According to the cybersecurity company Cymulate, companies that have had cyberattacks hit in the past are more likely to be attacked again. While there is a common misconception that hackers do not strike the same place twice, the report suggests otherwise. As per the report, of all the companies that were targeted with cyberattacks, many reported being targeted more than once; 67% reported being hit more than once, and 10% reported experiencing ten or more attacks following the initial attack.
Types of Cyberattacks Experienced
The two top forms of cyberattacks that companies experienced were malware attacks (55%), ransomware (40%), and Distributed Denial-of-service (DDoS) (32%). Malware can be a component of many other types of cyberattacks, including ransomware, botnets, application attacks, crypto-jacking, and insider threats.
Phishing is still the most common way attackers prefer to make it through the front door. According to the report, phishing accounted for 56% of the attacks, while in the remaining 37% of cases, attacks were traced back to connected third parties. These findings are alarming, with most organizations deeply interconnected with vendors, partners, customers, shared applications, and suppliers. If attackers cannot] exploit your employees they will target your supply chain and partners
Also Read: Why Banking and Financial Institutions Should Prioritize Cybersecurity
No matter what type of cyberattack companies fell victim to, the Cymulate research found that in about two-thirds of cases, the companies were more likely to fall victim in the same year. Often it would be the same attackers; however, in some cases, it would be a different hacker altogether. Either way, other groups can exploit the same vulnerabilities from the initial cybersecurity weaknesses if they remain unpatched.
The Cymulate report also highlighted how companies' team members handled breaches. 91% of the team involved two or more people from different groups, while only 9% of companies let only security staff operate cybersecurity breaches. Regarding business actions, 61% of the companies sought help from the in-house team after the breach they experienced. At the same time, the others took other top business actions, including hiring security consultants, publicly disclosing the breach and hiring PR consultants.
Another finding highlighted in the report- is the frequency of meetings and discussions between leadership and cybersecurity teams. The report suggests that the more they meet, the lower the chance of cyberattacks. According to the report, those who met almost 15 times yearly to discuss cybersecurity suffered no breaches. In contrast, those who just met nine times or fewer a year sustained six or more violations. This lack of understanding between the leadership and IT teams often results from a lack of communication.
Top Practices for Cyberattack Prevention and Mitigation
As per the report's findings, the top three practices for cyberattack prevention and mitigation are MFA adoption, corporate phishing awareness campaigns, and well-planned and practiced incident report plans, among others.
Some standard cybersecurity protections that we at Excellimatrix recommend are applying regular software and patches, enabling multi-factor authentication (MFA), and regular cybersecurity awareness training for employees, to name a few.
For more information, visit https://blog.excellimatrix.com/ or follow us on Facebook & LinkedIn or Contact us at 406-646-2102 and get your questions answered.