A recent survey by UK-based endpoint security provider Sophos has found that 76 per cent businesses were hit by cyber attacks in 2018, while globally 68 per cent organisations admitted cyber attacks last year.
India was the country with third highest number of cyber attacks in 2018, according to the report, after Mexico and France.
For the survey, 3,100 IT decision makers were interviewed between December 2018 and January 2019. In India, the company surveyed 300 IT decision makers and found that more than 18 per cent threats discovered in India are on mobile devices, almost double than the global average.
"When we tried to discover where do the most attacks come from? Primarily, we found two areas, servers and networks. But endpoint and mobile are also not far away," Sharma added.
According to the survey report, in India, most cybercriminals are detected at the server (39 per cent) or on the network (35 per cent); 8 per cent are found on endpoints. On average, Indian organisations that investigate one or more potential security incidents each month spend 48 days a year (four days a month) investigating them, according to the survey.
"It has been found that the visibility is not there. We don't know what kind of attack. We don't know how many modes it has actually travelled. We don't know how the attack is damaging, which are the endpoints, where it has actually made damage. All that visibility is not available and it is also not helping them to take right decisions," Sharma said.
The survey also revealed that 97 per cent IT managers admitted that security expertise is one of the greatest issues in India. While 92 per cent Indian IT managers wish they had a stronger team in place to properly detect, investigate and respond to security incidents and 89 per cent IT managers surveyed believe cyber security recruitment is a challenge.
Globally, the survey found out that 14 per cent of IT managers who were victim to one or more cyber attacks last year can't pinpoint how the attackers gained entry, and 17 per cent don't know how long the threat was in the environment before it was detected. In fact, on average, organisations impacted by cyber attacks were struck at least twice.