The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
A ServiceNow-Ponemon study reveals that cyber security spending increase an average of 24%, while there is a 17% rise in attacks
Cyber security spending increase an average of 24%, while there is a 17% rise in attacks. It has been found by ServiceNow and Ponemon “Costs and Consequences of Gaps in Vulnerability Response” study. A survey conducted on nearly 3,000 security professionals in nine countries. According to the document, major data breaches continue to dominate the news, and almost 48% of organizations report that they have suffered at least one in the past two years. As the severity and volume of cyber attacks increase, the race to outpace attackers continues. Cyber security teams are not equipped enough to keep up, and need to leverage the right tools to detect and patch in a timely manner. On average, organizations are now having to spend 34% more of their budget per week on patching alone compared to 2018. Furthermore, annual spending on vulnerability management activities raised to $1.4 million.
Main issue for organizations are the vulnerabilities. Disorganization or unresponsive departments were the main cause behind the lag in patch time, which ballooned to 12 days and even 16 days for certain critical flaws
According to the cyber security survey, 60% of breach victims said they were breached due to an unpatched known vulnerability where the patch was not applied; 62% were unaware that their organizations were vulnerable prior to the data breach, and 52% of respondents say their organizations are at a disadvantage in responding to vulnerabilities because they use manual processes. Organizations in Australia, France, Germany, Japan, the Netherlands, New Zealand, Singapore, the United Kingdom and the United States are particularly struggling with timely patches. Disorganization or unresponsive departments were the main cause behind the lag in patch time, which ballooned to 12 days and even 16 days for certain critical vulnerabilities. This, because people were forced to deal with multiple departments within their organization in order to execute them.