Last year the world came to a halt. As the COVID pandemic spread, everyone had to adapt to a radically different routine full of challenges that very few were prepared for and virtually no one could have predicted.
In September 2020, Acronis assessed how these changes were impacting IT professionals and the workforce they support with our first Cyber Readiness report. This report surveyed IT managers and remote workers six months after a nearly universal shift to remote work environments and revealed that, even half a year after making the transition, organizations were still struggling to protect their data and infrastructure from the challenges of the new landscape of work – and the rise in cybercrime that came along with it.
A year later, Acronis has released the Acronis Cyber Readiness Report 2021, analyzing how business organizations and the IT industry have adapted since our first survey was completed.
The results show that many are still working to find their footing in a world that shows no sign of a full return to office-only environments – and while demand for modern cybersecurity and cyber protection solutions continues to grow, misplaced trust, misaligned priorities, and an ever-evolving cyberthreat landscape are threatening the safety and security of business-critical data around the world.
53% of global companies are left exposed to supply chain attacks
Despite recent, high-profile attacks on trusted software vendors like Kaseya and SolarWinds, 53% of the IT leaders reported that they were protected from supply chain attacks because they only use “known, trusted software.” This speaks to a lack of awareness or a false sense of security shared by IT professionals that marks them as easy targets for cybercriminals who are increasingly targeting MSPs and MSP software providers to gain access to entire portfolios of business clients with a single attack.
This false sense of security poses a serious threat to modern businesses, as the cost of a data breach skyrockets and cybercrime continues to rise.
Cyberattacks are growing in volume and sophistication
Three in 10 companies surveyed this year report facing a cyberattack at least once a day – similar to last year; but this year, only 20% of companies reported no attacks at all – a drop from 32% in 2020, meaning that the attacks are increasing in volume.
- The most common attack types – including phishing and malware attacks added onto already reached record-high levels from last year. 58% of respondents reported experiences with phishing attempts this year. Malware attacks were detected by 36.5% of companies– an increase from 22.2% in 2020.
- Answering the explosion in phishing attempts, the demand for URL filtering solutions has grown 10 times since 2020 – still, that only means 20% of global companies now recognize the danger phishing presents to their business.
- Similarly, despite growing awareness of multi-factor authentication (MFA), nearly half of IT managers (47%) are not using MFA solutions – leaving their businesses exposed to phishing attacks. According to these findings, they either see no value in it or consider it too complex to be implemented.
“The cybercrime industry proved to be a well-oiled machine this year – relying on proven attack techniques, like phishing, malware, DDoS and others. Threat actors are increasingly expanding their targets, while organizations are held back by the growing complexity of IT infrastructure,” says Candid Wüest, Acronis VP of Cyber Protection Research. “Only a small number of companies have taken the time to modernize their IT stack with integrated data protection and cybersecurity. The threat landscape will continue to grow and automation is the only path to greater security, lower costs, improved efficiency and reduced risks.”
Remote work (and remote work threats) are here to stay
While protection for modern, diverse, and often remote IT environments continues to be a challenge for IT managers, there’s no doubting that remote and hybrid work will remain a part of the business world moving forward. With that reality understood, it’s essential for remote workers and the IT leaders that are meant to support and defend them to modernize how they approach the protection of data, applications, and systems.
Read the full announcement and download the report here.