How Well-Prepared are IT Pros for the Cyberthreats of 2022?
Crippling cyberattacks, data breaches, and data exfiltration have become a part of our everyday lives. With every new headline about the latest ransomware strike, awareness of these threats grows — and yet there remains a massive gap in how organizations approach cyber protection, in both theory and practice.
Acronis recently published the Cyber Protection Week Global Report 2022, a free and important resource to help IT channel professionals understand — and act on — key year-on-year trends. The report contains original research and insights derived from a survey of over 6,200 IT managers and IT users from 22 countries across the world.
Based on the results of this survey, we’ve identified some of the most critical shortcomings in cyber protection practices today, examined why these challenges have arisen, and offered guidance on how they can be addressed. Here are a few takeaways from the 2022 report:
“More solutions” still fails to equal “more protection”
As organizations react to rising cybercrime behavior by adding more and more security solutions to their stack, they’re facing a cold reality: piling on tools can actually do more harm than good.
Non-integrated solutions offer less-complete coverage than one might imagine, and quickly become a significant managerial burden to service providers — many of whom are already stretched thin by the dominance of remote-first work models and an ongoing IT/security talent shortage:
- Service providers must train team members on the configuration and use of multiple products and interfaces.
- Technicians who are forced to jump back and forth between consoles will inevitably miss critical security alerts.
- Disparate tools may not be fully compatible with one another, creating dangerous security gaps, and software updates can introduce new incompatibilities at any time.
Most of those organizations surveyed use between 6–15 different protection and security tools, and the number of companies equipped to detect unauthorized data access or modification continues to grow steadily each year (now at 80%). Yet 76% of respondents still suffered downtime due to data loss in the last year — an all-time high, and a 25% increase from 2021.
A clear majority (61%) of respondents indicated preference for integrated backup and security solutions, suggesting that — despite the fact that many organizations still use too many different tools — more IT and security pros are recognizing and appreciating the benefits of a cyber protection approach.
The threat of politically motivated cyberattacks looms large
A whopping 86% of IT managers report feeling “very” or “moderately” concerned about the current geopolitical climate and its impact on cyberthreats; only about 2% expressed no concern at all.
Cyberattacks targeting the public sector — like the breaching of multiple federal agencies in the U.S. and around the globe, or last year’s strike against the Colonial Pipeline — tend to dominate headlines. But the reality is that there are many more attacks against small and medium businesses. Threat actors don’t tend to discriminate by the size of their targets, while advances in automation have made it trivially easy to cast a wide net with phishing and malware campaigns.
No matter the industry, nearly every modern business collects and stores sensitive data. This could include personal information about employees and customers, user login credentials, stored credit card numbers, and trade secrets. Any cyberattacker — politically motivated or not — sees the financial and/or disruptive opportunity in these kinds of details.
Confusion remains around data privacy regulations
Despite growing geopolitical tensions and an ongoing expansion of data privacy regulations, a significant chunk of IT teams — over 10% — simply don’t know whether their organization is subject to any of these regulations.
If IT managers aren’t aware of the data privacy regulations they’re subject to, they cannot hope to meet the standards that those rules mandate. Failure to comply can lead to steep fines (under the EU’s GDPR, up to €20 million or 4% of global revenues — whichever is higher) as well as severe reputational damage. These outcomes could easily prove fatal to your organization.
Make no mistake: it’s not a matter of if you’ll be impacted by a cyberattack, but when. The threat landscape is constantly evolving, and the number of attack campaigns continues to rise. It’s critical for MSPs to ensure that they prioritize data privacy and understand data sovereignty laws applicable to their operations.
For more data driven insights into the latest cyber protection trends, read the complete Acronis Cyber Protection Week Global Report 2022 — available now for free.