Phishing emails impacted half of all Indian enterprises attacked by hackers, according to the latest survey by cybersecurity firm Sophos.
Cybercriminals are increasingly using multiple attack methods and payloads to maximise profits, the survey said.
While 54% of enterprises were hit by phishing emails, 39% were attacked by ransomware and 48% suffered a data breach.
The UK-based security firm said software exploits were the initial cause of 41% of the incidents and was used in 35% of cyberattacks.
“Cybercriminals are evolving their attack methods as software exploits are used at multiple stages of the attack chain,” said Sunil Sharma, managing director sales, Sophos India & SAARC.
Organisations are only patching externally facing high-risk servers while leaving vulnerability internally, and cybercriminals are taking advantage of this and other security lapses, he added.
Half of all IT managers considered software exploits, unpatched vulnerabilities and zero-day threats as top security risks while 43% consider phishing as a security risk, the report said.
The zero-day flaw means the people who built or patch software are unaware of the security issues.
Sophos said IT managers are inundated with cyberattacks from all directions and are struggling to cope due to lack of security expertise, budget and up-to-date technology. It added that one in six IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy will be enough to secure the enterprise.
The survey was conducted by third party technology research firm Vanson Bourne, which polled 3,100 IT decision-makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa.
Businesses need a security solution that will help them eliminate gaps and better identify previously unseen threats by sharing information in real-time and automatically responding to incidents, the survey said.