Acronis Cyber Readiness Report 2021 reveals critical security gaps with 53% of companies left exposed to supply chain attacks

Acronis, the globally renowned company in cyber protection, has released its annual Cyber Readiness Report, providing a comprehensive overview of the modern cyber security landscape and the key pain points faced by businesses and remote employees worldwide, amid the global COVID-19 pandemic.

Acronis’ Cyber Readiness Report

Acronis’ Cyber Readiness Report revealed that more than 80% of global companies admitted they were not prepared to transition to remote work, exposing key vulnerabilities that businesses must quickly plan and implement solutions for in the near future.

Based on findings from the independent survey of 3,600 IT managers and remote employees, at small and medium-sized companies, in 18 countries across the globe, the report states that 53% of global companies have a false sense of security, when it comes to supply chain attacks. Despite the globally recognised attacks on trusted software vendors, like Kaseya or SolarWinds, over half of IT leaders believe that using ‘known, trusted software’ is sufficient protection, making them an easy target.

Attacks growing in volume and sophistication

The most common attack types reached record-high levels in 2021, including phishing attacks

Three out of 10 companies report facing a cyber-attack at least once a day, similar to 2020, but in 2021, only 20% of companies reported not getting attacked, a drop from 32% in 2020, meaning that the attacks are increasing in volume.

The most common attack types reached record-high levels in 2021, including phishing attacks, which continue to grow in frequency and are now the top attack type at 58%. Malware attacks are also increasing in 2021, detected by 36.5% of companies this year, an increase from 22.2% in 2020.

2021, the year of phishing

However, 2021 was the year of phishing, with the demand for URL filtering solutions grown 10 times since 2020, with 20% of global companies now recognising the danger phishing presents to their business.

Despite growing awareness of multi-factor authentication (MFA), nearly half of IT managers (47%) are not using MFA solutions, leaving their businesses exposed to phishing attacks. According to these findings, they either see no value in it or consider it too complex to be implemented.

High demand for anti-virus solutions

In response, organisations worldwide have begun to prepare for the growing threats, but for every step the companies are taking, cybercriminals have already taken three steps.

The demand for anti-virus solutions has grown by 30%, from 43% last year to 73.3% in 2021. However, companies are just discovering that standalone anti-virus solutions no longer work against modern threats. The demand for an integrated backup/disaster recovery with anti-virus solutions has more than doubled, from 19% in 2020 to 47.9% in 2021.

Vulnerability assessments and patch management

Demand for vulnerability assessments and patch management grew significantly, from 26% in 2020 to 45% 2021

Demand for vulnerability assessments and patch management grew significantly, from 26% in 2020 to 45% 2021. This can be attributed, in part, to the increased volume of vulnerabilities exposed in critical and in-core software deployments, such as Microsoft Exchange servers, Chrome browsers or Apache webservers, in 2021.

Not surprisingly, the demand for better and more secure remote monitoring and management tools grew over three times, 35.7% in 2021, up from 10% in 2020. With remote work now being recognised as a long-term default format of work, it’s more important than ever for IT managers to be able to monitor and manage a wide range of remote devices.

Rise in adoption of SaaS and Cloud Computing services

In 2020’s Acronis Cyber Readiness Report, an increase in adoption of new services, especially SaaS and Cloud Computing services, has been reported and in 2021, companies continue to adopt new solutions. However, this has increased the overall complexity of IT environments, which most likely will cause additional breaches and unplanned downtime in the future.

“The cybercrime industry proved to be a well-oiled machine this year, relying on proven attack techniques, like phishing, malware, DDoS and others. Threat actors are increasingly expanding their targets, while organisations are held back by the growing complexity of IT infrastructure,” said Candid Wuest, Acronis’ Vice President (VP) of Cyber Protection Research.

Candid Wuest adds, “Only a small number of companies have taken the time to modernise their IT stack, with integrated data protection and cyber security. The threat landscape will continue to grow and automation is the only path to greater security, lower costs, improved efficiency and reduced risks.”

Remote employees make the most attractive targets

These Acronis findings and external research clearly illustrate why organisations need a cyber protection solution that reduces complexity and improves security, so as to support remote work environments, and that this solution must be cost-effective, in order to address the increased scale of the remote workforce.

One in four remote employees reported struggling with the lack of IT support, as one of the key challenges they faced in 2021. The top-three tech challenges identified by remote employees globally are Wi-Fi connectivity, using a VPN and other security measures, such as lack of IT support.

Low multi-factor authentication use in remote working

One in four remote employees are not using multi-factor authentication, making them easy phishing targets

One in four remote employees are not using multi-factor authentication, making them easy phishing targets, with phishing being the most common attack type in 2021.

On average, one in five remote employees gets heavily targeted by phishing attacks, receiving well over 20 phishing emails per month, with 71% of respondents confirming being targeted by it each month. Learning to identify such attacks through cyber security awareness training is crucial, in keeping organisations protected and personal assets secure.

Cyber-attackers expand target pool

Attackers have aggressively expanded their target pool and it is no longer just Microsoft Windows OS-based workloads, where users reported a spike in attacks. Cyber-attacks against Linux, MacOS, Android and iOS devices are also on the rise. Attackers are also going after virtualised environments more often now.

Unfortunately, cybercriminals don’t need to be tech-savvy to create chaos anymore, take malware for example. Cybercriminal gangs have further expanded their malware-as-a-service model, which provides step-by-step guides on how to make a profit out of compromising targets.

Remote working is here to stay

Yet, despite the growing dangers for employees, remote work is here to stay and people will continue to work, and hire remotely, and that’s the reality that most IT teams still need to get ready for and accept.

The key point are to find a solution to hardware shortages, increased complexity, an increased need for IT support and better cyber security solutions. This is an existential crisis companies must prepare for now, the potential costs for not doing so are just too great.

Platform with deeper industry insights

Remote work is here to stay and so are increasingly sophisticated cyber-attacks. So, it’s up to both the organisation and the individual to follow the best cyber protection practices available.

For those who are keen to learn more about cyber security pain points and available solutions for businesses, don’t miss the chance to register for the Acronis #CyberFit Summit World Tour 2021, kicking off in Miami, Florida, USA, on October 25, 2021, with a hybrid format, including in-person and virtual. Register now in order to:

• Attend result-focused virtual sessions for free and hear industry experts explain strategies and deployment options for cyber protection,
• Enhance the MSP business’ cyber protection capabilities, with advice from top IT channel, cyber security and industry experts,
• Hear exclusive case studies of successful, profitable and scaling MSPs and MSSPs,
• Learn how to grow the business with cyber security-forward services, and
• Join hands-on, interactive workshops, insightful panels and breakouts, and inspirational keynotes, while enjoying numerous IT channel networking opportunities.