Threatlist: 68% of Overwhelmed IT Managers Can’t Keep Up with Cyberattacks

Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place.

IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm.

That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers across 12 countries (at organizations with 100 to 5,000 employees), two out of three of them said their organizations (68 percent) suffered a cyberattack in 2018, despite efforts to prevent them. This, despite the fact that a full 26 percent of IT’S time, on average, is spent on cybersecurity issues.

Nine out of 10 (91 percent) of respondents said they were running up-to-date cybersecurity protections at the time of a successful attack, according to the Sophos, who published the report.

“This reveals that, despite good intentions and behaviors, threats are getting through,” according to the report, released Friday. “This may be through weaknesses in the cybersecurity, or because there are security holes that haven’t been plugged or gaps in their protection – while an organization might have been running up-to-date endpoint protection, this doesn’t mean all other devices were secure.”

The survey also showed that attacks are coming via multiple channels, including email (accounting for 33 percent) and web (30 percent), software vulnerabilities (23 percent), unauthorized USB sticks or other external devices (14 percent), and more. However, worryingly, a fifth (20 percent) of IT managers said they didn’t know how their networks were compromised.

In terms of the attacks that succeeded, over half of them (53 percent) were phishing attacks; a third (35 percent) resulted in malware infections; another 35 percent pointed to software exploits; and 30 percent said they were hit with ransomware.

IT managers consider their greatest risk to be phishing mails (50 percent flagged this as the number-one threat), followed by software exploits (45 percent). Third on the list is people, including internal staff, contractors and visitors.

“We humans are ranked a top-three security concern by 44 percent of respondents, and clearly present IT teams with quite a different type of cybersecurity challenge,” the report noted.

Wi-Fi security also weighs heavily on the minds of IT managers, with more than a third (36%) ranking it as a top-three concern, followed by unknown devices (31 percent).

IT managers surveyed also mentioned a shortage of key skills on staff, which makes it that much harder to keep up with the volume of incidents and the scope of risks. Most respondents (86 percent) said that they needed more skills to combat threats, but 80 percent also said that they struggled to recruit the right people. Two-thirds of respondents said that their budgets for people and technology were too low.

Unsurprisingly, the inability to fend off attacks has led to significant concerns on the part of IT managers: Data loss was the number one concern for 31 percent of respondents, followed by cost and damage to the business (21 percent).

Interested in reading more about cyberattacks? Read more here:

  1. Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets
  2. Thousands of WordPress sites backdoored with malicious code

  3. Do Employees Really Fall Victim to Phishing Attacks?


Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.