[ad_1]
According to a cybersecurity survey of IT decision makers and security experts, more than six in 10 businesses have lost faith in Microsoft and other traditional IT vendors in protecting their data from the growing attacks on the software supply chain.
The 2021 Global Security Attitude Survey of 2,200 professionals overseeing IT was commissioned by cybersecurity firm CrowdStrike and conducted by third-party research firm Vanson Bourne from September to November. It found that in a dozen industries, from retail to healthcare, “organizations are losing trust in legacy IT vendors as supply chain attacks pose a greater threat to businesses.”
Michael Sentonas, CrowdStrike’s chief technology officer, told The Washington Times in an email that survey respondents “are grappling with the inherent vulnerabilities that legacy software and technology has placed in their networks and systems.”
“In fact, 63% of respondents admitted that their organizations have lost trust in legacy vendors like Microsoft due to frequent security incidents against these previously trusted technology vendors,” Mr. Sentonas said on Tuesday.
Cyberattacks during Microsoft software updates, replying to all emails on Microsoft email servers, and email attachments containing hidden ransomware have increasingly held US businesses hostage in elaborate data extortion plans.
More than two-thirds of U.S. organizations reported facing a ransomware attack in the past 12 months, with the average ransomware payout rising from $999,000 in 2020 to $1.55 million this year.
“Organizations will have to consider modern, cloud-based technologies designed to increase their cyber resilience and reduce attacks on the software supply chain,” said Mr. Sentonas, to help secure moving data from software-based systems to cloud-based storage.
Contacted for comment, a Microsoft spokesperson emailed the Times, noting that the company blocked more than 70 billion attacks to its nearly 650,000 customers last year.
“This week, we announced the outcome of an ongoing effort to proactively eliminate the nation-state attack infrastructure, protecting both our customers and the broader industry. We believe this is more valuable to our clients than self-serving market research attacking fellow advocates,” the spokesperson wrote.
On Tuesday, Microsoft Corporate Vice President Tom Burt said the US District Court for the Eastern District of Virginia had authorized the company to disrupt the hacking group known as “Nickel” in 24 cases against 10,000 malicious websites.
In the CrowdStrike survey, 81% of respondents said they “believe software supply chain attacks have the potential to become one of the biggest cyber threats to organizations like theirs in the next three years.”
The survey also showed that US organizations worsened in perception compared to the rest of the world.
The global average for IT professionals to detect a cybersecurity breach is 117 hours in 2020, compared to 146 hours in 2021, while the US average is currently 165 hours.
This means that in 2020, where the US takes an average of 97 hours to detect a security incident, the US has gone from being below the global average to above the average.
The 2021 US average is currently the second highest globally, following India’s 358 hour average.
The UK and the Middle East currently have the fastest average detection rates – 66 hours and 63 hours respectively, CrowdStrike reported in the survey.
Vanson Bourne conducted interviews with senior IT decision makers and IT security experts in September, October and November.
Respondents were limited to organizations with 100 or more employees in the private and public sectors. Interviews are split evenly between senior IT decision makers and IT security professionals, and between organizations with 100-1,999 employees and 2,000 employees or more.
Industries represented in the survey were aerospace, automotive and engineering; biotechnology and pharmaceuticals; energy, utilities, oil and gas; financial services and insurance; health care; hospitality, entertainment, food, beverage and media; IT, technology and telecom; production; retail; Transport; public sector; and other commercial sectors.
[ad_2]
Source link