Anomali Cybersecurity Insights Report Reveals How Cybersecurity Challenges, Threat Landscapes, Strategies, and Resiliency Have Changed Since Pandemic Started
REDWOOD CITY, Calif. — Jan. 20, 2022 — Anomali, a leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions, today published its Anomali Cybersecurity Insights Report 2022. The report provides visibility into the current threat landscape, reveals the top challenges to establishing a resilient cybersecurity posture, and provides details on how enterprises are adjusting their cybersecurity strategies. The Anomali Threat Research team analyzed the findings from the commissioned Harris Poll of 800 cybersecurity decision makers to provide insights on how to overcome obstacles and improve detection and response capabilities to stop not only breaches, but also attackers.
Cybersecurity decision makers surveyed came from global enterprises based in all regions with 5,000 employees or more. Because COVID-19 has had a profound influence on cybersecurity, we asked them questions about their organizations ranging back to 2019, helping us to better understand the state of resilience before the pandemic and how it has impacted their organizations.
Top findings revealing the current threat landscape included:
- 87 percent of enterprise security decision makers were the victims of successful cyberattacks perpetrated against them that resulted in damage, disruption, or a breach to their business in the past 3 years. Since the pandemic started, 83 percent have experienced more attempted cyberattacks, 87 percent report an increase in phishing emails, with many leveraging COVID-19 related themes.
- 52 percent of enterprise security decision makers have been impacted by ransomware attacks in the past 3 years. 39 percent of those impacted paid a ransom. Of these, 58 percent paid $100,000 to just under a million, 7 percent spent a million dollars or more.
- Overall losses, due to cyberattacks, phishing email campaigns, and data breaches jumped significantly between 2019 and 2020. In 2019, 15 percent of organizations reported losses of $500,000 or more, in 2020 this almost doubled to 28 percent (2021 losses not available during the survey period).
Key reasons revealing why achieving cyber resilience is difficult included:
- Only 49 percent of enterprise security decision makers strongly agree that their cybersecurity teams can quickly prioritize threats based on trends, severity, and potential impact on their organization.
- On average, enterprise security decision makers are taking several days to detect known cyberattacks coming from adversaries that include cybercriminal organizations (3.6 days), individual hackers (3.5 days), APTs (3.3 days), and nation states (2.9 days). After the Solar Winds breach was known, on average it took organizations 2.9 days to respond and 3.1 to recover.
- Only 46 percent of enterprise security decision makers strongly agree that their cyber-protection technologies can evolve to detect new globally identified threats. 32 percent strongly agree their team struggles to keep up with the rapidly changing cybersecurity threat landscape.
Top findings on how enterprises are adapting strategies included:
- To address detection gaps legacy technologies leave open, security decision makers are turning to new tech, and currently using innovations such as threat intelligence (59%), extended detection and response (XDR) technologies (48%), and the MITRE ATT&CK Framework (43%).
- 78 percent of security decision makers have re-evaluated cybersecurity strategies since the start of the pandemic, 74 percent say their budgets for cybersecurity have increased over the past year.They report, on average, that 38 percent of their overall budget is now devoted to cybersecurity.
- When evaluating new cybersecurity technologies, security decision makers say the top attribute they consider essential is whether it has a high level of support available to users (48%). Ease of use was ranked second at 46 percent, and the ability to integrate with other cybersecurity systems and functions across other parts of the organization was rated third at 44 percent. The least important considerations were ROI (33%) and cost (26%).
To help organizations achieve a higher level of resiliency across their organizations, Anomali Threat Research provided in-depth analysis and advice, their top takeaways included:
- Big Data - Cybersecurity professionals are now using big data analytics to identify threats before they happen. By integrating tools that leverage vast amounts of big data, including indicators of compromise (IOCs), observed behaviors, adversary knowledge, and threat models organizations can know immediately if threats are attacking or present in their networks.
- Threat Intelligence Sharing - Only 52 percent of enterprise security decision makers believe their organizations are very effective when it comes to sharing threat intelligence across internal resources. Organizations need to adopt solutions that can automate and operationalize threat intelligence across the entirety of their security infrastructure, so that people, processes, and security controls can benefit from all available data for smarter decision making and immediate response.
- Adversary Motives - Nearly half of enterprise security decision makers admit they don’t understand adversaries’ motives very well. The persistent noise from threat actors of lower to mid-level sophistication can make indicators of compromise (IOCs) seem like a drop in the ocean. While all this is occurring, more sophisticated groups can hide in the noise while creating custom tools and malware, or abusing legitimate software, to conduct targeted attacks. Therefore, it is crucial to understand threat actors’ motives to know how they work and which adversaries may target your organization.
“We’ve known that cyberattacks have been increasing over the course of the pandemic, but we didn’t know to what degree global enterprises as a whole were being impacted. This new research reveals that adversaries have not only stepped up the number of attacks they have started launching since COVID-19 first struck the world, but have also greatly improved their success rates,” said Hugh Njemanze, President, Anomali. “We were encouraged to learn that many organizations are devoting more resources to cybersecurity and adopting new technologies to become more resilient. We were also deeply concerned over how difficult it is for them to detect and respond to attackers before and after they’ve made their way into networks. This report will not only help the community to focus their investments in the right areas, but also help our research and product teams to deliver more efficient and effective solutions to the market.”
Click for full access to the Anomali Cybersecurity Insights Report 2022: The State of Enterprise Cyber Resiliency
Detect LIVE Conference: https://www.anomali.com/detect-live
The Cyber Resiliency Survey was conducted online by The Harris Poll on behalf of Anomali, between September 9 – October 13, 2021 among 800 total adults ages 18+ in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil who are employed full-time, work in manufacturing, telecommunications, financial services, healthcare, pharmaceuticals, and professional, scientific & technical services, are in an IT role and give either a technology perspective (i.e., manager level or higher and have influence on data security solutions) or a business perspective (i.e., director level or higher and have influence over data security strategy). Raw data were weighted where necessary by number of businesses within employee size class to bring them in line with their actual proportions in the population of businesses with 5000+ employees in the select industries of Manufacturing, Telecommunications, Financial Services, Healthcare, Pharmaceuticals, and Professional, Scientific & Technical Services, for each country separately. The countries were then combined using a post weight to proportion them equally in the Total.
Anomali is the leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions. Anchored by big data management and refined by artificial intelligence, the Anomali XDR platform delivers proprietary capabilities that correlate the largest repository of global intelligence with telemetry from customer-deployed security solutions, empowering security operations teams to detect threats with precision, optimize response, achieve resiliency, and stop attackers and breaches. Our SaaS-based solutions easily integrate into existing security tech stacks through native-cloud, multi-cloud, on-premises, and hybrid deployments. Founded in 2013, Anomali serves public and private sector organizations, ISACs, MSSPs, and Global 1000 customers around the world in every major industry. Leading venture firms including General Catalyst, Google Ventures, and IVP back Anomali. Learn more at www.anomali.com.
Learn more about MITRE ATT&CK.
Learn more about threat intelligence sharing.