as Kaseya or SolarWinds, more than half of IT managers believe that using "known and trusted software" is sufficient protection, making organizations an easy target. Increased number and complexity of attacks Three out of ten companies report having faced at least one cyber attack a day; the figure is similar to that of the previous year but now it is only 20% of companies that report that they have not suffered any attacks, a decrease compared to 32% in 2020 which highlights the increase in the number of attacks. • The most common types of attacks have reached record levels this year, including phishing, whose frequency continues to grow, placing this type of attack in first place, with 58%. In 2021 there was also a clear increase in malware attacks, detected by 36.5% of companies, with an increase compared to 22.2% in the previous year. • This was definitely the year of phishing: the demand for URL filtering solutions increased tenfold compared to the previous year and now 20% of global companies recognize the dangers of this threat. • Despite growing awareness of multifactor authentication, nearly half of IT managers (47%) have not yet adopted these solutions, leaving their organization vulnerable to phishing attacks. These results show that managers do not recognize the value of this functionality or consider its implementation overly complex. In response, organizations around the world have braced themselves to react to escalating threats, even though for every action they take, cybercriminals have already put in place three. • Demand for antivirus solutions grew by 30%, from 43% last year to 73.3% in 2021. However, it should be noted that companies are learning the hard way that standalone antivirus solutions don't work against the latest threats. : in fact, the demand for antivirus solutions that also integrate backup and disaster recovery has more than doubled, with an increase from 19% in 2020 to 47.9% in the current year. • The demand for vulnerability assessment and patch management features is also increasing, from 26% in 2020 to 45% this year. In part, the increase can be attributed to the higher volumes of vulnerabilities found during the year in critical and in-core software deployments of Microsoft Exchange servers, Chrome browsers or Apache web servers. • Unsurprisingly, the demand for safer tools for remote management and monitoring has tripled, rising to 35.7% versus 10% in 2020. With remote working now recognized as a long-term modality, it is today more important than ever that IT managers can control and manage a wide range of remote devices. In last year's Acronis Digital Readiness Report, there was an increase in the adoption of new services, especially SaaS and cloud computing. This year, companies continue to adopt new solutions, but this nevertheless contributes to increasing the complexity of IT environments, a potential cause of further breaches and future and unforeseen operational disruptions. As pointed out in an official note by Candid Wüest, Vice President of Cyber Protection Research at Acronis: «During this year the cybercrime sector has proved to be a well-oiled mechanism, capable of using well-proven techniques such as phishing, malware, DDoS attacks and others. Threateners are increasingly broadening their sights as organizations are held back by the growing complexity of their IT infrastructure. Just a few companies have found the time to revamp their IT stacks by adding integrated data protection and cyber security. The threats will continue to increase and automation is currently the only way to increase security and efficiency and reduce costs and risks ". Teleworkers are a great target Research from Acronis and other external studies clearly explain why organizations need a Cyber Protection solution that reduces complexity and increases security to support remote work environments, while being cost-effective and adaptable to the varying volume of the workforce. remotely. • One in four teleworkers reported lack of IT support as one of the main challenges faced during the year. Globally, the top three technological barriers indicated by remote employees turn out to be: Wi-Fi connection, use of a VPN and other security measures, lack of IT support. • One in four teleworkers does not use multi-factor authentication and therefore becomes an easy target for phishing techniques, which for 2021 is confirmed as the most common type of attack. • On average, one in five teleworkers is the victim of a serious phishing attack and receives over 20 malicious emails per month; 71% of respondents confirmed receiving phishing scams every month. Teaching to recognize these attacks by making potential victims aware of Cyber Security and offering them adequate training is essential to keep not only organizations but also personal resources safe. • We have seen how cybercriminals expand their target pool in a very aggressive way. It's not just about Windows operating system workloads anymore, as users also report a spike in attacks on Linux, MacOS, and Android and iOS devices. Virtualized environments are also increasingly targeted. Unfortunately, you don't need to be a computer expert to wreak havoc, as malware, for example, demonstrates. Some groups of cybercriminals have extended their malware-as-a-service model even further, providing step-by-step guides on how to make a profit by compromising chosen targets. Despite the growing dangers to employees, remote working is a reality that will last: you will continue to work and hire remotely and it is a fact that most IT professionals have yet to prepare for by finding solutions. due to the lack of hardware, the increase in complexity and the greater need for IT support and advanced Cyber Security solutions. It is a real existential crisis that companies have to face hours; otherwise, the potential costs can be really excessive. A platform with a profound vision of the sector Remote working is a reality that will last, as are the increasing levels of complexity of cyber attacks. Both individuals and organizations are therefore required to follow the best Cyber Protection practices available. If you want to learn more about the weaknesses of Cyber Security and the solutions available to companies, do not miss the opportunity to register for the Acronis #CyberFit Summit World Tour 2021, which will be inaugurated on October 25 in Miami, Florida.