One Single Vulnerability is All an Attacker Needs.

Cyber criminals are taking advantage of companies that don’t update their cybersecurity strategies.

Most companies that get hit by a cyberattack are likely to fall victim again – sometimes repeatedly – as many struggle to improve their cybersecurity strategy, even after incidents. 

Got hit by a cyberattack? Hackers will probably come after you again - within a year.

According to research by cybersecurity company Cymulate, 39% of companies were hit by cybercrime over the past 12 months – and of those, two-thirds were hit more than once. Of those hit more than once, one in 10 fell victim to further cyberattacks 10 or more times. 

“It wasn’t one and done – in fact, if you were hit, you had much more chance of being hit a second time or multiple times,” Dave Klein, director of cyber evangelism at Cymulate told ZDNet. 

“It’s not like you get hit once and people learned lessons – it really was a situation that your likelihood of being hit again was larger,” he added. 

The most common form of cybercrime that the companies surveyed said they fell victim to was malware attacks (55%) followed by ransomware attacks (40%). Other common incidents included distributed denial-of-service attacks (DDoS) attacks, and crypto-jacking attacks. 

For victims of cybercrime, the most common source of attacks is phishing emails targeting end users (56%) that trick them into clicking malicious links that install malware or direct them to fake login pages that steal usernames and passwords.

The second most common attack method is exploiting vulnerabilities in digital supply chains and third-party software connected to the network. In this case, a vulnerable supplier could be what allows hackers into the network.

No matter what type of cyberattack companies fell victim to, the research found that in two-thirds of cases, they found themselves falling victim again within a year.

Sometimes this was the same attacker, sometimes it was a different cyber-criminal entity altogether – but either way, more attacks were able to disrupt the network because the original cybersecurity weaknesses remained unfixed.

Security teams need the budget for work like this, but in many cases, boardrooms aren’t willing to provide one – until it’s too late. And the result is that not only are they paying an IT security budget, but they’re also paying to fix the damage done by a cyberattack.


Leave a Reply

Your email address will not be published. Required fields are marked *