- AI cybersecurity platform Deep Instinct finds that the average company spends 20.9 hours responding to a cyberattack
- Majority of survey respondents express concerns about employees’ ability to avoid errors that could compromise cybersecurity
- White House is convening a national security event on ransomware this week
Summary by Dirk Langeveld
Companies that suffer a cyberattack lost more than two working days on average responding to the issue, according to a recent survey from the artificial intelligence cybersecurity platform Deep Instinct.
The second edition of Deep Instinct’s biannual SecOps Report included a survey of 1,500 senior cybersecurity professionals in 11 countries. The survey found that the average respondent spend 20.9 hours responding to a cyberattack, although financial services companies had a typical response that was four hours faster.
Cybersecurity has become a more pressing issue for businesses after several high-profile attacks earlier this year. These included a ransomware attack that disrupted a major pipeline and a Microsoft Outlook server breach that primarily affected small businesses.
The White House is convening a national security event this week to discuss how to combat ransomware, noting that it has caused major disruptions to businesses of all sizes. Worldwide, companies made $400 million in ransomware payments in 2020 and $81 million in the first quarter of 2021 alone.
The Biden administration strategy on cybersecurity includes improving network resilience, combatting financial systems that allow ransomware attacks to reap profits, working diplomatically to eliminate safe harbors abroad, and disrupting the overall ransomware ecosystem. The administration has also called for the private sector to modernize its cyber defenses to help protect critical infrastructure.
Specific federal actions have included establishing a task force to help coordinate law enforcement efforts to combat ransomware, imposing sanctions against a virtual currency exchange that has helped facilitate payments to ransomware cybercriminals, setting a $10 million reward for information leading to identification or location of anyone taking part in malicious cyberattacks on critical US infrastructure, and the launch of the StopRansomware.gov resource.
The Deep Instinct report suggests that employee errors are a significant weak point allowing cyberattacks to occur. Eighty-six percent said they don’t have confidence that employees can avoid malicious links inviting cyberattacks. Four out of five said files stored in the cloud are an unchecked vulnerability, and 68 percent said they were worried that employees might unknowingly upload malicious files.
Respondents were most concerned about a lack of threat prevention specific to malware that hasn’t been encountered before, with 44 percent citing this issue. Forty percent said they were concerned about “hidden persistence,” where cybercriminals maintain long-term access to systems, and 35 percent said they lack a staff capable of responding to cyberattacks.
Despite the concerns, respondents were still optimistic overall. Two-thirds said they think they will be able to block all threats to their company within two to five years. Sixty-two percent said they were optimistic about threat detection capabilities, and 57 percent were optimistic about threat prevention.