Acronis, the global leader in cyber protection, has released its annual Cyber Readiness Report, providing a comprehensive overview of the modern cybersecurity landscape and the key pain points faced by businesses and remote employees worldwide amid the global pandemic. Acronis’ research from last year revealed more than 80% of global companies admitted they were not prepared to transition to remote work – exposing key vulnerabilities businesses must quickly plan and implement solutions for.
Based on findings from this year’s independent survey of 3,600 IT managers and remote employees at small and medium-sized companies in 18 countries across the globe, the report states that 53% of global companies have a false sense of security when it comes to supply chain attacks. Despite the globally recognized attacks on trusted software vendors, like Kaseya or SolarWinds, over half of IT leaders believe that using “known, trusted software” is sufficient protection – making them an easy target.
Attacks growing in volume and sophistication
Three out of 10 companies report facing a cyberattack at least once a day – similar to last year; but this year, only 20% of companies reported not getting attacked – a drop from 32% in 2020, meaning that the attacks are increasing in volume.
- The most common attack types reached record-high levels this year including phishing attacks – that continue to grow in frequency, and are now the top attack type at 58%. Malware attacks are also increasing in 2021: making up to 36.5% of all attacks this year – an increase from 22.2% in 2020.
- However, this year was the year of phishing: the demand for URL filtering solutions has grown 10 times since 2020 – with 20% of global companies now recognizing the danger phishing presents to their business.
- Despite growing awareness of multi-factor authentication (MFA), nearly half of IT managers (47%) are not using MFA solutions – leaving their businesses exposed to phishing attacks. According to these findings, they either see no value in it or consider it too complex to be implemented.
In response, organizations worldwide have begun to prepare for the growing threats – but for every step companies are taking, cybercriminals have already taken three.
- The demand for antivirus solutions has grown by 30% – from 43% last year to 73.3% in 2021. However, companies are just discovering that standalone antivirus solutions no longer work against modern threats: we saw the demand for an integrated backup/disaster recovery with antivirus solutions more than double – from 19% in 2020 to 47.9% this year.
- Demand for vulnerability assessments and patch management grew significantly: from 26% in 2020 to 45% this year. This can be attributed, in part, to the increased volume of vulnerabilities exposed this year in critical and in-core software deployments such as Microsoft Exchange server, Chrome browsers or Apache web servers.
- Not surprisingly, the demand for better and more secure remote monitoring and management tools grew over three times – 35.7% this year, up from 10% in 2020. With remote work now being recognized as a long-term default format of work, it’s more important than ever for IT managers to be able to monitor and manage a wide range of remote devices.
In last year’s Acronis Cyber Readiness Report, we saw an increase in adoption of new services – especially SaaS and Cloud Computing services – and this year companies continue to adopt new solutions. However, this has increased the overall complexity of IT environments, which most likely will cause additional breaches and unplanned downtime in the future.
“The cybercrime industry proved to be a well-oiled machine this year – relying on proven attack techniques, like phishing, malware, DDoS and others. Threat actors are increasingly expanding their targets, while organizations are held back by the growing complexity of IT infrastructure,” says Candid Wuest, Acronis VP of Cyber Protection Research. “Only a small number of companies have taken the time to modernize their IT stack with integrated data protection and cybersecurity. The threat landscape will continue to grow and automation is the only path to greater security, lower costs and improved efficiency and reduced risks”.
Remote employees make the most attractive targets
These Acronis findings and external research clearly illustrate why organizations need a cyber protection solution that reduces complexity and improves security to support remote work environments, and that this solution must be cost-effective in order to address the increased scale of the remote force.
- One in four remote employees reported struggling with the lack of IT support as one of the key challenges they faced this year. The top-three tech challenges identified by remote employees globally: Wi-Fi connectivity, using a VPN and other security measures, lack of IT support.
- One in four remote employees are not using multi-factor authentication – making them easy phishing targets, with phishing being the most common attack type in 2021.
- On average, one in five remote employees gets heavily targeted by phishing attacks, receiving well over 20 phishing emails per month – with 71% of respondents confirming being targeted by it each month. Learning to identify such attacks through cybersecurity awareness training is crucial in keeping organizations protected, and personal assets as well.
- We have seen attackers aggressively expanding their target pool – it is no longer just Microsoft Windows OS based workloads – where users reported a spike in attacks against Linux, MacOS, Android and iOS devices as well. Attackers are also going after virtualized environments more often.
Unfortunately, cybercriminals don’t need to be tech-savvy to create chaos anymore – take malware for example. Cybercriminal gangs have further expanded their malware-as-a-service model that provides step-by-step guides on how to make a profit out of compromising targets.
Yet, despite the growing dangers for employees, remote work is here to stay; people will continue to work and hire remotely, and that’s the reality most IT teams still need to get ready for: finding a solution to hardware shortages, increased complexity and an increased need for IT support and modern cybersecurity solutions. This is an existential crisis companies must prepare for now – the potential costs for not doing so are just too great.